The post discussed Avanan's look into a fake DocuSign attack that targets lower-level employees. As they write:
While these emails are crafted to look like legitimate DocuSign messages, they are not being sent from the platform. On real DocuSign emails, users are never asked to enter passwords, but rather an authentication code is emailed to the recipient.
See the full story at Bleeping Computer.