...
Due to the compromise of DocuSign accounts, DocuSign accounts are sending requests to other users user accounts that ask them to log into Microsoft 365. Recipients of Those who click on these fraudulent requests are sent to a fake Microsoft 365 log in page. If the recipient enters their log in credentials (UConn email address and NetID password) into their fake page, the credentials are sent to bad actors. This is not limited to the UConn community.
Important Distinction
This phishing campaign is the result of compromised DocuSign accounts. These compromised accounts are sending requests to other DocuSign accounts.
...
If you have clicked on the message, do not enter your login credentials into any web pageor any other identifying information.
Review the “How to Identify” steps above. Do not interact with the request in either your email inbox or in the DocuSign website.
...