What Happened?

It is being reported that attackers have been utilizing DocuSign’s SaaS platform to deliver phishing campaigns that are able to bypass email security checks.

‍

By sending a seemingly authentic DocuSign email, attackers are able to mislead recipients into believing they are signing a legitimate document. Once the recipient clicks on the link provided on the DocuSign signing page, they are redirected to a Microsoft phishing page instead.

‍

Why This Tactic is Effective

This method is effective because it leverages the legitimacy of DocuSign’s email and security infrastructure, which many organizations trust and frequently interact with. Since DocuSign is widely recognized and used in business workflows, its emails are less likely to be flagged by security filters.

‍

What Can I Do?

To defend against this tactic:

1. Educate Users: Inform employees about phishing attempts that may come from familiar services like DocuSign. Provide tools and processes to flag phishing e-mails.
2. Implement Advanced Filtering: Use enhanced link analysis tools that check URLs after redirections to detect phishing pages masked behind trusted domains.
3. Enable Multi-Factor Authentication (MFA): Ensure that Microsoft accounts are protected with MFA to reduce the impact if credentials are compromised.