DocuSign has admitted they were the victim of a data breach that has led to phishing attacks which used DocuSign information. They discovered the data breach when on May 9, 15, and 17 DocuSign, customers were being targeted with phishing campaigns.
We have received fake Docusign emails ourselves already so we can confirm this. As ever check the embedded links by hovering over them to see if they point to a different domain to that which it should. If in doubt call the sender or delete it.
The link downloads a compromised Word document which downloads malware. Be warned and make sure all your staff know!