Most of us sign documents online without thinking twice. A quick DocuSign request appears in your inbox. You click the link, review the document and move on with your day. That convenience is exactly what scammers rely on. Recently, we received a message from a CyberGuy reader that shows how convincing these scams can look. In this case, the email appeared to come from a health licensing authority and asked the recipient to review a document tied to a professional license renewal.

Here is the email we received from Susie, a registered nurse in Florida who nearly fell for the scam.

“I am a Registered Nurse, and my bi-annual renewal is approaching. Last month, I received a surprising (at least to me) email with a document to DocuSign from the state Board of Health. It didn’t feel right, even though I have used DocuSign multiple times in the past. Those experiences were known transactions. I contacted the state board, and they confirmed that it IS a SCAM. I sent them screenshots, etc. and reported the message for phishing. I want to thank you, Kurt, because it was thanks to you that I questioned the veracity of this outreach. Reading the articles and tips you provide saved me a great deal of trouble. Thanks again, and all you nurses out there renewing your license, be wary.” – Susie C, Orlando, FL

Susie did exactly what security experts recommend. She paused and verified the message before clicking anything. That one step likely prevented a phishing attack.

SCAMMERS ARE USING DOCUSIGN EMAILS TO PUSH APPLE PAY FRAUD
 

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter

What the suspicious DocuSign email looked like

Susie also shared a screenshot of the message she received. At first glance, the email looks familiar. The blue layout resembles real DocuSign notifications. There is even a large yellow Review Document button. But one detail stood out immediately.

The email address sending the message was:
info.florida-department-of-health-email-notification@cc.ncu.edu.tw

That address has nothing to do with a U.S. state health department. 

Why DocuSign scams work so well

DocuSign is used by millions of businesses and government agencies. Because people expect these requests, they often click without hesitation. Scammers exploit that habit. A typical DocuSign phishing email tries to create urgency. It may claim a license renewal, a contract update, or a payroll form requires immediate action. Once you click the button, several things may happen:

• You may land on a fake login page designed to steal your email password.
• The site may prompt you to download a malicious file.
• The link may redirect you to several phishing pages.

In many cases, the goal is simple. Attackers want your email credentials so they can take over your account or launch more scams.

10 WAYS TO PROTECT SENIORS FROM EMAIL SCAMS
 

Red flags in the DocuSign scam email

A few warning signs can help you spot a fake request quickly.

Suspicious sender address

Always look closely at the sender’s domain. Government agencies rarely send messages from foreign academic domains like .edu.tw. That alone signals something is wrong.

Unexpected documents

Legitimate DocuSign requests usually follow a known interaction. For example, a contract you discussed or paperwork you expect. An unexpected document should always raise questions.

Pressure to act quickly

Many phishing emails include language that urges immediate action. The goal is to stop you from thinking. Take a moment before clicking any button.

Generic document descriptions

The message shown in the screenshot simply states that a document is ready to review. It provides no real context or explanation. Legitimate documents often include details about the transaction.

How clicking the link could compromise you

Many people assume they will recognize a fake page. In reality, phishing sites look very convincing. Some scams even use cloned DocuSign pages. Once victims enter their credentials, attackers gain access to their email accounts.

From there, criminals can:

• Reset passwords for financial services
• Send phishing emails to contacts
• Search inboxes for sensitive documents

In healthcare professions, that risk can also expose licensing information or patient-related communications.

APPLE APP PASSWORD SCAM EMAIL WARNING
 

Ways to stay safe from DocuSign phishing scams

Fortunately, a few habits can dramatically lower your risk.

1) Verify the request separately

If a document claims to come from a government agency or employer, contact them directly using a known phone number or website. Never use the contact information inside the suspicious email.

2) Hover over links before clicking

Move your cursor over the button and check the destination link. If the URL looks unfamiliar or unrelated to DocuSign, do not click it.

3) Don’t click links and use strong antivirus software

If an email seems suspicious, do not click the link or open any attachment. Strong antivirus software can help block malicious downloads, warn you about dangerous websites and catch threats before they spread across your device. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

4) Use a data removal service

Scammers often gather personal details from data broker sites and public records to make phishing emails seem more believable. A data removal service can help reduce your exposed information online, which may make it harder for criminals to target you with convincing messages. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.  

5) Access documents through official accounts

If you regularly use DocuSign, sign in directly at the official website and check your pending documents there. That approach avoids email traps entirely. 

6) Report phishing attempts

Forward suspicious messages to your organization’s security team or the Federal Trade Commission phishing reporting system at ReportFraud.ftc.gov. The FTC also advises forwarding phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org. Reporting scams helps protect others from the same attack.

Kurt’s key takeaways

Scams succeed because they blend into everyday routines. Signing documents online has become normal for work, healthcare licensing and financial paperwork. That convenience also gives criminals a perfect disguise. Susie’s story shows how a small moment of doubt can stop a phishing attack before it begins. A quick call to the licensing board revealed the truth. The message was never legitimate.

Now the question is one every reader should consider. If a DocuSign email arrived in your inbox right now, would you notice the warning signs before clicking the button? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter 

Copyright 2026 CyberGuy.com.  All rights reserved.  
 

You swipe your card and enter your PIN. You grab your cash and head out the door. It feels routine and secure. Most of us never give it a second thought. However, some ATMs are quietly being turned into cash machines for criminals.

