Although utilising an electronic signing service can be a convenient way for your organisation to digitally sign and exchange important documents (eg contracts, tax documents and legal materials) with stakeholders, doing so also carries significant cyber-security risks.
Cyber-criminals can utilise a variety of scamming techniques to trick electronic signing service users into sharing sensitive information, such as their signature, financial information and other personal data. From there, the criminals can use that information for a range of destructive purposes—including identity theft and other costly forms of fraud. These scams have become an increasingly prevalent threat in the midst of the ongoing COVID-19 pandemic, as many organisations have transitioned to fully remote operations.
In fact, DocuSign—a popular electronic signing service provider—recently released a statement regarding several new phishing scams that cyber-criminals have implemented to fool victims into thinking they are using DocuSign’s services. These scams entail the victim receiving a fraudulent email that appears to be from DocuSign, urging them to either click on a malicious link (which then downloads malware on the individual’s device) or provide their personal information (which scammers then access to commit fraud).
Whether your organisation uses DocuSign or a different electronic signing service, it’s important to educate yourself and your stakeholders—including employees, investors, customers and suppliers—on how to detect and avoid falling victim to these phishing scams. That being said, consider the following cyber-security tips:
- Be wary of responding to emails that claim to be an electronic signature request—especially if you weren’t expecting a request or don’t recognise the name of the individual or organisation sending the request. Trusted senders would let you know they are sending a signature request before doing so.
- Never click on links from electronic signature emails that appear suspicious—especially if the URLs for those links redirect to websites that aren’t secure or recognisable.
- Review electronic signature emails for generic wording, grammatical errors and misspellings (both in the body of the email and within the sender’s email address). These mistakes are often key indicators of a phishing scam.
For additional cyber-security guidance, contact us today.
Contains public sector information published by the ICO and NCSC and licensed under the Open Government Licence.
The content of this blog is of general interest and is not intended to apply to specific circumstances or jurisdiction. It does not purport to be a comprehensive analysis of all matters relevant to its subject matter. The content should not, therefore, be regarded as constituting legal advice and not be relied upon as such. In relation to any particular problem which they may have, readers are advised to seek specific advice from their own legal counsel. Further, the law may have changed since first publication and the reader is cautioned accordingly. Content by Zywave, Inc. provided by TH March.