Find out if your security would stop a fake DocuSign scam today

What’s Happening?

Cybercriminals have found a new way to trick people using DocuSign, a tool many of us use to sign documents online. Unlike typical scams that might look a bit suspicious right away, these are sneakier because they use the real DocuSign system to make their fake requests look just like the real thing. 

DocuSign uses Envelopes API, which allows developers to create, send, and manage document containers (envelopes). These envelopes define the signing process of documents. This helps customers automate document sending, track status of signatures, and also retrieve the signed documents when completed.  

However, scammers are using this API to send fake documents and invoices to potential victims. 

How Does It Work?

The scammers set up a paid DocuSign account. They then use vulnerabilities in the Envelopes API to send out invoices that appear to be from well-known companies, like Norton Antivirus, complete with all the right logos and details. These invoices might ask you to sign for a product price or an additional fee. They can also include instructions to wire money somewhere, or to change bank account informaton.

Why Is It So Tricky?

These scams are hard to spot because: 

  • They come from DocuSign: Since the emails are coming from a trusted service, they bypass many of the usual email warnings we rely on. 
  • They look professional: The use of real logos and formatting means everything looks just as it should if it were a genuine invoice. 
  • No obvious signs of a scam: There aren’t any suspicious links or strange attachments that usually tip us off to phishing attempts. 
They come from DocuSign
Why Is It So Tricky

Screenshots of actual malicious requests reported. Source: Wallarm

What’s the Risk?

If someone signs one of these fake invoices, the scammers can then use that signature to pretend they have approval to take money from a company. They might send the signed document to a company’s finance team, tricking them into making a payment directly to the scammer. 

“If users e-sign this document, the attacker can use the signed document to request payment from the organization outside of DocuSign or send the signed document through DocuSign to the finance department for payment,” said Wallarm.  

How Can You Protect Yourself?

  1. Double-Check Everything: If you get an invoice or a document that needs signing, especially one involving money, double-check where it’s coming from. If it seems out of the blue or unexpected, it’s worth a second look. 
  2. Confirm Independently: Contact the company directly using a phone number or email you know is genuine—not one provided in the suspicious document—to confirm they really sent the invoice. 
  3. Be Cautious with Financial Documents: Be extra careful with any documents that involve financial transactions. Make sure the requests are legitimate by confirming with the relevant people in your company. 
  4. Educate Everyone: Make sure everyone who might use DocuSign in your organization knows about these scams. The more aware people are, the less likely they are to fall for them. 
  5. Cybersecurity Training for All Employees: It’s crucial that everyone in your organization knows how to spot phishing scams. Regular training on social engineering tactics helps employees avoid common traps set by modern attackers who exploit human error. 

DocuSign also notes to all users that they can follow their anti-phishing guidelines for any suspicious requests. 

Trust but Verify

In our digital-dependent world, robust cybersecurity measures are crucial. Advanced threats like sophisticated phishing scams using platforms like DocuSign underscore the need for vigilant security practices. Effective cybersecurity protects by constantly monitoring and rapidly responding to threats, ensuring that your operations remain secure and resilient against both current and future vulnerabilities. 

Unsure if your current cybersecurity is ready to stop sophisticated attacks like these from hackers abusing DocuSign? Get a No-Obligation Cybersecurity Risk Assessment today and know for sure: https://motiva.net/assessment  

Walter-Contreras

Walter Contreras

Walter Contreras has over 25 years of experience in information technology, including cybersecurity, with a focus on the Insurance Industry. As both a computer scientist and a graduate of the Columbia University Business School’s Executive MBA program, Walter understands how the world’s digital transformation is impacting small and medium businesses. His mission is to deploy information technology to protect and empower entrepreneurs.

Related blogs