Phishing attempts

timconsidine

Nor me but I only use the package occasionally

jdaviescoates

@girish said in Phishing attempts:

DocuSign

Yeah, this doesn't appear to be spoofing DocuSeal at all as it only mentions DocuSign

luckow

@jfrere Did you click on it? Maybe it's a genuine case from one of your customers or suppliers? If not, it is almost certainly a phishing mail.
Let's have a look at the docusigns website DocuSign | #1 in Electronic Signature and Contract Lifecycle
#1 is often the target of phishing

jdaviescoates

What do the email headers say?

timconsidine

I typically check the links - doesn't matter what icons or branding used - links on buttons etc will normally be the giveaway

jfrere

Thank you for your replies. The e-mail subject was forged to copy the domain name we use for DocuSeal, and the recipient e-mail address was the one we use to log in.
There was this image and also a link to a spammy website. I think there might be a way to access some data inside the DocuSeal instance, and use it to forge e-mails.
That's just my guess.

murgero

@jfrere Yes, the best you can do is if you know you're not expecting the email, move to junk so the filter can learn from it

jfrere

@murgero sure. But my message was more about a possible flaw in DocuSeal that would allow access to some information.

murgero

@jfrere No, this is a common scam email to get you to click a link and put login information into a fake login page. It's not an exploit, it likely wasn't sent from docuseal or docusign's domains either.

It's totally common, and nothing to worry about so long as you don't click the links in the email and put in your real login info You can move it to spam for learning or even just delete it and you'll be safe

docuseal

@jfrere can you please forward that email to security@docuseal.co to see if it can be somehow linked to the DocuSeal hosted on Cloudron ?