DocuSign Email Scam Targets Healthcare Workers

Most of us sign documents online without thinking twice. A quick DocuSign request appears in your inbox. You click the link, review the document, and continue with your day. That convenience is exactly what scammers rely on. Recently, we received a message from a CyberGuy reader that shows how convincing these scams can seem. In this case, the email appeared to come from a health licensing authority and asked the recipient to review a document linked to the renewal of a professional license.

Here is the email we received from Susie, a registered nurse in Florida who almost fell for the scam.

“I am a registered nurse and my semi-annual renewal is coming up. Last month, I received a surprising (at least to me) email with a document for DocuSign from the state Board of Health. It didn’t seem right to me, even though I have used DocuSign several times in the past. Those experiences were known transactions. I contacted the state board and they confirmed that IT IS a SCAM. I sent them screenshots, etc. and reported the message for phishing. I want to thank you. Kurt, because It was because of you that I questioned the veracity of this disclosure. Reading the articles and advice you provided saved me a lot of trouble. Thank you again, and all nurses renewing their license, be careful.” – Susie C, Orlando, Florida

Susie did exactly what security experts recommend. He paused and checked the message before clicking on anything. That step likely prevented a phishing attack.

SCAMMERS ARE USING DOCUSIGN EMAILS TO DRIVE APPLE PAY FRAUD

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM fact sheet

What the suspicious DocuSign email looked like

Susie also shared a screenshot of the message she received. At first glance, the email looks familiar. The blue design looks like real DocuSign notifications. There’s even a big yellow Review Document button. But one detail immediately caught our attention.

The email address that sent the message was:
info.florida-department-of-health-email-notification@cc.ncu.edu.tw

That address has nothing to do with the US state health department.

Why DocuSign Scams Work So Well

DocuSign is used by millions of businesses and government agencies. Since people expect these requests, they often click without hesitation. Scammers take advantage of that habit. A typical DocuSign phishing email attempts to create urgency. You may claim a license renewal, contract update, or payroll form that requires immediate action. Once you click the button, several things can happen:

• You may land on a fake login page designed to steal your email password.
• The site may ask you to download a malicious file.
• The link may redirect you to various phishing pages.

In many cases, the goal is simple. Attackers want your email credentials so they can take over your account or launch more scams.

10 WAYS TO PROTECT SENIORS FROM EMAIL SCAMS

Red Flags in DocuSign Scam Email

Some warning signs can help you quickly spot a fake application.

Suspicious sender address

Always look closely at the sender’s domain. Government agencies rarely send messages from foreign academic domains such as .edu.tw. That alone indicates that something is wrong.

Unexpected documents

Legitimate DocuSign requests typically follow a known interaction. For example, a contract that you discussed or procedures that you are waiting for. An unexpected document should always raise questions.

Pressure to act quickly

Many phishing emails include language that urges immediate action. The goal is to stop you from thinking. Take a moment before clicking any button.

Generic Document Descriptions

The message shown in the screenshot simply indicates that a document is ready for review. It doesn’t provide any real context or explanation. Legitimate documents usually include details about the transaction.

How clicking the link could compromise you

Many people assume that they will recognize a fake page. In reality, phishing sites look very convincing. Some scams even use cloned DocuSign pages. Once victims enter their credentials, attackers gain access to their email accounts.

From there, criminals can:

• Reset passwords for financial services
• Send phishing emails to contacts
• Search inboxes for confidential documents

In healthcare professions, that risk can also expose licensing information or patient-related communications.

APPLE APP PASSWORD SCAM EMAIL WARNING

Ways to stay safe from DocuSign phishing scams

Fortunately, some habits can dramatically reduce the risk.

1) Check the request separately

If a document claims to come from a government agency or employer, contact them directly using a known phone number or website. Never use contact information within the suspicious email.

2) Hover over the links before clicking.

Move the cursor over the button and check the destination link. If the URL is unfamiliar or not related to DocuSign, do not click on it.

3) Don’t click on links and use powerful antivirus software

If an email looks suspicious, do not click on the link or open any attachments. Powerful antivirus software can help block malicious downloads, warn you about dangerous websites, and detect threats before they spread across your device. Get my picks for the best antivirus protection winners of 2026 for your Windows, Mac, Android, and iOS devices at Cyberguy.com

4) Use a data removal service

Scammers often collect personal data from data broker sites and public records to make phishing emails appear more credible. A data erasure service can help reduce the exposure of your information online, which can make it difficult for criminals to send you compelling messages. Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.

5) Access documents through official accounts

If you use DocuSign regularly, log in directly to the official website and check your pending documents there. This approach completely avoids the pitfalls of email.

6) Report phishing attempts

Forward suspicious messages to your organization’s security team or the Federal Trade Commission’s phishing reporting system at Report fraud.ftc.gov. The FTC also recommends forwarding phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org. Reporting scams helps protect others from the same attack.

Kurt’s Key Takeaways

Scams are successful because they blend into everyday routines. Signing documents online has become normal for work, healthcare leave, and financial paperwork. That convenience also gives criminals a perfect disguise. Susie’s story shows how a small moment of doubt can stop a phishing attack before it starts. A quick call to the licensing board revealed the truth. The message was never legitimate.

Now, the question is one that every reader should consider. If an email from DocuSign arrived in your inbox right now, would you notice the warning signs before clicking the button? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE News APP

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM fact sheet

Copyright 2026 CyberGuy.com. All rights reserved.