Hackers exploit DocuSign’s Envelopes API to send fake invoices

November 7, 2024
Hackers DocuSign’s Envelopes API Fake Invoices

Threat actors have an ongoing exploitation campaign on DocuSign’s Envelopes API to generate and disseminate fake invoices. Reports revealed these bogus invoices seem legitimate as they impersonate reputable firms like PayPal and Norton.

Moreover, the campaign can pass email security measures as the hackers exploit legitimate services from the DocuSign domain. The attackers aim to have their targets e-sign the documents, allowing them to authorise payments independently of the company’s billing departments.

 

The exploit on DocuSign’s Envelopes API can potentially be a significant financial threat to compromised users.

 

The new malicious campaign on DocuSign’s Envelopes API is a sophisticated threat that can compromise widespread users. The affected service is an electronic signature platform allowing users to digitally sign, send, and manage documents.

In addition, the Envelopes API is essential to DocuSign’s eSignature REST API since it enables developers to create, send, and manage document containers (envelopes) that define the signing process. The researchers explained that threat actors using authentic paid DocuSign accounts are misusing this API to issue fraudulent invoices that look and feel like those from respected software companies.

These users have complete access to the platform’s templates, allowing them to create papers that closely mimic the impersonated entity’s branding and appearance. Subsequently, they use the Envelopes to generate an API method to construct and send numerous malicious invoices to several potential victims.

The researchers also claimed that the attackers keep the fees presented in these invoices within a reasonable range to boost the perception of the signing request’s validity. Furthermore, once users e-sign the document, the attacker can use the signed document to request payment from the organisation outside of DocuSign or submit it to the finance department for payment via DocuSign.

The affected company has already received reports of this type of abuse and is now aware of the ongoing campaign. However, customers have denounced the campaigns numerous times on the platform’s community forums.

As of now, DocuSign has yet to disclose any statement regarding the issue. Therefore, users, especially the ones using PayPal or Norton, should be wary of this exploit to avoid financial loss and unwanted disruption.

About the author

Leave a Reply