The NJCCIC has detected a phishing campaign targeting New Jersey employees that is crafted to obtain DocuSign login credentials. DocuSign is a service used by organizations to share, distribute, and electronically sign important documents. Commonly used in real estate transactions, compromised DocuSign credentials could pose a significant risk to both personal and financial security. This campaign delivers unsolicited emails with an HTML attachment or embedded URL that redirects users to a fraudulent DocuSign login page. As DocuSign requires an email address to log in, threat actors can easily expand the scope of their attack if a user shares the same password across multiple accounts. Email subject lines observed in this campaign include “Your DocuSign,” “Payment Confirmation,” and “New secure message.” Some phishing emails have contained an attachment titled “pdf.pdf.” The NJCCIC strongly recommends never using links provided in unsolicited emails to visit websites requiring the input of account credentials. Users who receive unexpected or unsolicited email requests from known senders inviting them to click on a link or open an attachment should always verify the sender via another means of communication before taking any action. Enable multi-factor authentication on all accounts that offer it to prevent unauthorized access as a result of credential compromise.