Why a "DocuSign" Request Might Empty Your Account

You’ve seen the email. It looks professional. The subject line reads “Please Sign: Invoice #38492 – Action Required.” It has the blue DocuSign logo, your name, and a large “Review Document” button. The sender name is something like “Accounts Payable” or “John from HR.” You click, thinking it’s a routine document to approve. Within minutes, scammers have your login credentials, access to your bank account, and they’re draining your savings.

This is not a hypothetical. In 2024, phishing attacks using fake DocuSign requests became one of the most effective ways cybercriminals target middle-class Americans aged 45 to 64. Why that age group? Because you pay bills, sign contracts, and handle business documents online. You trust official-looking emails from companies you recognize. And scammers know it.

Let’s be clear: DocuSign itself is a legitimate, widely used electronic signature platform. Thousands of businesses use it for contracts, tax forms, loan documents, and employment agreements. That’s exactly why criminals impersonate it. They piggyback on a trusted brand to trick you into handing over your personal information, financial account numbers, or remote access to your computer.

The scam works in a few variations. In the most common version, you receive an email that appears to come from DocuSign or from someone you do business with, such as your bank, insurance company, or even your employer. The email says a document requires your signature. It includes a link or a button labeled “Review Document” or “Sign Now.” If you click, you are taken to a fake login page that looks exactly like the real DocuSign site. You enter your email and password. The scammer now has your credentials. They immediately try those same credentials on your bank, PayPal, or other financial accounts. People often reuse passwords, so once criminals have one login, they can unlock several.

Another variant is more sinister. The fake DocuSign email tells you to download a document. When you click, it does not open a PDF. Instead, it installs remote access software on your computer, such as AnyDesk or TeamViewer. A scammer, often pretending to be tech support from your bank or DocuSign, calls you and says there is a problem with your signature. They ask you to let them “help” by remotely controlling your computer. Once inside, they can see your bank logins, transfer money, and empty your accounts while you watch, powerless.

The criminals count on three things. First, they rely on urgency. The email might say “Action required within 24 hours” or “Final notice before account suspension.” Second, they rely on familiarity. You have signed documents before. An email asking you to sign something feels normal. Third, they rely on trust in a well-known brand. The DocuSign logo and formatting create a false sense of security.

So how do you spot a fake DocuSign request before it empties your account? The first red flag is the sender’s email address. A real DocuSign email comes from a domain that ends in docusign.com, docusign.net, or a specific company domain you already know. A scam email uses addresses like docusign.svc.com, invoices24.net, or even a slight misspelling like d0cusign.com. Always hover your mouse over the sender name before clicking. Do not rely on the displayed name alone.

Second, a real DocuSign email will address you by your full name, not just “Dear Customer” or “Dear User.” Scammers often use generic greetings because they do not know your name. Third, look carefully at the link or button. Hover over it without clicking. A real DocuSign link will contain “docusign.com” or “docusign.net” in the URL. A fake link will be something like “clickhere.invoice247.com” or “secure-docu.co.” If the URL looks odd, do not click.

Fourth, trust your gut. If you were not expecting a document to sign, be suspicious. Do not assume it is a routine business request. Contact the person or company directly using a phone number or email you already have on file, not the contact information in the suspicious email. That simple step can stop a scam cold.

You can also enable two-factor authentication on your real DocuSign account and on your email and bank accounts. This adds a second layer of security. Even if a scammer steals your password, they cannot log in without the code sent to your phone.

Finally, remember the rule that applies to every phishing attempt: No legitimate company will ever ask you to download remote access software to “help” with a document signature. If anyone asks you to install AnyDesk, TeamViewer, or similar programs because of a DocuSign request, hang up and report it to the Federal Trade Commission at ReportFraud.ftc.gov.

Fake DocuSign requests are a polished, professional form of phishing that exploits your trust in routine online tasks. By staying suspicious, checking sender addresses, and never clicking links in unsolicited emails, you can keep your savings safe. When in doubt, close the email, pick up the phone, and call the company directly. That one act can be the difference between a minor inconvenience and an empty bank account.