Cybercriminals Exploit DocuSign’s API to Send Authentic-Looking Fake Invoices
by Justin Erickson
Cybercriminals are abusing DocuSign’s Envelopes API to send realistic fake invoices that bypass traditional email security filters. Exploiting the trusted platform, attackers create invoices that appear authentic, increasing the chance of recipients mistakenly authorizing payments. When a recipient signs a fake invoice, attackers can then make direct payment requests outside of DocuSign, posing a financial risk for organizations. DocuSign has addressed that they are working to increase their prevention tactics and monitoring but refrained from giving specifics to protect their security.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)