Windows Analysis Report
FW Expiration Pending Support Care HIPAA Acknowledgement Form 2024.eml

{
    "explanation": [
        "The email claims to be from DocuSign but uses a suspicious security code format and urgent expiration timeline to create pressure",
        "The sender's domain 'docusign.net' attempts to look legitimate but the overall formatting and structure differs from genuine DocuSign emails",
        "The email contains multiple tracking links and suspicious URLs masked as legitimate DocuSign resources"
    ],
    "phishing": true,
    "confidence": 9,
    "generated_by_ai": false
}

{
    "date": "Mon, 25 Nov 2024 18:09:11 +0000", 
    "subject": "FW: Expiration Pending: Support Care HIPAA Acknowledgement Form 2024", 
    "communications": [
        "External Sender:\n\nSee below. Phishing email.\n\n\nArmando Villanueva\nFinance\nMain: 562-677-4940<tel:562-677-4940>\nE: armando.villanueva@24hrcares.com<mailto:armando.villanueva@24hrcares.com>\nW: www.24hrcares.com<https://www.24hrcares.com/>\n200 N. Pacific Coast Hwy | Suite 300 | El Segundo, CA 90245<https://goo.gl/maps/R2y2UQyNtSWd9BkF7>\n\n", 
        "From: DocuSign NA3 System <dse_NA3@docusign.net>\nSent: Sunday, November 24, 2024 1:23 AM\nTo: Armando Villanueva <armando.villanueva@24hrcares.com>\nSubject: Expiration Pending: Support Care HIPAA Acknowledgement Form 2024\n\n\n[EXTERNAL EMAIL: Do not click links or open attachments unless you trust the sender]\n[https://NA3.docusign.net/Member/Image.aspx?i=logo&l=122a3750-6640-4778-a779-170a9d8c35bb]\n[https://NA3.docusign.net/member/Images/email/docInvite-white.png]\nHR Compliance sent you a document to review and sign.\n\n      REVIEW DOCUMENT       <https://na3.docusign.net/Signing/EmailStart.aspx?a=52a62e08-52ab-4deb-9961-052cba101116&etti=24&acct=07df84b5-c8f5-4e7f-a831-b605f464f6f9&er=4156e787-bddd-48bf-b932-5329c6a60a23>\n[Picture of HR Compliance]\nHR Compliance\ncompliancehub@24hrcares.com<mailto:compliancehub@24hrcares.com>\nHello,\n\nAt your earliest convenience, we ask that you review the 24 Hour Home care HIPAA training Guidebook and sign the acknowledgement form to update your records. Thank you!\n24 Hour Home care\n\nExpiration Pending: This document will expire on December 24, 2024 | 15:59.\nPowered by\n[Docusign]\n\nDo Not Share This Email\nThis email contains a secure link to Docusign. Please do not share this email, link, or access code with others.\n\nAlternate Signing Method\nVisit Docusign.com, click 'Access Documents', and enter the security code:\n52A62E0852AB4DEB9961052CBA1011163\n\nAbout Docusign\nSign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management(tm).\n\nQuestions about the Document?\nIf you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly.\n\nStop receiving this email\nReport this email<https://protect.docusign.net/report-abuse?e=AUtomjpFak9GlbPL0zFFi13mjGRoeatllTAFSt9Ec8VNeWeEshJ51i3qgAgwdSl_hHeGPq7fTPm1lgB8Kc-epl4rmN2S4rHZnzyGocNxUxoQrWHUEJ_Jan6p_gGNdbaNQycKcKlGlR7ELH3SXQUcn9Da5rPZxC8qa5_8oktPTnIrug_V5IR97iNc48vPMcSxwFf4pCF7ON_lOOhUYeqxmSpqlJDjEDN68fVeMlR3gUy609DkAFzAqtf19y51SIbknQ01tlM39pT-CreRo6SCnrD85eHARI9QOuRwAAU6DGvbNXnyO4C2oHW30PXD9qXtfAiNvVhMzNmZyMxVhBWXLS0EvNSmtpRFKw86fzGpGZ23JS6s2jLWxjETljmim0TLIkzZeWVzhuIGEDrFzf_wXyR4k4ybgZ7lzf-zz_ItoqTj5pV8Sbh7YEHN-_pRpz3Lv5NdNjwKuCIynoFn1lbPkck&lang=en> or read more about Declining to sign<https://support.docusign.com/en/guides/Declining-to-sign-DocuSign-Signer-Guide> and Managing notifications<https://support.docusign.com/en/articles/How-do-I-manage-my-email-notifications>.\n\nIf you have trouble signing, visit \"How to Sign a Document<https://support.docusign.com/s/articles/How-do-I-sign-a-DocuSign-document-Basic-Signing?language=en_US&utm_campaign=GBL_XX_DBU_UPS_2211_SignNotificationEmailFooter&utm_medium=product&utm_source=postsend>\" on our Docusign Support Center<https://support.docusign.com/>, or browse our Docusign Community<https://community.docusign.com/esignature-111?utm_campaign=GBL_US_PRD_AWA_2405_CommunityCTA&utm_medium=email&utm_source=postsend> for more information.\n\n[https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/icon-download-app.png]Download the Docusign App <https://www.docusign.com/features-and-benefits/mobile?utm_campaign=GBL_XX_DBU_UPS_2211_SignNotificationEmailFooter&utm_medium=product&utm_source=postsend>\n\nThis message was sent to you by HR Compliance who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request.\n\n"
    ], 
    "from": "Armando Villanueva <armando.villanueva@24hrcares.com>", 
    "to": "24HR IT HelpDesk <ithelp@24hrcares.com>", 
    "attachements": [
        "image001.png"
    ]
}

{
  "contains_trigger_text": true,
  "trigger_text": "REVIEW DOCUMENT",
  "prominent_button_name": "REVIEW DOCUMENT",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false
}

{
  "brands": [
    "Docusign"
  ]
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://na3.docusign.net

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://docusign.net