Phishing Message Using DocuSign Service

We want to bring an ongoing phishing scam to your attention.

This scam leverages two services that are familiar to our community. Recipients get a message that appears to come from DocuSign. The display name typically references a generic but plausible department, like Billing Department via DocuSign. Within the message, they are prompted to click a link to open the file. Then they are taken to a very convincing Microsoft 365 login page. The goal of this phish is to steal their credentials.

The ITS Security team is working to mitigate the threat, but because it is evolving and is sophisticated, we want to alert our community. They should be suspicious of messages from DocuSign that are unexpected and were not initiated by someone they know. If they receive this and other suspicious messages, they should report them by clicking the “Report” button within Outlook.
We are posting guidance on the IT Security website (security.uconn.edu) and will link to it in the next Daily Digest. We also encourage you to share this information with others in your area.

If you need additional information, please contact security@uconn.edu.

Information Technology Services

Related Links

ITS Contact Information & Directions

Technology Support Center