Scammers are using DocuSign emails to push Apple Pay fraud

Phishing scams are getting smarter, and one of the latest tricks involves fake DocuSign emails that appear to show charges from major companies like Apple. At first glance, these fraud messages look convincing, often including a receipt, order ID and even a support number. But instead of connecting you to Apple or another legitimate service, that number links you directly to scammers.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

DON’T FALL FOR THIS BANK PHISHING SCAM TRICK

These phishing emails pretend to be billing receipts for recent Apple Pay purchases. They typically claim that a subscription has been charged to your account and prompt you to call a phone number if you do not recognize the charge.

The emails often use well-known brands such as Apple, Netflix, Expedia, or even lawn service companies to make them seem credible. Some also include a "DocuSign" link with a security code, creating the illusion that you need to access a file to confirm the transaction.

In reality, neither Apple nor these other companies sends billing receipts through DocuSign. That detail alone is a red flag. Another telltale sign is the sender's address. It may contain odd characters, such as a Cyrillic "B" replacing the "B" in "Billing," which helps scammers bypass spam filters.

AMAZON ALERTS CUSTOMERS ABOUT IMPERSONATION SCAMS

The scam aims to catch you off guard and pressure you into acting fast. The email claims your Apple Pay account has been charged for a subscription or purchase. It includes an order ID, a charge amount, and a DocuSign link that supposedly holds a receipt or confirmation file. To make it look even more convincing, some versions add a security code to "unlock" the document.

The message also lists a phone number and urges you to call if the charge was not authorized. That number is the core of the scam. Instead of reaching Apple, Netflix or whichever company the email pretends to represent, you end up speaking with a scammer posing as a support agent.

Once you're on the call, the scammer tries to convince you that your account has been compromised or that the payment must be reversed right away. From there, the tactics vary. They might ask for your Apple ID, banking details, or card numbers. They may pressure you to download remote access software so they can "fix" the issue on your device. In some cases, they demand payment for fake account protection or reversal fees.

The end goal is always the same: gain enough access to lock you out of your accounts, steal sensitive data, or initiate fraudulent transactions. What makes these scams dangerous is how they combine multiple red flags in one message: a realistic-looking receipt, official logos, a DocuSign link, urgent language, and a phone number that appears to be the quickest way to resolve the issue.

HOW TO TELL IF A LOGIN ALERT IS REAL OR A SCAM

Scammers rely on people reacting quickly without questioning the details. The good news is that there are simple steps you can take to protect yourself. Here are five practical ways to stay safe.

Scammers often use email addresses that look close to official ones but contain subtle differences, such as extra letters or swapped characters. If the email does not come from an official domain like @apple.com, it is not legitimate.

Apple, Netflix, and other major services do not send billing statements through DocuSign. If a receipt shows up in this format, you can safely assume it is a scam. Real receipts always come directly from the service provider itself.

Be cautious with any links in suspicious emails. Scammers often mask harmful links behind text that looks legitimate, such as "View Document" or "Review Payment." Hover over the link without clicking to see the real web address. If it does not match the official company domain, do not click.

The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at CyberGuy.com.

Instead of trusting the email, confirm whether a charge actually exists. Apple users can review purchases directly from the Settings app under their Apple ID. If nothing shows up, the receipt is fake. Other services have similar ways to check history.

The less information scammers can find about you online, the harder it is for them to craft convincing attacks. Consider removing old accounts you no longer use, limit the personal details you share publicly on social media, and use data removal services when possible. This reduces the risk of your name, email, or phone number being targeted in scams like this.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.  They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.  It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

CLICK HERE TO GET THE FOX NEWS APP

Phishing scams are constantly evolving, and the DocuSign Apple Pay ruse is just one of many. The best defense is a healthy dose of skepticism. If something feels off, stop, double-check, and confirm directly through official channels. Scammers rely on panic and quick reactions. By slowing down and verifying details, you can protect yourself from falling into their trap.

Should email providers step up their filters so fewer of these messages slip through? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM.

Copyright 2025 CyberGuy.com.  All rights reserved. 

