DocuSign’s Envelopes API abused to send realistic fake invoices

November 4, 2024 at 03:26PM Threat actors are exploiting DocuSign’s Envelopes API to send fake invoices impersonating brands like Norton and PayPal. By using a legitimate DocuSign domain, they bypass email security measures, misleading targets into e-signing documents that authorize fraudulent payments. This abuse has been reported extensively by concerned users. ### Meeting Takeaways 1. … Read more