Skip to main content

Phishing Email

Anya Grossman
Updated

  • Be vigilant of phishing emails and malicious links. If you are unsure of something, DO NOT CLICK ON IT. Submit a ticket to the helpdesk and we'll be happy to investigate it for you and ensure it's safe.

How to identify potential phishing emails:

  • Suspicious sender email addresses (e.g., slight variations like 'msllcc.com' instead of 'msllc.com' or non-official domains like 'microsoft-support.com' instead of 'microsoft.com')

  • Urgent or threatening language designed to make you act quickly (e.g., "immediate action required" or "security threat detected")

  • Generic greetings like 'Hi Customer' or 'Dear User' instead of your name

  • Unexpected attachments or requests to click on links (especially for "security updates" or to "verify" accounts)

  • Requests for confidential information or credentials

  • Emails claiming to be about Multi-Factor Authentication that ask you to click links to verify your account

  • Suspicious or shortened URLs that hide the actual destination

  • If you receive a suspicious email:

    • DO NOT click on any links or download any attachments

    • DO NOT reply to the email

    • For unsolicited survey invitation emails, forward the message (preferably as an attachment) or use the reporting option indicated in the email to send it to your company's security reviewer so they can scan both the email and the linked survey. Include any context you have, such as who sent it, the survey link, and what the survey is asking for.

    • If you already clicked a suspicious survey link, make note of exactly what happened (what information you entered and whether you saw any credential prompts or downloads), then report this and send the email/link to your company's security reviewerso they can scan it and advise on any follow-up actions.

    • Forward the email to the helpdesk or IT security team

    • Delete the email from your inbox

    • If possible, report the email as phishing through your email client's reporting tools

Be especially cautious of emails about Multi-Factor Authentication (MFA):

  • Legitimate MFA communications will typically NOT ask you to click links to verify your authentication

  • Always verify MFA changes directly through your official Microsoft O365 account portal

  • When in doubt, contact your organization's IT support directly through official contact methods

  • While in the suspicious email, you can also click on the "Phish Alert" button on the top right-hand side of the toolbar.

Docusign Phishing

Docusign has dedicated reporting channels based on the type of threat:

  • Docusign-themed imitation emails and websites: If you think that you've received a fraudulent email purporting to come from Docusign, forward the entire email as an attachment to spam@docusign.com and delete it immediately. If you identify a website imitation of Docusign, please copy and paste the URL into an email to spam@docusign.com for investigation.

  • Other security incidents and Docusign-themed threats for investigation: new cybersecurity threats occur regularly. To support Docusign information security and threat intelligence, report security incidents and Docusign platform threats to security@docusign.com.

Comments

0 comments

Please sign in to leave a comment.