Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal.
Using a legitimate service, the attackers bypass email security protections as they come from an actual DocuSign...
