Skip to main content
Back to Security Snacks
Phishing

Phish Impersonating DocuSign

Published on: 
April 30, 2024

195 domains registered and used for credential phishing

We spotted 195 domains registered and used for credential phishing pulled from a phish impersonating DocuSign using a click thru URL obfuscator.

The initial domain was qi6kd[.]com which showed a google workspace login, off a DocuSign-impersonating email with a link to a malicious site.

Related Content

SecuritySnacks
Cybersecurity Reading List - Week of 2026-06-01
Commentary followed by links to cybersecurity articles and resources that caught our interest internally.
Learn More
SecuritySnacks
SecuritySnack - Hijacking Corporate Sessions
A sophisticated AiTM phishing kit bypassing traditional MFA to steal Microsoft 365 session cookies. Get the full breakdown and IOCs.
Learn More
SecuritySnacks
Cybersecurity Reading List - Week of 2026-05-04
Systems thinking, biolistics, and the danger of mop-up science in infosec — plus this month's reading on ransomware, RPKI exploits, cPanel, and LLM pollution.
Learn More

Heading

SecuritySnacks
Research
Newsletters
Podcast Episodes
About
No items found.