Menu
Reply
  • 1
  • 0
  • 0
Beechdale39
Joining in
1,526 Views
Message 1 of 12
Flag for a moderator

DocuSign

Received Email asking me to sign contract   DocuSign real or spam?

0 Kudos
Reply

Helpful Answers
  • 1.42K
  • 154
  • 457
Superuser
Superuser
2,975 Views
Message 2 of 12
Flag for a moderator
Helpful Answer

Re: DocuSign

If you were not expecting a contract then treat with extreme caution and investigate appropriately.

DocuSign is a company and the email received via them should contain details about the sender from whom you expected to receive a contract; there should be no need to click any links to the sender's information. Should you choose to proceed with the electronic signature process then make sure you understand the implication of doing so.

 


All Replies
  • 1.42K
  • 154
  • 457
Superuser
Superuser
2,976 Views
Message 2 of 12
Flag for a moderator
Helpful Answer

Re: DocuSign

If you were not expecting a contract then treat with extreme caution and investigate appropriately.

DocuSign is a company and the email received via them should contain details about the sender from whom you expected to receive a contract; there should be no need to click any links to the sender's information. Should you choose to proceed with the electronic signature process then make sure you understand the implication of doing so.

 

  • 4.52K
  • 140
  • 341
Moderator
Moderator
1,423 Views
Message 3 of 12
Flag for a moderator

Re: DocuSign

Hi Beechdale39 and welcome to the community.

 

Thanks for posting your query here with us. It looks like 用心棒 has already given you some great advice.

 

Our email security team are also available at http://netreport.virginmedia.com/netreport/ if you have any queries around possible spam with potential spam mail often flagged on this site.

 

Hope this helps and if you have any further queries please don't hesitate to get back in touch.

 

Regards

Stephen_B
Community Moderator

The do's and don'ts. Keep the community welcoming for all. Follow the house rules


0 Kudos
Reply
  • 3
  • 0
  • 1
arjibarji
Tuning in
736 Views
Message 4 of 12
Flag for a moderator

Re: DocuSign

I received one of these. There is no way of telling that it is genuine. It has all the hallmarks of a phishing scam. I called up customer service, as there is no way to contact anyone in VM about this. The man who dealt with my call was unable to understand my concerns and all he could tell me was (a) you can ignore it, because it is just confirmation of a revised contract and (b), VM are perfectly satisfied that this is not a scam. I could not believe that he thought I was asking him whether he was satisfied. 

The first thing I did was check with DocuSign and their wesbite makes clear that if you are not expecting something like this, you should not click on anything in it.  Then I tried to communicate with VM and it is almost impossible as this does not fit into any of the categories for scripted answers. It seems that everyone we can access in VM is a layperson reading from a pre-prepared script. I tried complaining, but the poor chap on the phone could not even begin to comprehend the problem.

The problem is that there is no mention of DocuSign on the VM website. The operator with whom I negotiated the contract change never said that a DocuSign email would be sent. He did tell me that VM would email, and they did that already. So, this DocuSign email that does not originate from a VM address and contains lots of active content and links to non-VM sites is obviously a scam. If VM were using the DocuSign service, they would have told me in advance and there would be something in the email that confirmed their identity to me. They would certainly not send me something that did not need me to click on the active links if I did not need to. VM would not operate in such a sloppy and unprofessional manner, surely?

(Of course, a similar thing happens when VM phone people up to offer contract changes. They ask me some security questions, but they cannot identify themselves. It is amazing that they think we should just accept they are who they say they are simply because the say they are legit. Does no one in VM have any idea about security?)

The biggest joke about this is that the operator on the phone who was trying to allay my fears about DocuSign spoke to his Supervisor, and came back to me to say, "it is OK, you can tell it is from us because it says 'The Virgin Media Team' in the email". So, that is the extent of the VM idea of security. If ever you receive an email from anyone that is signed 'The Virgin Media Team', then you have cast iron proof that it is secure and you can click on the links in it and enter you account details. Yeah, right.

Sorry, Virgin Media, but this is a completely useless response. You are not taking your customer's security seriously. Please think about this.

  • 3.51K
  • 202
  • 981
Sololobo
Wise owl
725 Views
Message 5 of 12
Flag for a moderator

Re: DocuSign

See this thread: http://community.virginmedia.com/t5/Security-matters/Docusign-email/td-p/3130480/highlight/true for historical discussion on the same subject.

Note post number 6:

I'm going to ask the @ForumTeam to respond, but I will say that as Ben works for Virgin, I'd be suspicious of the mail.

However Docusign themselves appear to be a legitimate company.

Here's their advice

https://trust.docusign.com/en-us/personal-safeguards/fraudulent-email-websites/

If the email doesn't have a security code then it's not genuine.  Even if it does appear to have one You should go directly to the Docusign site by entering the address manually in your browser and then paste in the security code.

and post number 11

While it's nice to know this is actually a genuine email - I have to say I'm really not happy with the format!!

One of the things users are regularly taught is "Don't click links in suspicious emails", there is no hint of an address a user can go to directly instead, there are only graphics links - were I a scammer interested in scamming Virgin customers this email would provide me the perfect opportunity to launch a phishing campaign.

If you read the link I provided, Docusign themselves say that emails for their documents should contain a code so that users can go directly to Docusign and paste in the code, if they don't trust the link in the email.

Please feed this back to the team responsible.

It appears that nothing has changed from June 2016. Smiley Sad




It's What I Do.
I Drink and I
Remember Things.
0 Kudos
Reply
  • 1.42K
  • 154
  • 457
Superuser
Superuser
718 Views
Message 6 of 12
Flag for a moderator

Re: DocuSign

arjibarji, far better you raise this issue via a new post rather than resurrecting a post marked solved by the original poster 10 months and 20 days ago so it gets the attention it deserves.

