Identifying Legitimate DocuSign Emails from CSULB

Body

Overview

CSULB DocuSign forms are sent by a subset of active employees who have attended training and have been granted proper permission to send CSULB DocuSign forms.  With the increasing use of DocuSign as the campus's eSignature software solution, employees and students may become more vulnerable to phishing attempts that are posing as DocuSign forms requiring their signature. To see a list of known phishing emails reported on campus, please see the CSULB Phish Bowl. This article provides some clarification about what an official CSULB DocuSign notification should look like, as well as some examples of fraudulent DocuSign notifications that have been received and reported to the Division of IT.

How Does an Official CSULB DocuSign Email Notification Look?

Here are a few hints about CSULB DocuSign email notifications:

  1. You should see this CSULB logo on all DocuSign forms on the top-left. (see screenshot below).
  2. The From address should be "DocuSign NA3 System" or "<dse_NA3@docusign.net>"
  3. A branded color scheme is used (black and gold).
  4. If you hover over the button to view document, the web address will include “https://na3.docusign.net” (see screenshot). Screenshot of the standard email heading, logo, and web URL of https://na3.docusign.net

What is the Safest Method to Ensure You Have Received a CSULB DocuSign eSignature Request?

The safest way to know if you have received an actual CSULB DocuSign form to sign, is to log into SSO and click the DocuSign chiclet to sign in.  Once you’re logged into DocuSign, you can see if you have a form waiting for you to sign. 

When in doubt, it's a good idea to send the received email to alert@csulb.edu so we can help validate the authenticity of it.

Examples of Phishing Attempts Posing as DocuSign

Example 1

This is a very good example of a fraudulent DocuSign attempt that does a good job of appearing to be affiliated with CSULB.  In this case, the sender is from an employee whose email account had been compromised, so the phisher was sending fake Docusign emails to other campus employees.  Hovering over the link, shows that the url is not from CSULB.

screenshot of a fraudulent DocuSign email from a compromised CSULB employee email account

Example 2

This is an example of a more poorly devised phishing attempt that only mentions that a DocuSign document is waiting for the recipient and to click on the link to proceed.

screenshot of a fraudulent DocuSign email from a personal Yahoo account providing a link to page that presumably appears to pose as OneDrive

 

Details

Details

Article ID: 66262
Created
Tue 10/30/18 1:34 PM
Modified
Thu 2/3/22 6:04 PM

Attachments

;