Your company is participating in a Cyber Security Education Program.


This Docusign Phishing Attack included the following social engineering techniques:


  1. Spoofed email and domain (example: docusign@bc-en.ca).
  2. Urgency to act (example: Document for review and  sign).
  3. Simple clean email to minimize suspicion.
  4. Link/Button to allow you take action attacker wants.
  5. Verbiage to catch attention (example: REVIEW DOCUMENT).


How to spot this was a phishing email:


  1. Was this an email you expected to receive? No - Be cautious
  2. There is no distinguishing or customization (from, to, or document information).
  3. The sender named email address was not associated with Docusign.
  4. Example: docusign@... is not the primary domain (bc-en.ca is primary domain and not associated with Docusign.
  5. The link provided used suspicious domain similar to above..


“An employee is either an asset to your cyber security or a risk.”