Docusign phish
Docusign phish
This example successfully tricked a number of users into providing their login and password to scammers.
An @caltech.edu sender address does not mean the message is safe
Phishing scams commonly use spoofed sender addresses or stolen email accounts to make the message appear legitimate. Just because a message says it is from an "@caltech.edu" email address does not mean it actually was sent by a Caltech user. In this example, a Caltech user was tricked by a phishing scam, and that person's email account was hijacked to send out more phishing messages (we've changed the email address in the sample image for that person's privacy).
Pay close attention to where a link is taking you
Before clicking a link in an email, hover your mouse over that link and look at the destination web site address. On a mobile device, you can press and hold a link in order to see where it goes.
Web URL's are read left to right. The name of the site you'll be connecting to is the part between the http:// and the next / in the URL. The parts after that have to do with which page or function you'll be accessing on the site. In the example above, the site you would be connecting to a site named "gustshow.com" -- nothing to do with Caltech, with Microsoft, or with Office365, and definitely nothing to do with Docusign.
A legitimate Docusign would have linked to the official website for docusign (e.g. https://www.docusign.com). Phishing messages often take advantage of hacked websites or free survey form sites to create an imitiation "log in" form for collecting passwords from victims. Even after clicking a link, double check the address bar in your web browser to make sure you ended up where you expected.
Consider who is sending you the message and why
Were you expecting to receive a document you need to sign? Do you recognize the sender appearing on this message? These scams are becoming more common. If you're not sure, verify before clicking!
