"Phishing: Attackers Use DocuSign to Send Malicious Links"

Attackers are using the electronic agreement management company DocuSign to distribute malicious phishing links. The phishing attack involves a malicious actor registering an account with DocuSign or compromising another user's account. From there, the actor uploads a file to the account. Then the attacker sends a DocuSign envelope to their target, who, in turn, receives an email invitation from the platform, prompting them to review and sign an electronic document by clicking a hyperlinked button. The email bypasses detection since it is technically clean as DocuSign's servers host the phishing link, thus allowing it to successfully reach a recipient's inbox. The document-signing process is the same for a legitimate file, but the difference is that clicking on the link redirects the recipient to a phishing site designed to steal their login credentials for Dropbox, Microsoft, and other services. This article continues to discuss the phishing attack process involving the abuse of DocuSign, other recent DocuSign-themed phishing campaigns, and how users can protect themselves from phishing attacks spoofing DocuSign. 

Security Intelligence reports "Phishing: Attackers Use DocuSign to Send Malicious Links"