Heads Up! March 2025 Phishing Scam

We’ve received several reports of this recently, so we dug into how the scam works. The Docusign Application Programming Interface (API) allows “customers” to send emails that come from genuine Docusign accounts, and they can use templates to impersonate reputable companies. To pull this off, the phishers set up a Docusign account and then use the templates provided by Docusign to send out legitimate looking invoices from PayPal. Because the emails come from Docusign they can bypass many security filters. This is an example of how these emails reach the targets.