In a recent phishing campaign, threat actors have been exploiting the APIs of legitimate e-signing services platform DocuSign to send out convincing invoices, as reported by cybersecurity firm Wallarm. This new approach deviates from traditional phishing methods by using genuine DocuSign accounts and templates to impersonate reputable companies, catching users and security tools off guard.
The campaign involves crafting special templates mimicking requests to e-sign documents from well-known brands, such as Norton AntiVirus, with fraudulent invoices featuring correct product prices to appear legitimate. These invoices may also include additional charges or instructions for direct wire transfers, making them appear even more convincing. What sets this campaign apart is the absence of malicious links or attachments, as the invoices are sent directly through DocuSign, avoiding detection by email spam filters.
As a result, the risk lies in the credibility of the request itself, making it imperative for individuals and organizations to remain vigilant against such sophisticated attacks. Reports of these malicious campaigns have been on the rise, leading to increased discussions within the DocuSign community about how to identify and prevent such attacks.
Furthermore, the research highlighted that these attacks extend beyond simply impersonating companies, with threat actors infiltrating legitimate communication channels to carry out their schemes. The automation of these attacks is made possible through the use of DocuSign APIs, such as the “Envelopes:create API,” which allows for the automated sending of documents for signing.
To combat these types of sophisticated campaigns, individuals and organizations are encouraged to implement stringent verification processes, provide phishing training for employees, and enable multi-factor authentication for sensitive transactions. By taking proactive measures to enhance security practices, users can better protect themselves against evolving cyber threats.
Overall, the abuse of DocuSign APIs in this phishing campaign underscores the importance of remaining vigilant and implementing robust security measures to safeguard against increasingly sophisticated cyber attacks. By staying informed and adopting best practices for cybersecurity, individuals and organizations can mitigate the risks associated with such malicious campaigns and protect their sensitive information from falling into the wrong hands.