Scammers Sent 40,000 E-Signature Phishing Emails to 6,000 Firms in Just 2 Weeks

Phishing campaign: Scammers sent over 40,000 spoofed SharePoint, DocuSign and e-sign emails to companies, hiding malicious links behind trusted redirect services.

A phishing campaign impersonating digital document platforms has reached more than 6,000 organisations in just two weeks, according to researchers at Check Point Research (CPR).

This phishing campaign used emails that were prepared to look like legitimate notifications from services like SharePoint and DocuSign, tricking recipients into clicking links that led to credential theft pages.

File-sharing and e-signing tools are part of daily operations for industries like banking, insurance, real estate, and consulting. By copying the style and tone of trusted platforms, the phishing messages appeared routine enough to pass as real. The subject lines, formatting, and even logos matched what users might expect from a legitimate alert.

Check Point researchers tracked over 40,000 phishing messages across the U.S., Europe, Canada, Asia, Australia, and the ...