Cybercriminals Use DocuSign APIs for Fraudulent Invoices

Cybercriminals exploit DocuSign APIs to send fake invoices. A new trend has emerged where attackers use legitimate DocuSign accounts to send fraudulent invoices that closely mimic those of reputable companies, making them difficult to detect. These scams bypass traditional phishing defenses by utilizing DocuSign’s official templates and branding, allowing attackers to automate the process and send large volumes of fake invoices. Security experts recommend organizations verify sender credentials, implement strict internal approval processes, and conduct employee training to combat this evolving threat.