Cybercriminals are increasingly abusing trusted business platforms such as QuickBooks, DocuSign, Adobe Sign, and similar tools to send fraudulent invoices, contracts, and payment requests.
These messages are especially dangerous because they are sent directly from legitimate systems and infrastructure, allowing them to bypass traditional email defenses and appear authentic.
This is not a failure of Barracuda or Microsoft security controls -- it is a known, industry-wide tactic leveraging trusted services.
How This Attack Works
The attack method is simple but highly effective:
- An attacker creates a legitimate account (often free or trial-based) on platforms like QuickBooks or DocuSign
- They upload external email addresses (targets) as “customers” or “recipients”
- They generate invoices, contracts, or payment requests
- They modify the email body or embedded links to include deceptive or malicious content
- The platform sends the message using its real, trusted email servers
As a result, the message:
- Comes from a legitimate domain
- Passes SPF, DKIM, DMARC, and other DNS security related authentication
- Includes valid platform-hosted links or attachments
Because the email itself is technically valid, automated filtering from Barracuda alone cannot reliably stop these messages.
What We Are Doing Internally
To balance security with business needs:
- Barracuda allows these trusted platform emails to pass
- Microsoft Exchange Online automatically deletes them for most users
- A restricted internal group is allowed to receive them
- These approved members must have mastered high-level email auditing for Phishing
This approach:
- Reduces exposure to phishing risks
- Ensures critical business workflows can continue
- Limits access to those trained to properly audit these emails
Why You May Notice Missing Emails
If you do not normally work with invoices, contracts, or payment platforms:
- These emails are automatically blocked from your inbox
- This is intentional and protective
- No action from you is required
How to Request Access (Group Membership)
If your role requires access to QuickBooks, DocuSign, or similar communications, you may request inclusion in the approved group.
To create a ticket:
- Open a new email
- Address it to it@robinson-park.com
- Use a fitting subject similar to:
Request Access to Trusted Platform Emails (QuickBooks / DocuSign) - Include:
- Your role and department
- Business justification (why you need access)
- Types of platforms (QuickBooks, DocuSign, Adobe Sign, etc.)
- Send the email request
- Alternatively this can be done through our ticketing portal at https://it.robinson-park.com after registering a free account with your work email address
IT will review and grant access, or respond with reasons if anything got in the way.
Your Responsibility: Phishing Awareness
Even if you are approved to receive these emails, you are the final line of defense.
Before interacting with any invoice or contract:
- Verify the sender independently
- Confirm you are expecting the document
- Inspect links before clicking
- Never enter credentials or payment details without validation
Review our internal guide:
Key reminder:
Security starts in the inbox and in the mind of the recipient.
When to Report an Email
Create a ticket only if:
- You have positively identified phishing or fraud
- You experienced a potential compromise
Do not forward emails without first performing due diligence.
Summary
- Trusted platforms are being misused—not hacked
- Emails may look legitimate because they are technically valid
- Access is restricted by design to protect the organization
- User awareness is critical to stopping these attacks
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article