DocuSigns
-
Blog
DocuSign’s Envelopes API abused to send realistic fake invoices
Threat actors are abusing DocuSign’s Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal. Using a legitimate service, the attackers bypass email security protections as they come from an actual DocuSign domain, docusign.net. The goal is to have their targets e-sign the documents, which they can then use to authorize payments…
Read More »