Fake DocuSign email hides tricky phishing attempt | Malwarebytes

A cybersecurity researcher encountered a sophisticated phishing attack disguised as a DocuSign notification that passed email authentication checks and used a legitimate Webflow preview URL to avoid detection. The multi-layered attack included a fake DocuSign interface, a suspicious randomized domain, and a deliberately simple CAPTCHA before redirecting victims to Google’s actual login page to create legitimacy. Rather than deploying immediate malware, the attack conducted data reconnaissance by fingerprinting browser metadata and system information to profile targets for future attacks, making it particularly dangerous as victims may not realize they’ve been compromised. The researcher recommends avoiding unsolicited email links, verifying requests through separate channels, and using active anti-malware solutions.​​​​​​​​​​​​​​​​