This is a security alert. Your account and personal information is important to us. We recently received reports of a letter scam with our name on it. This letter scam may look similar to the sample below.
Recovery Scam Letter
Please be advised that this letter is NOT from San Diego Metropolitan Credit Union or any agency connected to the Credit Union. Do not respond or give any requested information. If you believe you have been a victim of this scam, please contact your financial institution immediately and the U.S. Postal Inspection Serivce immediately. If you're a member of SDMCU, you can call our Phone Center at 619-297-4835 during regular business hours.
It was reported on September 7, 2017 that Equifax, a major credit reporting bureau, was breached and information of 143 million individuals were compromised. The information compromised could contain names, Social Security numbers, birth dates, addresses and driver’s license numbers. This could lead to potential identity theft fraud.
Equifax Data Breach
To check if your information was included in the breach, Equifax established a website here (https://trustedidpremier.com/eligibility/eligibility.html) and consumers can enroll in a complimentary identity theft protection and credit file monitoring service. Consumers can also call Equifax Breach Hotline at 866-447-7559 for additional information or visit the Equifax Breach Website here (https://www.equifaxsecurity2017.com/).
The provider of eSignature security and compliance DocuSign, is tracking a malicious email campaign where the subject reads: "Completed: docusign.com - Wire Transfer Instructions for recipient-name Document Ready for Signature".
DocuSign Malicious Email Campaign
The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware. These emails are not associated with DocuSign. They originate from a malicious third-party using DocuSign branding in the headers and body of the email. The emails are sent from non-DocuSign-related domains including firstname.lastname@example.org (note the missing "I"). Legitimate DocuSign signing emails come from @docusign.com or @docusign.net email addresses.
Please remember to be particularly cautious if you receive an invitation to sign or view a Document you are not expecting. If you have received a copy of the above email, DO NOT OPEN ANY ATTACHMENTS. Instead, forward the email to email@example.com and then immediately delete the email from your system.