March 2, 2018
Beware Phony DocuSign Phishing Scam 
The Alberta Lawyers Insurance Association (ALIA) has learned of a very convincing email scam that is trying to lure lawyers into giving away their passwords or installing malware by way of fake DocuSign requests. Lawyers have been receiving emails from a sender who wants to use DocuSign to share document files. The sender asks the lawyer to click on a link to access the document. Even though the sender appears to be a verified lawyer with a verified email address, do not open this link.

The goal of the scam is to have the lawyer sign in via a fake login page to retrieve the shared documents. Once this occurs, the scammer has everything they need to have access to your email account. From there, they can sell your email credentials, use your address to send fake DocuSign requests to others, and even gain access to your other online accounts (including bank accounts) by searching for other passwords and utilizing websites; forgot password features.

Action to be taken:
If you or your law firm receive any request to open a shared document via a program such as DocuSign, consider the possibility that a fraudster is at work. Satisfy yourself that the instructions are legitimate through direct, in-person contact with the client, by verified client contact information. To protect yourself, follow these Client Identification and Verification Rules . We also recommended that your firm establish protocols for accessing shared documents via the web and adhere to them.

Other ways to protect yourself include:
  • Watch for spelling and formatting errors.
  • Check embedded hyperlinks by hovering your mouse over the link to verify the address.
  • Be wary of clicking on any attachments or links, they may contain viruses, malware and spyware.
  • Protect your computer with anti-virus software, spyware filters, email filters and firewall programs.
  • Ensure your anti-virus software is active and up to date. Regularly schedule scans to search and remove already existing malware.
  • Keep your operating system and software up to date.
  • Make regular back-ups of important files.

If you receive communications that appears suspicious, please send an email to the ALIAlert mailbox and, if possible, provide the potential fraudster’s contact information.

The Alberta Lawyers Insurance Association provides the ALIAlert service to all Alberta lawyers participating in the insurance program. If you believe that you have been targeted by potential fraudulent activity, please contact ALIAlert so that we may alert other members of the profession and avoid losses that increase the cost of everyone’s insurance.