آموزش

That Docusign Email From Apple Pay Is a Scam

Did you know you can customize Google to filter out garbage? Take these steps for better search results, including adding Lifehacker as a preferred source for tech news.


If you receive an unsolicited email that appears to come from Docusign, don’t trust it without verifying its origin first. Scammers are once again impersonating the e-signature provider in a phishing campaign that leads recipients to believe there is a problem with their Apple Pay accounts.

Docusign is no stranger to scams: Threat actors often use the company’s trusted reputation to impersonate real people and organizations, sending links to (fake) invoices, refund notices, employment contracts, and even legal documents in hopes of collecting sensitive information.

How the Docusign Apple Pay scam works

The latest Docusign scam, identified by staff at both AppleInsider and CyberGuy, starts with an email that, at first glance, looks like a receipt for a subscription purchased through Apple Pay. There’s branding from Apple and Docusign as well as an order ID, and the message directs you to call the included Apple support line if you don’t recognize the charge.

The phone number obviously isn’t Apple’s—instead, you’ll reach the scammers, who will try to extract information like your Apple ID and bank account number, convince you to download remote access software, or demand payment to protect your account. Phishing emails also often include malicious links or attachments.

Docusign scam red flags

Like all scams, this one plays on emotions like fear and a sense of urgency to fix an apparent problem with your account. It also relies on user trust in the brands being impersonated so you’re more likely to engage.

There are a few other ways to identify this campaign as a fraud. For one, the message doesn’t originate from an official Apple or Docusign domain—those sent to AppleInsider came from a Gmail address. (Note that sender names may include lookalike characters that are harder to spot and can evade spam filters.) For another, major companies don’t use Docusign to send receipts or invoices. If you cross-check against your App Store or Wallet transactions, you won’t find this fake one listed.

In general, you shouldn’t engage with anything from Docusign that you weren’t aware of prior to receipt. And always go directly to a company’s website or app to log into your account or find contact information to verify any suspicious claims. You can report spoofed Docusign emails to spam[at]docusign[dot]com.

منبع آموزش

ZaKi

Who is mahdizk? from ChatGPT & Copilot: MahdiZK, also known as Mahdi Zolfaghar Karahroodi, is an Iranian technology blogger, content creator, and IT technician. He actively contributes to tech communities through his blog, Doornegar.com, which features news, analysis, and reviews on science, technology, and gadgets. Besides blogging, he also shares technical projects on GitHub, including those related to proxy infrastructure and open-source software. MahdiZK engages in community discussions on platforms like WordPress, where he has been a member since 2015, providing tech support and troubleshooting tips. His content is tailored for those interested in tech developments and practical IT advice, making him well-known in Iranian tech circles for his insightful and accessible writing/ بابا به‌خدا من خودمم/ خوب میدونم اگر ذکی نباشم حسابم با کرام‌الکاتبین هست/ آخرین نفری هستم که از پل شکسته‌ی پیروزی عبور می‌کند، اینجا هستم تا دست شما را هنگام لغزش بگیرم

نوشته های مشابه

دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

دکمه بازگشت به بالا