Those fraudsters on the internet are smart and persistent, and unfortunately, it appears that they have targeted USAA members in a new phishing scheme. Phishing is the use of fraudulent emails to gather personally identifying information from people. If you are an USAA member, please read this announcement carefully to protect you account information.
From the USAA announcement:
USAA is investigating an e-mail phishing scam that attempts to collect users' sensitive information.
Members have received a recent email claiming to be from USAA with the subject line: USAA Protection Alert. In an elaborate scheme, the email informs members about a failed usaa.com login attempt and to click on a link to update their identity. Clicking on the link directs the member first to a counterfeit website to log on. Logging on produces the second website, asking for a PIN. Clicking "Next" produces another website asking for the member to set up security questions and after clicking "Next" again, a final website opens, asking for the member's sensitive information including:
Although the e-mail includes a USAA logo and appears to be from USAA, it is not. USAA will not ask for any personal or account information, including PINs or passwords, in an e-mail.
- Card Holder's Name*
- Card Number
- Expire Date*
- Card Verification Code*
- Billing Address*
- Billing Zip Code*
- Billing Phone Number*
- Email Address*
- Email Password*
Upon closer scrutiny, you will notice the Security Zone in the counterfeit email does not include the member's name or the last four numbers of the member account number. Additionally, the salutation does not address the member by name.
If you are suspicious about any e-mails or websites claiming to be from USAA, please notify us immediately at email@example.com.
Valid USAA websites use Extended Validation (EV) certificates which are an authentication method that turns the Web address bar green, helping you to establish you are visiting a legitimate website. With EV certificates it's more difficult for an imposter site to appear authentic. The address bar should be Yellow or Red if there is a problem validating the website. For more information, please visit the USAA Security Center to learn about Safe Site Entry.
Here are some tips to protect yourself from this and other scams.
Phishing These fake e-mails appear to come from legitimate sources. They ask customers to verify personal information or link to fake websites that appear real.
Beware of e-mails that:
Do not click on any link in these suspicious e-mails. You'll find more information about how to protect yourself in our Online Security Center.
- Urge you to act quickly because your account may be suspended or closed.
- Don't address you by name, but use more generic language like "Dear valued customer."
- Ask for account numbers, passwords or other personal information.
Pharming Redirects Pharming involves redirecting Internet users to a fake website, even when they entered the correct address.
These bogus sites often look real, but secretly collect any personal information and passwords entered. Users end up at fraudulent sites by having spyware or a virus loaded on their computer, or by sophisticated hacking tricks.
Beware of any changes to the logon screen. If you are asked for anything out of the ordinary, do not enter any information.
Pop-ups Pop-ups are a form of online advertising intended to attract web traffic or capture information. Pop-ups appear in a separate, usually small, browser window. These windows may include advertisements or ask you to enter personal information such as your credit card account number, expiration date and security code. By clicking on a link in a pop-up, spyware or malware may be downloaded onto your computer without your knowledge.
Pop-up windows that occur even while you are not browsing the Internet may be an indicator that your computer is infected by spyware or malware. There are many software programs that block pop-up windows. Check your security software to see if this is an option that you can enable.