...
Due to the compromise of DocuSign accounts, DocuSign accounts are sending requests to other user accounts that ask them to log into Microsoft 365. Those who click on these fraudulent requests are sent to a fake Microsoft 365 log in login page. If the recipient enters their log in login credentials (UConn email address and NetID password) into their fake page, the credentials are sent to bad actors. This is not limited to the UConn community.
...
If you mistakenly click on the document, you’re asked to click on a link within the document that leads you to a fake Microsoft log in login page. If you enter your credentials into the page, your credentials are sent to bad actors.
...