DocuSign's Envelopes API abused to send realistic fake invoices

Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Apr 24, 2016
7,757
6
82,472
8,389
54
The Netherlands
Content source
https://www.bleepingcomputer.com/news/security/docusigns-envelopes-api-abused-to-send-realistic-fake-invoices/
Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal.

Using a legitimate service, the attackers bypass email security protections as they come from an actual DocuSign domain, docusign.net.

The goal is to have their targets e-sign the documents, which they can then use to authorize payments independently from the company's billing departments.
Click to expand...
www.bleepingcomputer.com

DocuSign's Envelopes API abused to send realistic fake invoices

Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: Andy Ful
You must log in or register to reply here.

You may also like...