As phishing emails are becoming more advanced, a new trend is targeting people involved in conferences — especially speakers and attendees whose names are shared publicly. Attackers are using publicly available conference information to send realistic-looking phishing emails. One common tactic is sending fake DocuSign emails, since DocuSign is a widely used tool for electronic signatures. Below is an example of a phishing attempt targeting a Lab employee who was listed as a speaker for an upcoming conference.
Example of public conference website where attackers can find information
Attackers are using publicly available information to craft phishing messages that appear more realistic and targeted. In these campaigns, the phishing email is sent via DocuSign and addresses the recipient by name, referencing their participation in an upcoming conference.
DocuSign is widely recognized and commonly used for collecting sensitive information such as electronic signatures—often in legitimate contexts like loan agreements or business transactions. By leveraging the credibility of DocuSign, attackers make their phishing attempts seem trustworthy and convincing.
Below is an example of a phishing email you might receive. Notice how it references a specific conference to create a sense of familiarity and urgency.
Example Docusign email
This type of phishing attempt can be difficult to detect, especially if you’re actually attending the referenced conference. It may seem perfectly reasonable to receive a follow-up request for additional information. The message typically asks the recipient to provide basic contact details—and in some cases, credit card information—through an attached form.
However, the form is not legitimate. It’s a tool used by attackers to collect sensitive information for fraudulent purposes. Below is an example of such a form, which combines several convincing elements—reference to a real conference, the familiar DocuSign platform, and well-timed delivery—to create a highly believable phishing attempt.
Example of fraudulent form sent from attackers
Unfortunately, this tactic has successfully fooled many professionals—including some of our own colleagues. The use of a trusted platform like DocuSign, paired with a personalized and timely request, makes the phishing email appear legitimate at first glance. To protect yourself and others, it’s essential to stay informed and remain cautious when responding to the unexpected.
Steps to Stay Safe
- Legitimate conference organizers will not ask for payments through online document services like DocuSign. If you receive an email requesting credit card details in this way, it is likely a scam.
- If you’ve already submitted credit card information through a suspicious form, act quickly. Contact your credit card provider immediately and cancel the card to prevent unauthorized charges.
- Always verify before you act. If you receive an email related to a conference that seems unusual or asks for sensitive information, confirm its legitimacy. Contact the conference organizers directly through an official website or a known contact.
- When in doubt, reach out to the Lab’s security team at security@lbl.gov for guidance. They can help determine whether the message is a legitimate request or part of a phishing attempt.
As phishing tactics grow more sophisticated, staying alert is your best defense. Always double-check unexpected requests—especially those involving sensitive data—and report anything suspicious. Together, we can reduce the risk of falling victim to these attacks.
in the bottom right or navigate to