Skip to main content

Phishing Email

Anya Grossman
Updated

 

  • Be vigilant of phishing emails and malicious links. If you are unsure of something, DO NOT CLICK ON IT. Submit a ticket to the helpdesk and we’ll be happy to investigate it for you and ensure it’s safe. 

  • How to identify potential phishing emails:

    • Suspicious sender email addresses (e.g., slight variations like 'msllcc.com' instead of 'msllc.com' or non-official domains like 'microsoft-support.com' instead of 'microsoft.com')
    • Urgent or threatening language designed to make you act quickly (e.g., "immediate action required" or "security threat detected")
    • Generic greetings like 'Hi Customer' or 'Dear User' instead of your name
    • Unexpected attachments or requests to click on links (especially for "security updates" or to "verify" accounts)
    • Requests for confidential information or credentials
    • Emails claiming to be about Multi-Factor Authentication that ask you to click links to verify your account
    • Suspicious or shortened URLs that hide the actual destination

  • If you receive a suspicious email:

    • DO NOT click on any links or download any attachments
    • DO NOT reply to the email
    • Forward the email to the helpdesk or IT security team
    • Delete the email from your inbox
    • If possible, report the email as phishing through your email client's reporting tools

Be especially cautious of emails about Multi-Factor Authentication (MFA):

  • Legitimate MFA communications will typically NOT ask you to click links to verify your authentication
  • Always verify MFA changes directly through your official Microsoft O365 account portal
  • When in doubt, contact your organization's IT support directly through official contact methods

  • While in the suspicious email, you can also click on the “Phish Alert” button on the top right-hand side of the toolbar. 

 

Docusign Phishing

Docusign has dedicated reporting channels based on the type of threat:

  • Docusign-themed imitation emails and websites: If you think that you’ve received a fraudulent email purporting to come from Docusign, forward the entire email as an attachment to spam@docusign.com and delete it immediately. If you identify a website imitation of Docusign, please copy and paste the URL into an email to spam@docusign.com  for investigation. 

  • Other security incidents and Docusign-themed threats for investigation: new cybersecurity threats occur regularly. To support Docusign information security and threat intelligence, report security incidents and Docusign platform threats to security@docusign.com.

Comments

0 comments

Please sign in to leave a comment.