Leon C. LaBrecque, JD, CPA, CFP®, CFA
We’re in full tilt on tax season, and the returns are flowing, as are the scams. Hopefully, by now everyone knows that the IRS does not call you on your cell phone threatening you with jail unless you give them your credit card over the phone. Well, the IRS does not send you DocuSign information either. Here’s an email one of our clients got from ‘DocuSign’:
This is another case of the scammers trying to obtain your information, using some trustworthy source, like the IRS, (which is ironic). Note the scammers failed to capitalize the ‘S’ in ‘DocuSign’ in the subject. This one came from a weird e-mail as well.
Here are some tips to help spot the difference between real and spoof DocuSign emails:
- All URLs to view or sign DocuSign documents will contain “docusign.net/” and will always start with https.
- All legitimate DocuSign envelopes include a unique security code at the bottom of notification emails. If you do not see this code, don’t click on any links or open any attachments within the email, forward it to firstname.lastname@example.org.
For the latest DocuSign security and system performance information, visit the DocuSign Trust Center.
- Unless you know who the e-mail is actually from and you are expecting it, don’t click on any attachments. Legitimate sources never ask for sensitive information by e-mail.
- Also, don’t open links to website unless you are certain of the website. If you are uncertain, open a new browse window and type the URL into the address bar (don’t copy and paste).
- Be careful of shortened links: hover your mouse over a link and see what the link actually is.
- Look for goofy typos (like the lower case ‘s’ in the one above).
- Watch out for urgency and threats: this is the IRS ‘phone scam.’
As they said at the end of the roll call in every Hill Street Blues episode: ‘Let’s be careful out there’.