We recently had a couple of instances where an employee received, what they described, as a "fake" Docusign email.  The email looks legit, originating from the standard DocuSign email address but the originating person and the associated email address and message are suspicious. We are investigating what options we may have to help filter and block these, but they are very difficult to identify since they are coming from a valid source.  Have you encountered a similar situation? Have you figured out a way to prevent or block these emails?

For us we do whitelist legitimate email address, there could be email address spoofing which makes the sender appear legitimate when it is not.

 

We also have warning banners for emails outside of our network:

Domains can be spoofed; the resulting e-mail will appear to originate from a valid source.  However, often there is metadata or other embedded information (links, etc) that will give clues as to the authenticity of the e-mail.  If your company hasn't already, I would recommend investing in software that helps determine whether or not the e-mail is legitimate:  Mimecast is one such solution.

Users will still benefit from training since they're the last line of defense, but there are solutions on the market which should reduce the extent to which this is a problem.

Learn more about Mimecast here, and check out their e-mail security solutions as well as DMARC technologies:  https://www.mimecast.com/

Are you sure the email address was from DocuSign? Usually phishing emails try to mimic legitimate emails/domains but include subtle mistakes/variations (i.e. coming from docusign.org or from docus1gn.com). You should check with your IT department to make sure your organization has implemented proper email authentication protocols and email filtering methods.

Also, I recommend implementing (or updating) employee education and training on how to recognize suspicious emails. Usually there are tell-tale signs of phishing/spoofing, such as suspicious names, grammatical/spelling mistakes, unusual attachments, etc. One of my previous companies regularly sent out simulated phishing emails as part of our cybersecurity training and awareness program.