Fox News AI Newsletter: Fighter pilots take directions from AI

IN TODAY’S NEWSLETTER:

- Fighter pilots take directions from AI in Pentagon's groundbreaking test
- Google Pixel 10 event brings new phones, smartwatch, earbuds and AI
- Elon Musk's xAI sues Apple, OpenAI over AI competition and App Store rankings

MACHINE WINGMAN: For the first time, U.S. fighter pilots took direction from an AI "air battle manager" in a Pentagon test that could change how wars are fought in the skies.

STAR-POWERED TECH: Google kicked off its Made by Google event last week with blockbuster energy. Jimmy Fallon played host, bringing humor and star presence. Steph Curry highlighted how the Pixel 10 empowers creators and athletes to capture and share their stories. Lando Norris, fresh from the F1 circuit, showed off how Pixel's speed and AI enhancements fit into fast-paced lives. And the Jonas Brothers premiered a music video filmed entirely on the new Pixel 10 Pro, proving the phone's camera is ready for professional-grade production.

TECH THROWDOWN: Billionaire entrepreneur Elon Musk’s artificial intelligence startup xAI sued Apple and ChatGPT maker OpenAI in U.S. federal court in Texas on Monday, accusing them of illegally conspiring to thwart competition for artificial intelligence.

BIG MONEY MOVE: Meta Platforms, Inc., the parent company of Facebook and Instagram, is launching a new political action committee to back candidates in California who support pro-artificial intelligence policies and oppose strict regulation.

RISING CONCERNS: Artificial intelligence is developing rapidly. While some are embracing it, others are warning of the potential threats. But both sides agree the technology is changing how the world operates.

TECH SPOTTER: A missing hiker's dead body was finally found in July in Italy's rugged Piedmont region after 10 months. The recovery team credited the breakthrough to an AI-powered drone that spotted a critical clue within hours. The same process would have taken weeks or even months if done by the human eye.

FAKE CROWD FRENZY: Will Smith is facing accusations of using artificial intelligence to create a crowd in a video shared online.

TECH DEAL: Nvidia CEO Jensen Huang told FOX Business on Thursday that he is in talks with the Trump administration about selling its powerful Blackwell chip to China, saying how the global adoption of American tech could help the U.S. win the AI race.

EVOLVING ROLES: Right now, many people are worried that artificial intelligence is coming for their jobs. If you're one of them, then the recent study by Microsoft will shed some light on how AI's generative capabilities will impact your field of work. In short, some occupations are more susceptible to its influence than others.

FOLLOW FOX NEWS ON SOCIAL MEDIA

Facebook
Instagram
YouTube
Twitter
LinkedIn

SIGN UP FOR OUR OTHER NEWSLETTERS

Fox News First
Fox News Opinion
Fox News Lifestyle
Fox News Health

DOWNLOAD OUR APPS

WATCH FOX NEWS ONLINE

Fox News Go

STREAM FOX NATION

Fox Nation

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future with Fox News here.

Farmers Insurance data breach exposes 1.1M Americans

Data breaches are no longer just a problem for the tech industry. They've become a constant across every sector, from airlines to banks to fashion brands, exposing personal data and leaving customers worried about where their information might end up. Insurance companies, sitting on mountains of sensitive details, are no exception. The latest to join the list is Farmers Insurance. The U.S. insurer confirmed that more than 1.1 million customers were affected in a breach linked to the Salesforce attacks that have swept through major organizations this year, stealing customer databases and fueling a growing wave of extortion attempts.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM/NEWSLETTER 

DIOR DATA BREACH EXPOSES US CUSTOMERS’ PERSONAL INFORMATION

Farmers Insurance has confirmed a data breach impacting more than 1.1 million customers. The incident is tied to the ongoing wave of Salesforce-related cyberattacks that have hit major companies this year.

In a notice published on its website, the U.S. insurance giant said the breach occurred on May 29, 2025, through one of its third-party vendors. Farmers serves over 10 million households nationwide. It offers auto, home, life, and business insurance through a vast network of agents and subsidiaries.

"On May 30, 2025, one of Farmers' third-party vendors alerted Farmers to suspicious activity involving an unauthorized actor accessing one of the vendor's databases containing Farmers' customer information," the company wrote in its advisory.

