Heads Up: Trying to prove a spoof

The email warned that my PayPal account had been temporarily suspended after it was used to buy $350 of bitcoin from Texas.

< Back to Articles

By Joel Dresang

My limited experience with Docusign has been serious business – when I’ve needed to agree to a lease, for instance, or to affirm that the form I’m submitting is factual.

So when I saw a DocuSign message in my email, my initial instinct was to trust it.

The email was from Notification (via Docusign) and warned that my PayPal account had been temporarily suspended after it was used to buy $349.99 of bitcoin from somewhere in Texas.

“Our system has flagged this transaction due to potential security concerns,” the message read. It called the suspension “a precautionary measure.”

Learn more:
Online sellers stung by scammers spoofing PayPal brand, from the Federal Trade Commission
BBB Scam Tracker,from the Better Business Bureau
How We Can Help You: Spoofing and Phishing, from the FBI
How Docusign Users Can Spot, Avoid and Report Fraud, from Docusign
How do I spot a fake, fraudulent, or phishing PayPal email or website? from PayPal

To be sure, such a transaction was news to me. I’ve suffered fraud before, and I am grateful for procedures and policies that try to protect me.

Here’s what else I noticed in the email:

  • The message displayed a prominent purplish rectangle inviting me to click it to review a document and sign it.
  • It urged me to immediately call a toll-free number for PayPal Support if I didn’t authorize the transaction or believed it to be fraudulent.
  • It listed the same number for the PayPal Security Team in the signature at the bottom.
  • In a shaded box below the message were apparently standard Docusign disclosures such as information on Docusign, a link to download the Docusign app and an alternate signing method with a 33-characther security code.

My suspicions

On the surface, the message looked legitimate to me. But the content made me wonder.

First, I went to a new browser tab and signed into my PayPal account. I saw no sign of the transaction in question. There was no message for me there.

Then I re-read the message. The toll-free number had an 813 area code, which isn’t toll-free; I recognized it as being from the Tampa Bay area. PayPal is based in California.

I went to the Docusign website, which kept responding with an error page when I entered that lengthy security code from the email.

Finally, just to make sure, I went back to my PayPal account and donated to a nonprofit I had been planning to contribute to. The donation went through, which showed that my account wasn’t suspended after all.

Bottom line: I’d been spoofed

Scammers troubled to make a passable copy of Docusign and PayPal communications to try to trick me into coughing up money, divulging sensitive information or both.

In trying to learn more, I landed at the BBB Scam Tracker, from the Better Business Bureau. I entered “PayPal” into the tracker, and it spit back a list of consumers registering familiar complaints: Emails that said their PayPal accounts were suspended because of a suspicious $349.99 bitcoin purchase in Texas.

The spoof I received turned out to be old news. The Federal Trade Commission warned about similar messages back in 2014. What’s new, though, is how convincing the email was. As Jason Scuglik has warned, technology is helping scammers, requiring consumers to be ever more vigilant.

“The days of easily identifiable scams, characterized by poor grammar or foreign accents, are behind us,” Jason wrote recently. “Modern scammers often leverage advanced tools, such as artificial intelligence (AI), to create convincing narratives.”

Joel Dresang is vice president-communications at Landaas & Company, LLC.

How to protect yourself from spoofs

(from the FBI)

  • Remember that companies generally don’t contact you to ask for your username or password.
  • Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
  • Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
  • Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
  • Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
  • Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.

(Heads Up is an occasional feature by Landaas & Company investment to alert consumers to ways in which crooks are trying to separate them from their money.)