We’re seeing a new phishing attempt targeting billing teams. Attackers are impersonating “ClassLink Finance” and sending fake DocuSign links. This is not exclusive to ClassLink; these phishing tactics can be used to impersonate any vendor.
What To Know
- We do not send unexpected e‑sign requests. If an e-signature is ever needed, it will be provided by your dedicated ClassLink account representative.
- We have not changed our bank account information and do not anticipate changes. Treat any email claiming otherwise as fraudulent.
- Verify the sender’s domain every time. Watch for misspellings or non‑ClassLink domains (for example, @outlook.com or near‑miss lookalikes).
- When in doubt, call. Before making any payment or banking changes, please call your known ClassLink contact to confirm.
- Share this reminder internally with finance, procurement, and anyone who approves invoices.
Spot the Fake: Email Examples
What To Do If Targeted
- Do not click links or sign anything from an unexpected e‑sign request.
- Forward the message to security@classlink.com and contact your ClassLink rep to verify.
- If you have already taken action, please notify your bank and IT/security team immediately, and then contact us.
Thank you for staying vigilant.
— ClassLink Security Team