Columbia Credit Union has been alerted of a phishing event that may have impacted members who recently signed documents through DocuSign’s digital transaction management system. During this phishing attempt emails may have been sent to members that “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software.

An investigation of this phishing attempt has confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure. The DocuSign network will continue to monitor activity in order to help safeguard information, documents and data.

Please be assured that the privacy and security of members’ information is our top concern.

FAQ:           

What happened during this phishing attempt?
Some members who recently signed documents through DocuSign may have received emails that “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software.

Who did the phishing attempt impact?
An investigation of this phishing attempt has confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure. Only a list of email addresses were accessed by the phishing incident.

What is Columbia doing? 
We’ve taken measures to protect our network and systems from the phishing attempt and are actively monitoring our digital banking and payment activity. 

What should members do?
You should always make sure your computer is running up-to-date antivirus and antimalware software.  

Is this related to the widely discussed WannaCry issue?
No.