Avanan's attack brief about hackers sending phishing content from legitimate DocuSign accounts was featured in SCMedia. As our CEO Gil Friedrich said:
It's also not uncommon to include a link in these types of contracts, so the presence of another URL wouldn't likely raise suspicion on its own. But even if you did want to investigate further, "you're limited as a security tool to follow the link, because the link sits within DocuSign, in an account that is associated with the recipient," said Friedrich. "You cannot click the link and see that document from a security layer. So to do the full emulation of the link and figure out it's malicious... is also a problem.
Head to SCMedia to read the full article.