According to the company, the vendor's monitoring tools detected the intrusion quickly, allowing containment measures to be taken. Farmers said it immediately launched an investigation, notified law enforcement, and worked to determine the scope of the breach.

The investigation revealed that the stolen data included customer names, addresses, dates of birth, and driver's license numbers. In some cases, the last four digits of Social Security numbers. Farmers began notifying affected individuals on Aug. 22, with a filing to the Maine Attorney General's Office confirming that 1,111,386 customers were impacted.

While Farmers did not publicly name the vendor involved, reports indicate that the breach is part of the larger Salesforce data theft campaign carried out by threat actors this year.

ALLIANZ LIFE INSURANCE DATA BREACH EXPOSES 1.4 MILLION AMERICANS

The Salesforce attacks have been ongoing since early 2025. Researchers attributed them to a threat actor cluster tracked as UNC6040/UNC6240. The intrusions typically begin with voice phishing (vishing) calls, where employees are tricked into approving a malicious OAuth application linked to their company's Salesforce instance.

Once connected, attackers siphon customer relationship management (CRM) databases and use the stolen data in extortion attempts. The cybercrime group ShinyHunters has claimed responsibility, according to BleepingComputer. The group claims that the attacks involve overlapping threat groups, including members of the notorious Scattered Spider gang.

"Like we have said repeatedly already, ShinyHunters and Scattered Spider are one and the same," a representative told the publication. "They provide us with initial access, and we conduct the dump and exfiltration of the Salesforce CRM instances. Just like we did with Snowflake."

The Salesforce campaign has affected a growing list of high-profile companies, including Google, Cisco, Workday, Adidas, Qantas, Allianz Life and luxury brands under LVMH such as Louis Vuitton, Dior, and Tiffany & Co.

GOOGLE CONFIRMS DATA STOLEN IN BREACH BY KNOWN HACKER GROUP

In response to CyberGuy's inquiry, a Farmers Insurance spokesperson shared the following statement:

"At Farmers, protecting our customers' information is our top priority. We recently discovered that an unauthorized third party briefly accessed a vendor's system that contained some Farmers' customer information. The incident involved only limited information from certain customers. An investigation-conducted with both internal and external security experts-found no evidence that the exposed data has been misused, nor any indication that Farmers' own systems were compromised. We are contacting affected individuals directly and are providing support resources, including complimentary credit monitoring."

If your personal information has been exposed in the Farmers data breach, take the steps below immediately to limit the damage, protect your identity, and prevent future fraud.

You can't undo the damage once hackers have accessed your data. However, you can limit the fallout by investing in a data removal service. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.  They aren’t cheap, and neither is your privacy.  These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.  It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

Your Social Security number or other sensitive data may have been exposed in the data breach. Identity Theft companies can monitor personal information, such as your Social Security Number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

Turn on 2FA for your email, banking, and insurance logins. Even if a hacker has your password, 2FA requires a second verification step, like a code sent to your phone, making unauthorized access much harder.

After a data breach, attackers often follow up with phishing emails or phone calls. They pretend to be from your insurance company or a support service. Don't click on links in unsolicited messages, and verify any claims through official channels before responding. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

Put a credit freeze on your files with Equifax, Experian and TransUnion. This stops criminals from opening new accounts in your name. It's free, easy to set up, and you can lift the freeze temporarily when needed.

Change your passwords for all important accounts. Start with email, financial, and health-related logins. Use strong, unique passwords for each account. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

Look for any signs of identity misuse, like:

Early detection makes a big difference.

If someone is misusing your identity, go to IdentityTheft.gov. This government site provides step-by-step help and generates the letters and reports you'll need to stop the fraud.

Data breaches keep hitting companies we trust, and Farmers Insurance is the latest reminder. Even when the stolen data hasn't been misused yet, the risk lingers long after the headlines fade. That's why it's so important to stay alert, protect your identity, and take simple steps now. By acting today, you put yourself in control, not the hackers.

Do incidents like this make you reconsider which companies you do business with? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com.  All rights reserved.