Skip to main content
Back to Security Snacks
Phishing

Phish Impersonating DocuSign

Published on: 
April 30, 2024

195 domains registered and used for credential phishing

We spotted 195 domains registered and used for credential phishing pulled from a phish impersonating DocuSign using a click thru URL obfuscator.

The initial domain was qi6kd[.]com which showed a google workspace login, off a DocuSign-impersonating email with a link to a malicious site.

Related Content

SecuritySnacks
The AI Frame Campaign Continues
Analysis of the persistent AIFrame campaign: A fake Google Authenticator Chrome extension and 6+ related apps use "deploy clean, update dirty" tactics to steal 2FA credentials and inject malicious iframes. Learn how this operation bypasses Google’s security reviews.
Learn More
SecuritySnacks
Cybersecurity Reading List - Week of 2026-04-06
From Gramsci's 'morbid symptoms' to modern threat intelligence - a cybersecurity roundup exploring why defenders should treat root causes over chasing dramatic threats, with curated links on ransomware, HUMINT, disinformation, and more.
Learn More
SecuritySnacks
SecuritySnack - OpenAI Anti-Ads Malware
Stay protected against the "ChatGPT Ad Blocker" malware. This investigation reveals how a malicious Chrome extension uses Discord webhooks to steal private ChatGPT conversations, prompts, and metadata.
Learn More

Heading

SecuritySnacks
Research
Newsletters
Podcast Episodes
About
No items found.