DocuSign is a great and efficient way to obtain authentic signatures for contracts and invoices. As with other efficient tools, threat actors will and have found a way to use the DocuSign API to send fake invoices to divert funds.

According to security researchers at Wallarm, “Unlike traditional phishing scams that rely on deceptively crafted emails and malicious links, these incidents use genuine DocuSign accounts and templates to impersonate reputable companies, catching users and security tools off guard.”

Because the threat actors use the authentic API, tools being used to stop malicious emails are bypassed, allowing the email to reach the recipient. The invoice sent through the account looks authentic and the user signs it. Then the threat actor is able to use the signed invoice to request payment from the finance department, and the finance department has no idea that the invoice is fake.

Wallarm states “Over the past five months, user reports of such malicious campaigns have noticeably increased and DocuSign’s community forums have seen a surge in discussions about fraudulent activities. This thread is one example: Phishing Emails from docusign.net Domain. These user reports highlight a worrying pattern: attackers are not just impersonating companies, but are embedding themselves within legitimate communication channels to execute their attacks.”

The attackers are not just using DocuSign, but include other platforms that facilitate the signing of documents, invoices, and contracts. Wallarm’s post provides various mitigation tips to avoid these scams. Staying abreast of new scams will help protect us personally, and help protect our businesses. Companies may wish to educate their employees on this scam to avoid becoming victims.