Security Boulevard

The DocuSign Email That Wasn’t – A Three-Redirect Credential Harvest

TL;DR Attackers sent a convincing DocuSign notification with a "Review & Sign" button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain ...
WGAL on MSN

Scammers using fake DocuSign emails to trick recipients into clicking malicious links

Another version of the scam claims to be an invoice but does not specify what it is for.
Forbes

DocuSign Exploit Lets Hackers Send Fake Invoices

DocuSign, Inc. is an American company providing document management services. In a recent cyber threat development discovered by the Wallarm security firm, attackers are exploiting DocuSign’s API ...