DocuSign is a company that provides technology for the transmission of contracts and other documents with features for electronic signatures used by many businesses. Recently DocuSign suffered a data breach in which its customer email data base was hacked. Shortly thereafter, many DocuSign customers received phishing emails designed to appear as if they were legitimate DocuSign communications and requests the person receiving the email to download an attached Word document. However, anyone downloading the attachment would also have unwittingly downloaded malware.
Never click on a link or download an attachment regardless of how legitimate the email or text message may appear until you have confirmed that the message is legitimate.
You can never be sure when you receive an email as to who is really contacting you. Although sometimes it is obvious when the email address of the sender does not correspond to who is represented as sending the email, but other times, such as in this case, the email account of someone or some company you trust could have been hacked and used to send you the malware. Therefore you should never click on a link or download an attachment in an email until you have absolutely and independently confirmed that it is legitimate.