There’s a new phishing scam in town: Secure document phishing attacks

BBB Consumer Alerts

Image: MGN Online/Hannaford / Flickr

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

Employees are receiving scam emails containing secure document attachments or secure message links that, when clicked or opened, download malware onto company computers. The email will often spoof those from trusted vendors or even other company employees, making it hard to distinguish the real from the fake.

If you receive an unsolicited email that contains a Secure Document from DocuSign, EchoSign, or Secure Adobe PDF, be very cautious. Don’t open the attachment. If you receive a secure link email supposedly from the U. S. Postal Inspection Service, don’t click on any links.

How to Spot a Scam Email:

  • Be wary of sites that have the name as a subdomain of another URL (i.e. ““) or part of a longer URL (i.e. “”)
  • Scammers can make links appear to lead to a legitimate website, when they really point to a scam site, like the examples above.
  • Legitimate businesses rarely send unsolicited emails with attachments. Always confirm an email is real before you download anything.
  • A change from normal communication patterns is likely to be a scam.

When in doubt, call the business’s customer support line or your company’s HR department to check the legitimacy of the email. Be sure to find the phone number on your bill or by a web search — not the email or website the scammers gave you.

For more detailed information on this scam, check out Scam of the Week: Secure Document Phishing Attacks Trap Employees from

To report a scam, go to BBB Scam Tracker (

Copyright 2021 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.