Who is really to blame?
Even though this is a DocuSign exploit, why are these businesses not verifying who is sending these invoices to them and why? Is someone literally just lazily "pushing a button" to pay them without confirming what they're even for, or worse, writing an automation script that autopays? It seems absurd to begin with to just assume because it comes from DocuSign, that it's all valid without even doing a basic check that it matches a predetermined list of accounts payable with flag checks for amounts deviating from established averages. Nothing should be tedious or "a pain" checking these senders, or that the invoices match work orders.
It's wild to me that the US Gov can finally start clamping down on bogus 1800% overcharges on things, but corporate America - with its current drive to be what's truly behind "inflation" - gets caught with their pants down.
Bonus wild points if this is all an inside job with all these "victimized" corps, because unscrupulous employees have determined everything just gets rubber stamped for AP invoices.