Only 1 in 10 finance leaders are ‘very confident’ they could stop an AI-powered cyberattack
Only 13% of finance leaders feel fully prepared for AI-powered cyberattacks. Discover where the real risks lie—and how to close the defense gap fast.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels.
This scheme is particularly dangerous for finance teams because it operates within standard business workflows, using DocuSign APIs, accounts and templates. The resulting fake payment requests can look virtually indistinguishable from legitimate vendor invoices.
(Real quick: what is an API, exactly? An application programming interface is basically a secure gateway that allows different software systems to communicate and share data – in this case, it’s what lets DocuSign connect with your company’s other business systems, like payment processing or document management platforms.)
Based on intel from API security platform Wallarm, cybercriminals are leveraging legitimate DocuSign accounts and APIs to:
This means scammers are purchasing actual DocuSign accounts and accessing official templates, allowing them to precisely replicate known vendor branding and payment workflows.
It represents a shift away from more “obvious” scams meant to capitalize on time-poor employees who simply don’t notice major anomalies – instead, these are sophisticated operations designed to blend seamlessly into normal accounts payable processes.
Rather than using obviously fake amounts, the criminals craft invoices that closely mirror legitimate pricing while inserting subtle additional charges such as activation fees. They’ve also developed a concerning two-step approach: first obtaining signatures on seemingly routine documents, then leveraging these signed documents to request payments either through DocuSign or through separate channels.
Evidence suggests organized criminal groups are using automated systems to distribute large volumes of fraudulent invoices – systematically, at scale. This trend has shown significant growth, with DocuSign’s own community forums reporting a marked increase in incidents over the past five months.
There are unique risks to financial operations.
Only 13% of finance leaders feel fully prepared for AI-powered cyberattacks. Discover where the real risks lie—and how to close the defense gap fast.
AI voice scams are targeting finance teams—using deepfake tech to mimic executives and authorise payments. Learn how they work—and how to stop them.
Discover 14 real-world AI-driven tax scams targeting US finance teams this season—what they look like, how they work, and how to stop them in action.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.