It’s a brilliant new social engineering phishing scam. It will sail through all your spam / malware filters and email protection devices, because it’s entirely legit by using the Docusign infrastructure. Prime example of an info grabbing phish that does not use a malicious payload.
The scam basically uses Docusign to make a request for sensitive information appear official and real.
This is just an FYI. I’m not saying this is Docusign’s fault. If anything, it shows that Docusign has reached a level of awareness that scammers are leveraging it. I don’t know if Docusign needs to respond, or how. If someone is gullible enough to provide sensitive information to someone they don’t know (a “Louis Valentin” in this case)…
BTW, I don’t believe ZScaler or any other security product/service could prevent this. This could just as easily be a request from your mortgage broker or bank for sensitive information for which they actually have a legitimate need.