Scammers are sending fake DocuSign emails that appear to show charges from major companies, including Apple, in an attempt to catch users off guard.
Just about everybody on the AppleInsider staff is receiving messages that look like billing receipts for recent Apple Pay purchases. The email claims a subscription has been charged to your account and includes a phone number to call if it wasn’t you.
Don’t call it. Don’t click on anything.
That number doesn’t go to Apple. It connects you to scammers posing as support agents.
This message in particuilar uses Apple’s branding and is framed as a DocuSign alert. It includes a fake order ID, a charge total, and language meant to create urgency. The entire setup is designed to get you to react quickly and call.
In other examples, the charge is often for something recognizable, like a Netflix subscription. But, almost always, the emails say that the payment went through Apple Pay and that a document is ready to view on DocuSign.
The email may include a security code to “access” the file, which helps make it look more official. That alone is a red flag, and another is the support number. In about six examples we’ve seen spanning several different services, scammers used 1-804-390-9231.
The sender name may also contain odd characters, like a Cyrillic “B” in “Billing,” to evade spam filters and make the email harder to block.
How the scam works
Calling the number connects you to someone pretending to be Apple Support. Or, it could be from whatever company whose product you use.
We’ve seen so many of these. We’ve gotten phishing emails from Netflix, Apple, a lawn service company, Expedia, and so many more. They may say your account was compromised or that the charge needs to be reversed.
From there, they might ask for personal details, passwords, or remote access to your device. Some demand payment to “secure” your account.
Once they gain access, they can lock you out, steal information, or initiate fraudulent transactions. You can often spot the scam by checking a few key details.
- The sender isn’t from an official company domain.
- The receipt is delivered through DocuSign, which Apple, Netflix and others, don’t use.
- The message creates artificial urgency to push you into calling.
- The support number isn’t listed on the company’s website.
- The charge doesn’t show up in your App Store or Wallet history.
Legitimate billing emails won’t ask you to call a phone number. If something seems off, log into your Apple ID and check recent transactions in the Settings app on your devices.
Tips to avoid support scams in 2025
If you get one of these emails, don’t click anything or call the number. Delete the message and report it.
To report Apple-related scams, forward the email to [email protected]. If the message came through DocuSign, send it to [email protected].
To verify any real charges, open the App Store or Wallet app on your device. You can also check your account directly at support.apple.com.
Scammers often target Apple users because of the trust built around Apple services and branding. Combining that with DocuSign, which is commonly used for secure documents, makes the scam more believable.
These attacks aren’t limited to Apple. Scammers regularly use DocuSign to impersonate other trusted companies, including banks, insurance providers, and delivery services. They may send fake invoices, legal documents, and other statements meant to look like official communications.
The DocuSign brand creates a false sense of security. It helps the email get past spam filters and makes recipients more likely to open it. Even when the company name changes, the strategy is the same.
Scammers want you to click, call, or enter sensitive information so they can take control of your account.
If you’re ever unsure about a message, skip the link and go directly to the company’s official website. A quick pause can make the difference between staying safe and getting scammed.
