Cybercriminals have found a way to leverage Docusign’s Application Programming Interface (API) to make phishing attacks appear more genuine. This method, recently investigated by Malwarebytes Labs, highlights how scammers continue to refine their approaches to mislead victims.
Using Docusign accounts, scammers craft emails that masquerade as official PayPal communications. They send invoices indicating suspicious transactions and include a phone number for recipients to “resolve the issue” and secure their accounts. Since these emails originate from Docusign—a trusted platform—they can evade many standard email security defenses, giving scammers a broader reach.
Although convincing, these fraudulent emails aren’t flawless. A few indicators to watch out for include:
- PayPal-related emails originating from generic Gmail accounts, which is atypical of PayPal’s official operations.
- Docusign being employed unnecessarily for documents that do not require an e-signature, which raises doubts about the email’s purpose.
Docusign has implemented swift action against misuse. Reports of suspicious accounts are taken seriously, with most being flagged or terminated within a day of detection. Furthermore, once an account is deactivated, any documents shared through it become inaccessible to all parties.
To avoid falling for such scams, double-check the authenticity of any unexpected emails, particularly those involving payment services like PayPal. If something seems off, report the email to both Docusign and PayPal directly through their official channels.
