Keeping you and your money safe: Stay vigilant with links in emails

What these fake emails look like

We have received multiple reports of DocuSign‑style emails where:

• The sender’s email address is not from @gmcu.com.au (often appearing as an @outlook.com address)
• The email urges you to “view” or “review” a document
• The link leads to a website that is not affiliated with DocuSign

These emails can appear convincing, so careful checking is essential.

How to spot a fraudulent DocuSign or GMCU email

✔ Check the sender’s address

Scammers may spoof a name, but the domain (the part after @) is usually a giveaway. Genuine GMCU emails only come from @gmcu.com.au.

✔ Hover before clicking links

Before clicking “View Document,” hover over the link. If it does not point to docusign.com or docusign.net, do not click it.

✔ Look for a DocuSign security code

Real DocuSign emails include a unique security code at the bottom.

✔ Watch for other red flags

Be cautious of emails that include:

• Unexpected or urgent requests
• Poor grammar or unusual formatting
• Suspicious attachments such as .zip or .exe files
• Anything that feels out of the ordinary

What to do if you receive a suspicious email

If you receive an email that seems unusual or claims to be from GMCU or DocuSign:

1. Do not click any links or attachments.
2. Forward the email as an attachment to DocuSign for verification at verify@docusign.com.
3. Delete the email from your inbox and from your deleted items folder.
4. If you are unsure, contact us directly. We are here to help.

Your security is our priority

We take the security of your personal and financial information seriously. We will never ask you to open unexpected attachments or provide sensitive information through email links. If you ever have concerns about an email you receive, please reach out to us.