0 Kudos
Reply
  • 1.42K
  • 154
  • 457
Superuser
Superuser
713 Views
Message 7 of 12
Flag for a moderator

Re: DocuSign

Sololobothat this issue is ongoing still is shameful and users will need to seek their own remedy by forward the email to spam@docusign.com to confirm its authenticity.

0 Kudos
Reply
  • 13.63K
  • 719
  • 4.72K
Superuser
Superuser
692 Views
Message 8 of 12
Flag for a moderator

Re: DocuSign

@ModTeam

I've raised the issue of the Docusign emails before.  I am now sure they are genuine, having received one myself when I changed my contract.  But sadly it's evident that some of my concerns were not addressed.

  1. The format of the Emails is childish with lots of pictures describing what to do.
  2. Docusign allows you to go to their site and enter the document number manually, yet your Emails make no mention of this method being available.

@arjibarji If you've recently negotiated a contract or change of contract with Virgin Media, then yes they do use Docusign to obtain an electronic signature from yourself.

The Modteam can ask the Forum Team to check if such a mail has been sent out, although my other concern is that 1st line support should have the tools to check if this is the case anyway.  Certainly when someone calls in with a concern like this phone support should be able to give a definitive yes no answer as to

  1. Was the email sent out?
  2. The date and time it was sent.

Armed with this knowledge you should have been able to definitively determine whether it was genuine or not by now.

Tim

@用心棒 - I've flagged this to the mod team so they will get someone to take another look at this thread.  But yes ideally it should have been a new thread.

@arjibarji - On your comment regarding VM phoning up to offer new contracts, even though they have a good idea of who they are phoning they are still obligated to take reasonable steps to ensure that the person they are talking to is, in fact, the account holder.  I face a similar situation in my job (with a different company), while people should be aware that we should be calling them, some people didn't get the memo, yet the only information I can give that proves beyond a shadow of a doubt that we are genuine, is the information I can't give until the person has completed the security check.

For example, we use DOB to do this and I have had the response, "Well you tell me what you've got and I'll tell you if it's right." However, the DOB is part of a person's confidential information, so I can't reveal it to the person I'm speaking to, and indeed if it doesn't match we can't continue.

It's a sad indictment on today's world that we have to have these checks at all.  I take the concept of honesty very seriously, and to me, even though I understand the cautious approach demonstrated by some people, and indeed welcome it.  It nonetheless does hurt to effectively have my integrity questioned by these people.

Tim

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply
  • 3
  • 0
  • 1
arjibarji
Tuning in
674 Views
Message 9 of 12
Flag for a moderator

Re: DocuSign

@Tim

Thanks for this. You sound like a very reasonable person. But I remain dissatisfied. On the point about the electronic contract being sent, first, I do not see the point of having to spend 20 minutes on the phone just to determine the legitimacy of the email. It would have been far easier if VM followed DocuSign's explicit guidance in how to use DocuSign. There are clear guidelines that are set out unambiguously in order to reassure users. VM are making it look as though this is a phishing scam. They are not interested in what it looks like, though. Why would they behave in such an off-hand way? Second, the VM operator told me clearly that this whole digital signing process is unnecessary and can safely be ignored. So why are we being sent round in circles on this? VM might have the resources to burn in dealing with this nonsense, but I have not.

On the issue of cold-calling and asking for my credentials, this is wholly unnecessary. Just drop the user an email and ask them to call back on a number that they can look up on your website. If they are already your customer, they have a way to contact you that they can be fairly confident about. I am sorry of you feel hurt by people questioning your integrity when they cannot be sure that you are who you say you are. If they do not know that it is you, it is not you they are doubting. It is the mass of strangers who can simply pick up the phone and masquerade as being legit. I can't believe that you would take this personally. It is not you they are talking to because you have cannot give them any credentials to identify yourself. I think I should be the one who feels hurt. VM have my credentials. They know exactly who I am when they call me, because they provide the phone line. (Except that they insist on calling my at work, even though I keep asking them not to, but that is another issue. Why can they not even use the line they rent to me?) But I do not know it is them calling. And, while they have, rightly, set up security questions for them to check who I am (which questions my integrity, too, incidentally), they have not agreed to provide any security checks for me to check who is calling. It is madness setting up such a gaping hole in their security. Why don't people who run this kind of thing take seriously their own security needs, and mine!

You know, the MOST annoying and stupid thing about this whole sorry episode... the original caller, who I would not talk to, was contacting me to ask my permission to reduce my bill. When I called the customer service line to be sure I was talking to the right people, I found out that this great saving was ... 48p per month. What the hell? Is there no sense of value in VM? Apparently, they feel they need my permission to reduce the price a bit. Utter madness. Anyway, while I was on the line, I took the opportunity to reduce my package so that I now pay £10 per month less. Honestly, this really does seem like a farce. And, what should I expect now? Did they tell me not to bother signing the contract because it is not needed? Or are they playing games because they want to keep the £10 per month? I question their integrity as much as they question mine. What a shower.

Cheers!

Will

0 Kudos
Reply
  • 3
  • 0
  • 1
arjibarji
Tuning in
671 Views
Message 10 of 12
Flag for a moderator

Re: DocuSign

用心棒, really? Do you think this will be ignored, then? I was just trying to find some way of alerting VM to this nonsense, but this was the closest I could get. I see they are ignoring it, but would they pay attention if it were a new post? I don't think so. There is no evidence of any VM people being interested in this. Does anyone from VM follow any of these discussions?
0 Kudos
Reply