The campaign used emails masquerading as legitimate DocuSign communications, claiming to contain documents requiring immediate signature. These messages directed recipients to fraudulent login pages or malicious websites designed to harvest credentials. The attack vector raises particular concerns as digital identity solutions become more prevalent in corporate environments. Corporate executives and employees, particularly in the technology sector, were the primary targets of this spear-phishing operation. The attackers leveraged Cloudflare’s infrastructure for SSL encryption and DDoS protection, which complicated detection efforts by security systems. The sophisticated approach demonstrates the evolution of phishing tactics beyond traditional email-based attacks.