Loyola’s University Information Security Office (UISO) has been seeing a significant uptick in a specific kind of phishing email targeting the Loyola community. These messages are designed to look like they come from trusted electronic signature services such as DocuSign or Adobe Sign. Because many of us use these services in academic and professional settings, these scams can be particularly convincing.
What the Scam Looks Like
These phishing messages may:
- Pretend to be from DocuSign, Adobe Sign, or another e-signature platform.
- Use subject lines like “Action Required: Documents Pending Review” or “Your Documents Are Ready”.
- Contain a button or link labeled “View Document” or “Sign Now”.
- Include a fake confidentiality notice to appear professional.
For example, a recent phishing attempt targeting Loyola included:
- A suspicious sender address full of random characters, not an official company domain.
- A request to urgently review “pending documents.”
- A link masked as “View Document” but actually pointing to a malicious site.
- Random filler text and fake contact information at the bottom, often added to bypass spam filters.
Why it Works
These scams often succeed because they mimic routine workflows. Professors, staff, and students often sign agreements, contracts, and permission forms electronically. When someone sees an urgent request, they may click without double-checking, especially if it appears to be work-related.
How to Protect Yourself
- Check the sender’s address carefully. Real DocuSign emails come from @docusign.com and @docusign.net.
- Hover over links before clicking and make sure they lead to the official domain.
- Look for unusual details. Random text, odd formatting, or irrelevant contact info are red flags.
- When in doubt, go directly to the service. Log in to DocuSign or Adobe Sign through their official website instead of clicking the email link.
- Report suspicious messages. Forward phishing attempts to Loyola’s UISO at ITSServiceDesk@luc.edu so we can determine legitimacy and stay ahead of cyber threats.
The Bottom Line
Attackers know that urgency and professionalism make people lower their guard. By being alert to the warning signs, you can avoid falling victim to e-signature phishing scams and help keep the Loyola community secure.