Employees are receiving scam emails containing secure document attachments or secure message links that, when clicked or opened, download malware onto company computers. The email will often spoof those from trusted vendors or even other company employees, making it hard to distinguish the real from the fake.
If you receive an unsolicited email that contains a Secure Document from DocuSign, EchoSign, or Secure Adobe PDF, be very cautious. Don’t open the attachment. If you receive a secure link email supposedly from the U. S. Postal Inspection Service, don’t click on any links.
How to Spot a Scam Email:
- Be wary of sites that have the name as a subdomain of another URL (i.e. “name.scamwebsite.com“) or part of a longer URL (i.e. “companynamecustomersupport.com.”)
- Scammers can make links appear to lead to a legitimate website, when they really point to a scam site, like the examples above.
- Legitimate businesses rarely send unsolicited emails with attachments. Always confirm an email is real before you download anything.
- A change from normal communication patterns is likely to be a scam.
When in doubt, call the business’s customer support line or your company’s HR department to check the legitimacy of the email. Be sure to find the phone number on your bill or by a web search — not the email or website the scammers gave you.
For more detailed information on this scam, check out Scam of the Week: Secure Document Phishing Attacks Trap Employees from KnowBe4.com.
To report a scam, go to BBB Scam Tracker (bbb.org/scamtracker).