The Federal Bureau of Investigation recently issued a cybersecurity alert about a rise in malware attacks targeting ATMs. These incidents are known as jackpotting attacks. In simple terms, hackers force machines to spit out money on command.

The numbers are growing. Since 2020, nearly 1,900 attacks have been reported. More than a third occurred just last year. In 2025 alone, losses have already exceeded $20 million. So what is really happening inside these machines, and why is the threat accelerating now?

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

HOW DEBIT CARD FRAUD CAN HAPPEN WITHOUT USING THE CARD
 

How ATM jackpotting attacks work

This is not a Hollywood hacking scene. In many cases, attackers use generic keys to open the ATM’s maintenance cabinet. Once inside, they remove the storage drive. Then they load malware onto it or swap it with a compromised one.

After rebooting the machine, the malicious software takes control. One of the most widely used tools is a malware strain called Ploutus. It targets software known as XFS, which ATMs use to communicate with bank networks and authorize transactions.

Instead of asking the bank for permission, the malware overrides that process. It sends its own commands to the machine. The result? The ATM dispenses cash without a card, without an account and without a legitimate transaction. That is jackpotting.

Why are so many ATMs vulnerable?

Here is the uncomfortable truth. Many ATMs run on aging versions of Windows. Some machines have even displayed Windows 7 login screens. That operating system was released in 2009 and officially discontinued years ago.

Outdated software creates opportunity. If attackers find a vulnerability in the Windows operating system, they can exploit it across different ATM brands and financial networks. The FBI says these attacks are not tied to one specific bank or ATM manufacturer. Instead, they target common weaknesses shared across systems.

That makes the problem much bigger. And with hundreds of thousands of ATMs deployed across the U.S., upgrading and securing every machine will take time.

FEDS CHARGE 87 INDIVIDUALS IN MASSIVE ATM ‘JACKPOTTING’ OPERATION LINKED TO TREN DE ARAGUA GANG
 

What banks are being told to do

The FBI has outlined several defensive steps for financial institutions:

• Monitor ATMs for unauthorized files and suspicious executables
• Disable USB ports to prevent malware loading
• Replace generic locks with keypad systems
• Add secondary alarms and enhanced physical security

These are practical fixes. But rolling them out nationwide is a slow process. Meanwhile, attackers continue to look for weak targets.

Why this still matters to you

You might be thinking this sounds like a bank problem, not a personal one. Technically, consumers are not the direct victims in these cases. Unlike Bitcoin ATM scams that have cost individuals hundreds of millions, jackpotting attacks hit financial institutions. However, there is a ripple effect.

When banks lose money, insurance companies pay claims. Eventually, those costs show up somewhere. Higher fees. Increased service charges. Stricter policies. In the end, everyday customers absorb the impact. Cybercrime rarely stays contained.

HOW TO SAFELY VIEW YOUR BANK AND RETIREMENT ACCOUNTS ONLINE
 

How to protect yourself when using ATMs

While ATM jackpotting attacks primarily target banks, you can still take smart steps to protect yourself when using cash machines.

1) Use ATMs in well-lit, secure locations

Choose machines inside bank branches or in busy areas with foot traffic. These locations are more likely to be monitored and maintained.

2) Avoid late-night or isolated ATMs

Criminals need physical access to tamper with machines. High traffic areas during regular business hours reduce that risk.

3) Watch for unusual ATM behavior

If a machine suddenly reboots, freezes or behaves strangely, stop immediately. Do not insert your card. Report the issue to the bank right away.

4) Look for signs of tampering

Check for loose panels, exposed wiring or unusual attachments near the card slot or keypad. If something looks off, use a different machine.

5) Cover the keypad when entering your PIN

Shield your PIN with your hand as you type. This protects you from hidden cameras and shoulder surfers who may try to capture your code.

6) Set up real-time transaction alerts

Enable text or app notifications for withdrawals and account activity. Instant alerts help you act quickly if anything unexpected appears.

7) Check your bank statements regularly

Even though jackpotting bypasses customer accounts, fraud tactics evolve. Review your transactions often so you can catch unauthorized charges early.

8) Consider identity theft monitoring

Identity theft protection services can provide alerts about unusual financial activity across your accounts. Think of it as an added layer of awareness rather than a fix for ATM malware. See my tips and best picks on Best Identity Theft Protection at Cyberguy.com.

9) Use contactless or in-app ATM withdrawals

Many banks offer cardless access through secure mobile apps. This reduces exposure to skimming devices and physical tampering.

10) Keep your banking app updated

Install updates promptly to ensure you have the latest security patches and protections.

Staying alert lowers your risk and reinforces good habits, even when attackers are targeting financial institutions rather than individual customers.

Kurt’s key takeaways

ATM jackpotting attacks reveal something important. Even familiar machines can hide modern vulnerabilities. Most of us rarely think about the software running inside a cash dispenser. Yet those systems rely on the same operating foundations as home and office computers. When they fall behind on updates, criminals notice. The FBI alert is not a reason to panic. It is a reminder that digital security touches nearly every part of daily life, even the simple act of withdrawing cash.

How much trust do you place in the technology you use every day without ever seeing how it works? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com.  All rights reserved.