GTP
Well-Known Member
- Reaction score
- 9,979
- Location
- Adelaide, Australia
Ran into a new scam format today that’s worth a heads up. A jumbled arrangement of Microsoft, parcel tracking, billing and landscaping?
Crafted to look like a DocuSign document invitation, but with mixed Microsoft 365 and Dynamics 365 branding.
The email is well crafted, clean layout, blue buttons, corporate style footer - but a few tells gave it away:
Sender: notification-docusign at anchorautogroup dot cc, (Not a real DocuSign domain, .cc is a dead giveaway.)
Main links:
“Open” → https://a*p-doc*-updt.cli*k/...
“Share” → same domain
Both resolve to a fake document login page, likely credential harvesting.
Footer:
Claimed to be “generated through Oriole Landscaping’s use of Microsoft 365” some random small-business name to create an illusion of legitimacy.
Unsubscribe link: is actually a legitimate Microsoft Dynamics Marketing URL, probably copied from a real email template to pass spam filters.
It’s a clever mash-up blending DocuSign, Microsoft 365, and small business branding into one message to sidestep the usual visual red flags.
Broken images (“Share image”) because Evolution is set to not display images.
Crafted to look like a DocuSign document invitation, but with mixed Microsoft 365 and Dynamics 365 branding.
The email is well crafted, clean layout, blue buttons, corporate style footer - but a few tells gave it away:
Sender: notification-docusign at anchorautogroup dot cc, (Not a real DocuSign domain, .cc is a dead giveaway.)
Main links:
“Open” → https://a*p-doc*-updt.cli*k/...
“Share” → same domain
Both resolve to a fake document login page, likely credential harvesting.
Footer:
Claimed to be “generated through Oriole Landscaping’s use of Microsoft 365” some random small-business name to create an illusion of legitimacy.
Unsubscribe link: is actually a legitimate Microsoft Dynamics Marketing URL, probably copied from a real email template to pass spam filters.
It’s a clever mash-up blending DocuSign, Microsoft 365, and small business branding into one message to sidestep the usual visual red flags.
Broken images (“Share image”) because Evolution is set to not display images.
Last edited: