On Thursday, July 20, 2023, one of ACERA’s retired members received a fraudulent email, disguised to appear as though it was sent from DocuSign. This deceptive email asked the recipient to resubmit a direct deposit form for their ACERA pension. This email was designed to confuse, because DocuSign is a legitimate company that ACERA uses to provide electronic form submittal to our members.
What the Fraudulent Email Looked Like
For your reference, here’s an image of the fraudulent email that was received by our member (recipient name has been changed):
Warning Signs of Fraudulent Emails
ACERA takes your security seriously, and we want to ensure that you are aware of the warning signs to protect yourself from such scams. Here are some red flags to look out for that will help you identify fraudulent emails:
1. Unexpected or Unsolicited Emails
Exercise caution with unexpected emails. In this instance, the member received the email completely out of the blue. ACERA will never send a DocuSign email to you unexpectedly. There are two ways that you will receive a DocuSign email:
- You are already in communication with ACERA staff, and they tell you they will send you a DocuSign form to complete.
- You initiate the DocuSign form by clicking a button or link at our website, www.acera.org.
2. Emails From Unfamiliar Senders
Be cautious if you receive an email from a sender’s address that looks suspicious or unfamiliar. In this instance, the “from” email address is actually not a red flag because the email seems to come from dse_NA4@docusign.net, which is a legitimate DocuSign email address. The fraudsters were able to spoof the “from” email address to try to give more legitimacy to this fraudulent email. In other instances, the “from” email will be from an obviously unfamiliar sender.
3. Misspellings and Grammar Errors
Pay attention to any unusual spelling mistakes or poor grammar in the email’s content. Legitimate organizations like ACERA typically have polished communications. In this case, there were several mistakes that were red flags:
4. Urgent Requests or Threats
Fraudulent emails often try to create a sense of urgency, pressuring you to take immediate action. They may claim that your account is at risk or that you need to update personal information urgently.
5. Request for Credentials, Payment Information, or Other Personal Details
Fraudsters will sometimes create a fake landing page that recipients are directed to by a link in an official-looking email. The fake landing page will have a login box or request that a payment is made to resolve an outstanding issue. If the email was unexpected, instead of clicking on a link, you should open your web browser and directly visit the website from which the email has supposedly come by typing in the web address in your browser’s address bar.
6. Suspicious Attachments or Links
Avoid clicking on links or downloading attachments from unfamiliar or suspicious emails. These could lead to malicious websites or infect your device with malware.
We understand that ACERA emails may sometimes contain links, particularly in our news and wellness communications. Instead of advising you not to click on links, we urge you to exercise caution when clicking on any link in an email. Always verify the source of the email and the link’s destination before clicking. If in doubt, you can directly contact ACERA to confirm the legitimacy of the email.
What Legitimate Links From ACERA Look Like
Legitimate links in ACERA emails will often point to http://acera.us3.list-manage.com, which allows us to statistically track clicks from our Mailchimp email application so we can understand how well our emails perform. Links provided in direct emails you receive from ACERA staff will point to expected websites, like web pages on ACERA’s website (www.acera.org/health) or other government agencies (www.medicare.gov or www.ssa.gov).
If you’re on a computer, you can hover your pointer over a link in your browser to preview where the link would take you if you clicked it. This example is from a news email we sent in January:
On your smartphone, you can long-press (press and hold) a link to reveal where the link points to before you actually use it.
What Legitimate ACERA Emails Look Like (3 Types)
ACERA will send you 3 types of emails:
1. Direct Correspondence From an ACERA Staff Member
They are sent from either email@example.com or a member of our staff with an email address ending in @acera.org.
2. News Emails
These emails start with the ACERA logo in a blue bar and feature a main image. They are sent from firstname.lastname@example.org. All news items that go out over email are also posted at www.acera.org/news, so you can double check their legitimacy.
3. Wellness Emails
These emails start with the ACERA Wellness logo in a navy blue bar and feature a main image. They are sent from email@example.com. All wellness items that go out over email are also posted at www.acera.org/well, so you can double check their legitimacy.
What To Do if an ACERA Email Seems Suspicious
If you receive an ACERA-related email that seems suspicious or asks for sensitive information, we recommend the following actions:
- Forward the email to ACERA at firstname.lastname@example.org.
- For immediate assistance, you can also call us directly at 510-628-3000 from 9:00 am to 4:30 pm on business days.
The security of our members is of paramount importance to us. We are continuously working to strengthen our security measures to protect you from fraud. Together, we can keep our ACERA community safe from cyber threats.