Phishing scams utilizing fake DocuSign emails are circulating, appearing as charges from companies like Apple. These messages often include a receipt, order ID, and support number, which connects victims to scammers instead of legitimate services.
The phishing emails, detailed by Kurt Knutsson from CyberGuy Report Fox News, mimic billing receipts for Apple Pay purchases. They typically claim a subscription charge and prompt recipients to call a number if the charge is unrecognized. Companies like Apple, Netflix, Expedia, or even lawn service companies are spoofed to lend credibility. Some emails feature a “DocuSign” link and security code, suggesting a need to access a file to confirm the transaction.
Neither Apple nor other major companies send billing receipts via DocuSign; this is a key indicator of fraud. Sender addresses often contain subtle character alterations, such as a Cyrillic “B” instead of a standard “B” in words like “Billing,” to bypass spam filters.
The scam aims to provoke a quick reaction from recipients. The email states an Apple Pay account has been charged, providing an order ID, charge amount, and a DocuSign link for a supposed receipt. A listed phone number urges unauthorized charge reporting, but this number connects directly to a scammer impersonating a support agent.
Scammers on the call attempt to convince victims their account is compromised or requires immediate payment reversal. They may request Apple ID, banking details, or card numbers. Some demand victims download remote access software or pay fees for fictitious account protection or reversal services. The goal is to gain account access, steal sensitive data, or initiate fraudulent transactions. These scams combine realistic-looking receipts, official logos, DocuSign links, urgent language, and a seemingly direct phone number for resolution.
Individuals can implement several protective measures:
Data removal services, while potentially costly, actively monitor and erase personal information from numerous websites, reducing the risk of scammers cross-referencing breached data with publicly available details. Phishing scams like the DocuSign Apple Pay ruse are evolving. Skepticism and direct verification through official channels are the best defenses against such tactics, as scammers rely on panic and quick reactions.