Hello,

A small section of Zoho Sign users reported receiving a phishing email with the subject line  Pending Confirmation for a Digital Signature Request to <name> starting 07:00 European Time on 29th August. Similar isolated incidents were also reported in the previous weeks where emails purporting to be sent from Zoho Sign and/or other Zoho services were received by users.

Across these phishing emails, those who clicked on the 'Start Signing' button were redirected to fake websites such as  zohosignature.com, zohosignatureportal.com, zoho.page, zoho.notifications, and other similar domains claiming to represent Zoho. These pages then prompted visitors to enter their Zoho login credentials. As soon as our users reported these attempts to us, we alerted our abuse team to investigate this. Upon confirming that these were indeed phishing attempts, the abuse team immediately contacted the domain registrars and took these fake websites down. Users who reported this attempt were also recommended to reset their Zoho credentials if they had entered it in the fake websites.

These emails were certainly not from Zoho Sign. Do not click on the links in such emails, nor share your login credentials if asked. Please be vigilant and do not engage further if an email contains links to domains you do not recognize or have not seen before. When prompted to enter your Zoho credentials, always check if the URL contains *.zoho.com for US/*.zoho.eu for EU/*.zoho.in for India, or other custom domains you have configured and trust, and only then enter them to log in. Always use a unique, strong password and enable two-factor authentication for each application or service you use online. If you receive any such suspicious email in the future, please forward it immediately to  abuse@zohocorp.com. We will analyze those emails on priority and suggest you with the steps to be followed next.

For a list of best practices to combat these attacks and ensure data security & privacy, refer to our help documentation.

Thanks,

Sai Anand