Back to Documents Ready To Sign Scam

This is a version of Documents Ready To Sign Scam.

Fake DocuSign 'Your Documents Are Ready' Email Scam

This email looks like a DocuSign notice saying a document is “Completed/Approved” and ready to sign. The “DOCUMENT HERE” button sends you to nodejs.zoufejou.live, which shows a fake Microsoft sign‑in page. If you enter your work email and password, the scammers steal it and can get into your inbox and other accounts.

Fake DocuSign 'Your Documents Are Ready' Email Scam | Primary Image

What’s different in this version

These traits set this message apart from the usual pattern.

  1. Poses as a routine DocuSign notice “Your documents are ready”

  2. Sender domain is agilepro.co.il, not an official @docusign.com address

  3. Link goes to nodejs.zoufejou.live (not docusign.com)

  4. Landing page pretends to be a Microsoft 365 login to steal your password

  5. Subject uses scary payment language and long reference IDs to look official

  6. Unrelated mixed-language legal disclaimer to seem legitimate

How this scam works

  1. 1

    Step 1: An email claims a contract, invoice, or certificate is waiting for your signature.

  2. 2

    Step 2: The email includes a button like “Review Document” or “View Documents.”

  3. 3

    Step 3: The link leads to a fake login page (often Microsoft 365/Outlook or Google) on an unrelated website.

  4. 4

    Step 4: If you sign in, the scammers capture your password and may immediately try it on your email and other accounts.

  5. 5

    Step 5: Once in your inbox, they can reset passwords, read messages, and send new scams to your contacts.

✓ Do this

  • Open DocuSign or your e‑signature account by typing the official website address yourself (e.g., docusign.com).
  • Call or text the sender using a number you already know to confirm they sent the document.
  • Hover over links to check the real web address before clicking. It should match the real service (e.g., docusign.com).
  • Turn on two‑factor authentication (2FA) for your email and work accounts.
  • Report suspicious emails to your IT/help desk or email provider.
  • If you clicked and entered a password, change it immediately and sign out all sessions.

✗ Avoid this

  • Don’t open unsolicited documents or links.
  • Don’t click “Review” or “Sign” on unexpected emails, especially for payments or certificates.
  • Don’t enter your password on a page you reached by clicking a link in an email.
  • Don’t trust senders whose email ends in the wrong company domain (for example, not @docusign.com).
  • Don’t ignore small web address changes (e.g., random domains like example.live or misspellings).

Verbatim excerpts from the scam

Exact lines from emails or messages—searchable text so you can compare wording.

  1. 1 Excerpt 1
    From: eDocument|eSign|info-donotreply...@agilepro.co.il Subject: Completed: Approved Confirmation Payment Certificate: Sign and Return
  2. 2 Excerpt 2
    DocuSign Your documents are ready. DOCUMENT HERE
  3. 3 Excerpt 3
    Mixed German/English disclaimer mentioning “Hammerbacher GmbH” (not related to the recipient)