DocuSign abused to launch devious phishing scams

News
By
published

Findings shared with DocuSign to help it protect users

Hook on Keyboard
(Image credit: wk1003mike / Shutterstock)

Cybersecurity researchers have discovered a new attack, in which malicious users spoof DocuSign messages to send malicious documents and phishing links.

Previously, hackers have exploited the trust users associate with DocuSign to pass around fake phishing emails, to pilfer user credentials from all major email providers.

DocuSign is an electronic signature technology used by businesses and individuals to exchange contracts, tax documents and legal materials.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

The threat actors behind this new wave of phishing attacks, discovered by email security vendor Avanan, are using this legitimate application to pass malicious links.

“E-signature providers such as DocuSign and Adobe Sign typically flatten uploaded document files and convert them into static .pdf files. This does help deter threats such as Macros from being embedded in the document. However, hyperlinks within a .pdf, .docx, etc., get carried on in the document and retain clickability to the end recipients after Signing execution,” explains Avanan’s Jeremy Fuchs in a blog post.

Abusing trust

Avanan explains that although DocuSign has implemented various security measures to prevent malicious documents from being hosted on its infrastructure, a trailblazing attacker could use mechanisms like steganography to override the checks and deliver “a weaponized piece of malware or ransomware.”

Furthermore, Avanan discovered that while embedding booby-trapped files does take some doing, malicious links can be added to any document without any effort or trick.

In his writeup Fuchs argues that this is a particularly effective strategy since it hosts the phishing link on DocuSign’s servers, while keeping the email clean, which helps it get past any security checks imposed by the client clients.

Fuchs notes that Avanan has shared details about this attack vector with the DocuSign information security and threat intelligence team.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
An iPhone sitting on a wooden table
Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe
Hacker Typing
This devious two-step phishing campaign uses Microsoft tools to bypass email security
Close up of a business person using a smartphone.
Watch out, malicious PDF files are being used again in phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
SVG files are offering cybercriminals an easy way in with new phishing attacks
Someone checking their credit card details online.
Hackers use CAPTCHA scam in PDF files on Webflow CDN to get past security systems
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
Latest in News
A stressed employee looking over some graphs
UK workers are spending more than one day per week tracking down information
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
An Nvidia GeForce RTX 4060 on a table with its retail packaging
Nvidia RTX 5060 GPU spotted in Acer gaming PC, suggesting rumors of imminent launch are correct – and that it’ll run with only 8GB of video RAM
Indiana Jones talking to a friend in a university setting with a jaunty smile on his face
New leak claims Indiana Jones and the Great Circle PS5 release will come in April
More about security
Dr Chase Cunningham speaking at ZTW25

The grand delusion: endpoint protection isn’t the magic pill, says Dr Zero Trust
An American flag flying outside the US Capitol building against a blue sky

Sean Plankey selected as CISA director by President Trump
Joe pouts at the camera standing in New York in You season 5

You season 5: everything we know so far about the twisted Netflix show’s return
See more latest
Most Popular
Joe pouts at the camera standing in New York in You season 5
You season 5: everything we know so far about the twisted Netflix show’s return
A stressed employee looking over some graphs
UK workers are spending more than one day per week tracking down information
EDMONTON, CANADA - FEBRUARY 10: A woman uses a cell phone displaying the Open AI logo, with the same logo visible on a computer screen in the background, on February 10, 2025, in Edmonton, Canada
T-Mobile rival is giving free ChatGPT Plus, worth hundreds, to its subscribers - but there's a catch
Three photos of the iPad Air M3 and its camera
iPad Air M3 review roundup – should you buy Apple's new mid-range tablet?
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
HP LaserJet Pro 3000 on modern office desk
Now HP printers are being bricked following firmware update
Meta QLC Server
Facebook engineers say bigger hard disk drives is making one critical metric far, far worse
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
Two iPhones showing Apple HomeKit settings
Still using an iPad as a Home Hub? Bad news – Apple is about to end support for it
Horizon Zero Dawn Remastered
Future PlayStation games could have AI-powered characters, if this leaked prototype of Aloy is anything to go by