駭客濫用DocuSign API大量傳送假發票
支付動態 · 2024-11-05
資安業者Wallarm發現駭客使用真實的DocuSign帳戶及範本,來冒充諸如Norton等合法公司,並大量寄出偽造的發票,以欺騙受害者付款
Wallarm
鎖定應用程式與API安全性的資安業者Wallarm本周警告,駭客正在濫用DocuSign的Envelopes API大量寄送假發票,企業稍一不慎就可能淪為受害者。
DocuSign為一專門提供電子簽名及數位交易管理服務的業者,協助企業與個人在網路上完成文件的簽署與管理,並在美國那斯達克股市掛牌。Envelopes API是DocuSign所開發的核心API,能夠用來建立、發送與管理信封,此信封內含文件、收件人資訊及簽署指導,以自動化整個簽署流程。
然而,Wallarm發現,駭客使用真實的DocuSign帳戶及範本來冒充諸如Norton等合法公司,並大量寄出偽造的發票,以欺騙受害者付款。
駭客先建立一個合法且付費的DocuSign帳戶,接著模仿合法公司的發票範本,再大量寄出,一旦受害者簽署了該文件,駭客就能利用該簽名檔來請款。危險的是,由於發票是直接自DocuSign平臺發送的,所以並不會被企業的過濾機制攔截。
Wallarm表示,相關的攻擊風險不僅限於DocuSign,也涉及其它電子簽名服務,建議組織應該要驗證寄件人的憑證,多重審核與財務有關的請求,即時教育訓練,以及監控異常情況等。
熱門文章
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Game
HUIDU Invites You to Booth T70 at iGB L!VE 2026 — Let’s Ignite London This July!
HUIDU Focus
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat
Sports Game
Indiana online casino bill stalls in House committee
Regulation
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
Across 6 Cities: HUIDU Invites You to 8 World Cup Parties Redefining High-Value Social Networking
HUIDU Focus
1spin4win grows its Latin American presence by partnering with Fortuna Juegos
Online Game
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
British gambling levy rates confirmed for each vertical
Regulation
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
