Warning: New Phishing Scam Targets USAA Members

Those fraudsters on the internet are smart and persistent, and unfortunately, it appears that they have targeted USAA members in a new phishing scheme. Phishing is the use of fraudulent emails to gather personally identifying information from people.  If you are an USAA member, please read this announcement carefully to protect you account information.

From the USAA announcement:

USAA is investigating an e-mail phishing scam that attempts to collect users’ sensitive information.

Members have received a recent email claiming to be from USAA with the subject line: USAA Protection Alert. In an elaborate scheme, the email informs members about a failed usaa.com login attempt and to click on a link to update their identity. Clicking on the link directs the member first to a counterfeit website to log on. Logging on produces the second website, asking for a PIN. Clicking “Next” produces another website asking for the member to set up security questions and after clicking “Next” again, a final website opens, asking for the member’s sensitive information including:

  • Card Holder’s Name*
  • Card Number
  • Expire Date*
  • Card Verification Code*
  • Billing Address*
  • Billing Zip Code*
  • Billing Phone Number*
  • Email Address*
  • Email Password*

Although the e-mail includes a USAA logo and appears to be from USAA, it is not. USAA will not ask for any personal or account information, including PINs or passwords, in an e-mail.

Upon closer scrutiny, you will notice the Security Zone in the counterfeit email does not include the member’s name or the last four numbers of the member account number. Additionally, the salutation does not address the member by name.

If you are suspicious about any e-mails or websites claiming to be from USAA, please notify us immediately at abuse@usaa.com.

Valid USAA websites use Extended Validation (EV) certificates which are an authentication method that turns the Web address bar green, helping you to establish you are visiting a legitimate website. With EV certificates it’s more difficult for an imposter site to appear authentic. The address bar should be Yellow or Red if there is a problem validating the website. For more information, please visit the USAA Security Center to learn about Safe Site Entry.

Here are some tips to protect yourself from this and other scams.

These fake e-mails appear to come from legitimate sources. They ask customers to verify personal information or link to fake websites that appear real.

Beware of e-mails that:

  • Urge you to act quickly because your account may be suspended or closed.
  • Don’t address you by name, but use more generic language like “Dear valued customer.”
  • Ask for account numbers, passwords or other personal information.

Do not click on any link in these suspicious e-mails. You’ll find more information about how to protect yourself in our Online Security Center.

Pharming Redirects
Pharming involves redirecting Internet users to a fake website, even when they entered the correct address.

These bogus sites often look real, but secretly collect any personal information and passwords entered. Users end up at fraudulent sites by having spyware or a virus loaded on their computer, or by sophisticated hacking tricks.

Beware of any changes to the logon screen. If you are asked for anything out of the ordinary, do not enter any information.

Pop-ups are a form of online advertising intended to attract web traffic or capture information. Pop-ups appear in a separate, usually small, browser window. These windows may include advertisements or ask you to enter personal information such as your credit card account number, expiration date and security code. By clicking on a link in a pop-up, spyware or malware may be downloaded onto your computer without your knowledge.

Pop-up windows that occur even while you are not browsing the Internet may be an indicator that your computer is infected by spyware or malware. There are many software programs that block pop-up windows. Check your security software to see if this is an option that you can enable.

About the Author

Kate Horrell
Kate Horrell is a military financial coach, mom of four teens, and Navy spouse. She has a background in taxes and mortgage banking, and a trove of experience helping other military families with their money. Follow her on twitter @realKateHorrell.
  • I received an email 1st from usaa asking me for personal info that they already had I ignored it 2 days later I get an email from american express saying someone tried to log in to my cards account to many times online and to enter my credit card number with my password to reset it , I’m not dumb but hello is there a leak with usaa and idenity theft I shore hope not…

    • Bill Hickey

      I thought the same thing, that this problem is internal to USAA. I got a phish-mail myself allegedly from USAA and reported it to their abuse address. What really pisses me off is that they never even sent me an “attaboy.” :)

  • GurkaJim

    I concur with Watersisland’s comments regarding poorly composed emails. Take the time and compose your thoughts and words correctly.

  • mlgibson

    I had a call saying i could lower my interest on my credit card. They was trying to get my credit card # and i told him no because the line was not secure , there was ringing on the line. he said it was and he was from usaa. i told him no and he started calling me stupid b,f in b, black n (I VERY MUCH DISLIKE THAT VERY BAD WORD)and so on . i said exscuse me and he hung up.