DocuSign's Envelopes API abused to send realistic fake invoices
Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal.
Using a legitimate service, the attackers bypass email security protections as they come from an actual DocuSign domain, docusign.net.
The goal is to have their targets e-sign the documents, which they can then use to authorize payments independently from the company's billing departments.
"If users e-sign this document, the attacker can use the signed document to request payment from the organization outside of DocuSign or send the signed document through DocuSign to the finance department for payment," explains Wallarm security researcher.
See more: https://www.bleepingcomputer.com/news/security/docusigns-envelopes-api-abused-to-send-realistic-fake-invoices/
#cybersecurity #docusign #phishing