• Home
  • Join
  • Contact Us
  • Sitemap
Site SearchGo
Earning your trust. Building your future.

Security Center

Please use caution as you conduct transactions online. Here is some helpful information about online safety and security.

1. E-Mail Scams

'Phishing' is a scam involving the use of e-mails in an effort to obtain the following personal information:
  • Full name
  • Social security number
  • Member or account number
  • Credit or debit card numbers
  • Personal identification number (PIN)
  • Online Banking Logon ID
  • Security Code
METRO will never ask you to provide, update or verify personal or account information (social security number, member number, PIN, credit or debit card numbers, etc.) through unsolicited e-mail. We already possess this information and will not request you to 'confirm' this through an unsecure e-mail or website unless you initiate a call or message via MetroNet.

2. Report Suspicious E-mail

If you receive any e-mails containing the SDMCU logo, name or website that you perceive as fraudulent or suspicious:
  • Do not reply to the e-mail or click any links in the e-mail message.
  • Forward it to us as soon as possible at memberservices@sdmcu.org.
  • Do not remove or retype the subject line, or change the e-mail in any way.
  • After forwarding the e-mail, immediately delete it from your inbox.
  • If you clicked on a link in an e-mail and provided any personal or account information, notify the Credit Union immediately.
  • If you clicked on a link in an e-mail and provided your online banking logon ID or Security Code (password), please change your security code immediately. Log into the online banking, go to the User Options section and click on 'Change password'.
If you receive a fraudulent or suspicious e-mail from another company or financial institution:

  1. Do not reply to the e-mail or click any links in the e-mail message.
  2. Forward the e-mail to the company directly, using an address you know to be correct, or call them to report the e-mail.
  3. After forwarding the e-mail, immediately delete it from your inbox.
Thank you for being alert to suspicious e-mail and for reporting it.

3. Ways to Avoid Being Phished

Phishing scams are prevalent and growing rapidly. Here are a few tips to help you avoid getting "hooked" by one.
  • Do not respond to any unsolicited e-mail that asks for personal or account information. Don't reply to it or click on any links contained in the message.
  • If you doubt a message's authenticity, verify it by contacting the organization itself using a phone number or e-mail address you know to be correct.
  • Avoid bogus sites by entering web addresses directly into the browser yourself or by using bookmarks you create.
  • When prompted for a password, supply an incorrect one first. A bogus website will accept it, but a legitimate one won't.
  • Do not open attachments. Like fake links, attachments may be used in phishing e-mails and are dangerous. Opening one, even an image or PDF, could cause you to download spyware or a virus.
  • Call the company in question using a phone number you know to be correct. The person you speak with will most likely be able to confirm whether they actually need the information and if so, whether you can provide it over the telephone.
  • Use anti-phishing software. There are a number of programs available that will check the web address in question against a list of known phishing scams and notify you if the site appears there.
  • Update your computer with the latest security patches. Some spoof sites are able to obtain your information through your internet host company's address if you simply visit the site.

4. How to recognize fraudulent from legitimate emails

Fraudulent e-mails and web sites are designed to deceive you and can be difficult to distinguish from the real thing. You should be suspicious of any e-mail that requests your personal or account information.

Most legitimate companies, including METRO, will never use an e-mail to ask you to provide or verify your personal or account information.

False sense of urgency. Many phishing e-mails try to deceive you with the threat that your account will be in jeopardy if it’s not updated right away or that it has been compromised. An e-mail that urgently requests you to supply sensitive personal information is typically fraudulent. Legitimate: METRO will occasionally alert you to possible news, important facts, scheduled maintenance, marketing & promotional news, or encourage the use of our product & services. This will be done either through an email followed by information on the website.
Fake links. Many phishing e-mails have a link that looks valid, but send you to a fraudulent site that may or may not have a URL different from the link. Check where a link is going by moving your mouse over the link in the e-mail and looking at the URL in the bottom bar of the browser. If it looks suspicious, don't click it. Legitimate links:
Misspellings and bad grammar. Fake e-mails often, but not always, contain misspellings, poor grammar, missing words, and gaps in logic. These types of mistakes help scammers avoid spam filters. Legitimate: For quality control, all communication via website and emails are proofed at the development stage before being published or transmitted.
Sender's e-mail address. To give you a false sense of security, the “From” line may include an official-looking e-mail address. The address may actually be copied from a genuine one. The e-mail address can easily be altered, so it’s not an indication of the validity of any e-mail communication. Legitimate: email.sdmcu.org
Our email address: memberservices@sdmcu.org
When in doubt, 'right-click' on the unopened email's subject line and choose Internet Headers. Scan the information for @email.sdmcu.org or @sdmcu.org.
Generic greeting. A typical phishing e-mail has a generic greeting, such as “Dear Customer,” but legitimate e-mails may use one too. Legitimate: Credit Unions address account holders as 'members' not customers.
Deceptive URLs. Some scammers will insert a fake browser address bar over the real one, so it looks like you’re on a legitimate site. The words may be slightly altered by adding, omitting, or transposing letters. Even if a URL contains the word "SDMCU," it may not be a San Diego Metropolitan Credit Union web site. Legitimate: https://www.sdmcu.org/home
or https://www.sdmcu.org/home/home
Out-of-place lock icon. Make sure there is a secure lock icon in the status bar at the bottom of the browser window. Some fake sites will put this icon inside the window to deceive you. Legimate: Lower right hand corner or after the address bar. Always verify the URL as ‘https://’. The ‘s’ stands for ‘secure’ and indicates the site is encrypted.
Report Suspicious Emails to: memberservices@sdmcu.org

5. Use antivirus software

Antivirus software identifies infected e-mail attachments and other virus carriers before they have a chance to damage your computer. Bundled software packages combine antivirus software and personal firewalls for $60 to $80.

6. Regularly update antivirus software

Since new viruses emerge every day, the companies that make antivirus programs allow computer owners to subscribe to updates to catch the latest versions.

7. Create strong passwords

Hackers easily can steal the information used to create common passwords such as your birthday or a pet’s name. They also have access to programs that will plug in every known word from the dictionary in an attempt to crack your passwords. Strong passwords avoid personal information, login names, or adjacent keyboard symbols. Instead, they combine numbers and letters in passwords that contain at least eight characters.

8. If you have a high-speed connection, install a personal firewall

This hardware blocks hackers who attempt to locate your computer or access your files. Personal firewalls range from about $40 to $50 depending on whether you buy it packaged or purchase it from a major vendor as a download. Virus protection alone runs about $35 to $450, and annual updates run about $30 to $35, depending on vendor and features.


Back To Top

Also In This Section #inThisSection($selectedNav.get(0))

Privacy Statement
User & Security Information
© San Diego Metropolitan Credit Union.
All rights reserved.