It is being reported that attackers have been utilizing DocuSign’s SaaS platform to deliver phishing campaigns that are able to bypass email security checks.
By sending a seemingly authentic DocuSign email, attackers are able to mislead recipients into believing they are signing a legitimate document. Once the recipient clicks on the link provided on the DocuSign signing page, they are redirected to a Microsoft phishing page instead.
This method is effective because it leverages the legitimacy of DocuSign’s email and security infrastructure, which many organizations trust and frequently interact with. Since DocuSign is widely recognized and used in business workflows, its emails are less likely to be flagged by security filters.
To defend against this tactic: