Since May 9, PhishLabs has tracked multiple phishing campaigns that uses DocuSign branding that lures victims into downloading malicious files. These campaigns followed a breach of a DocuSign database containing user email addresses. Each of the campaigns associated with this breach contain similar, yet distinct, characteristics. The third, and most recent, campaign was launched on May 17.
from Third DocuSign Phishing Campaign Identified Linked to Email Database Breach