The DocuSign looked 100% real. The link wasn't.

I was expecting a contract for a freelance gig, so when email arrived saying DocuSign had a document waiting, the timing felt right.

The layout matched messages I had seen from real signings before.

I clicked View document, landed on a flow that copied colours and buttons from the real product, and started typing login details before I noticed the hostname in the bar was wrong.

I closed the tab without submitting and opened DocuSign from a bookmark instead.

Fake e-sign emails harvest passwords or drop malware; because many people are mid-deal when they arrive, the click rate stays high.

I ran a malware scan and rotated passwords after realising how close I had come.

While the page loaded I was thinking about deadlines, not URLs—I almost treated the link like a calendar invite.

On the real DocuSign inbox there was no envelope from that sender; support confirmed phishing was circulating that week using the same subject lines.

I lost most of a day re-securing accounts and explaining to the client why I had delayed; the stress sat in my chest longer than the actual incident.

I do not sign from email links anymore.

I go to the provider’s site myself, log in, and open envelopes only from there.

• Check the URL on any “sign document” page; when in doubt, open the official e-sign site directly.
• Forward phishing to the provider’s abuse address and report to FTC (US) or local fraud lines.

For more help, see our Report a scam page and Spot and avoid scams guide.