DocuSign Phishing Scam Targets Staff and Faculty

Overview

SF State has experienced multiple phishing attacks targeted at faculty and staff via external accounts sending a document through an electronic signature service. As the fiscal year ends and performance evaluations circulate, ITS wants to share a security awareness moment to protect our campus community against cybersecurity criminals and approaches. We know your personal information and data’s importance, so the following information and advisable actions will help keep your assets safe. 

DocuSign

How to Spot the Scam 

Phishing messages contain links that navigate users to fake web pages. The scammers may ask the recipient to type in their username and password or display a page resembling the SF State Two-factor Authentication (2FA) or Single Sign-On (SSO) page. These messages appear legitimate, mimicking an alert email or text message, but they are indeed a scam. Verify that the email address is from SF State. If you encounter a request or message like this, ignore it and report it immediately to abuse@sfsu.edu.

 

What You Can Do

Be vigilant and help protect yourself and your fellow Gators with the following actions.

  • If you’re unsure if an email message is legitimate, please forward it to abuse@sfsu.edu for inspection or use the Report Phishing button in Outlook.       
Report Phishing
  • Do not click on links or attachments from recipients you do not recognize. Be especially wary of strange links in text messages or of .zip files or other compressed or executable file types that might be attached to an email. 
  • Do not provide sensitive personal information (like usernames and passwords) over email or text. If you receive a text/email asking you to take an action that involves your username and password, contact the sender by phone before doing so. 
  • Do not assume that a “sfsu.edu” email address or text message claiming to be an SF State employee or student is safe, especially if they ask for compensation (cash, credit card number, wire transfer, etc.).
  • Your SF State username and password combination should be unique to SF State and not used anywhere else. Do not re-use your SF State username and password combination on other services such as Facebook, online banking, TikTok, etc. If you are still determining if you have re-used your SF State password, change your password immediately. The link to change your SF State password is on the University home page. Select “Login” at the top right of the page.
  • Watch for unusual activity on both your phone and email account. If you see such activity, change your password immediately. Ensure you aren’t responding to strange text messages, and keep an eye out for emails being forwarded or showing up in your sent items you did not personally send.
  • If you notice anything suspicious, contact the ITS Service Desk by emailing service@sfsu.edu, calling 415-338-1420, or submitting a ticket online. We’re always here to help.
  • Be sure to familiarize yourself with additional phishing resources on the ITS website at https://its.sfsu.edu/guides/phishing.

 

Thank you for doing your part by staying vigilant and careful with your data and information at SF State. Our number one priority is keeping our community’s privacy protected.

 

Tuan Anh Do
Senior Director, ERP & BI, and Interim Information Security Officer
Information Technology Services