asane

DocuSign Envelopes API was hijacked to send fake invoices

Online Niel November 5, 2024

Hackers have discovered that they are abusing DocuSign to send phishing emails
The signed documents are used to request payment
DocuSign says it has implemented additional safeguards

Cybercriminals are abusing DocuSign’s Envelopes API to trick companies into signing fake invoices, which are then used to steal money from victims.

DocuSign is a design software platform that businesses can use to sign, send and manage documents digitally – with ‘send’ being the key word here.

New findings by cyber security researchers Wallar outline how scammers would create fake invoices and use DocuSign to send them to victims for “signature”. Because they use the platform, emails are sent directly from the DocuSign domain, appearing legitimate and bypassing any email protection services victims may have set up.

Bypassing the billing department

In the invoices, scammers impersonate major brands such as Norton or PayPal. The requested funds are also in a realistic range, giving more credibility to the campaign.

Businesses that don’t see the trick end up signing the documents, which may seem strange at first, since they aren’t really losing money or sensitive data this way.

However, attackers can use the signed documents to authorize payments outside of normal company procedures because, at the end of the day, the signatures on the invoices are legitimate. In this way, they effectively bypass billing departments and steal money from their victims.

The attacks are not manual, as the distribution appears to take place in relatively large volumes, the researchers further explained. Using the “Envelopes: Create” function, attackers can simultaneously generate and send a large volume of these fraudulent invoices to numerous potential victims.

Wallar added that the attacks have been going on for some time. DocuSign has acknowledged this as well. Responding to a request for comment from BleepingComputerthe company said it worked to prevent misuse: “We are aware of the reports and take them very seriously,” the publication said. “While in the interest of security we do not disclose details that could alert bad actors to our prevention tactics, DocuSign has a number of technical systems and teams in place to help prevent misuse of our services.”

Commenting on the news, Erich Kron, security awareness advocate at KnowBe4, said the campaign probably won’t be too successful and offered some tips on how to spot similar attacks:

“Since this is coming through an API exploit, there probably won’t be many signs that would be easy to detect like in a spoofed email. The easiest way to spot this is if it asks you to renew a service you don’t currently have, such as a certain brand of antivirus, it should stand out as fake Even if you happen to have that antivirus brand, it’s always best to renew through the vendor’s website or the app itself. Kron explained.

“It’s essential that people exercise caution when receiving unexpected bills or other communications via email, text or even phone calls, as bad actors can sometimes combine tactics to further confuse potential victims or try to improve credibility scams.”

You might also like

Online Niel

View all posts

Post navigation

Previous PostThe compact E-quad and minivan are turning heads with elytra vertical doors
Next PostVotebeat brings together nearly 100 election experts to answer reporters’ questions (now and in the coming weeks)

You Might Also Like

asane

The Springfield Police Department emphasizes staying safe ahead of the Halloween crawl

Online Niel October 27, 2024

asane

Prosecutors have held off charging Southport murder suspect Axel Rudakubana with terror offenses for up to two weeks over fears he could incite riots

Online Niel November 4, 2024

asane

Zay Flowers is questionable while Marlon Humphrey is questionable against the Browns

Online Niel October 26, 2024

asane

Composite sketch of Brampton sexual assault suspect released

Online Niel November 3, 2024