Customers of the United Services Automobile Association, or USAA, are confronted with a faceless threat and may likely find themselves within enemy territory…if they’re not careful enough.
Our researchers in the AV Labs spotted a phishing attack aimed at USAA customers who are mainly military service members, veterans and their families. The attack starts with the following spam:
click to enlarge
From: {random}
To: {random}
Subject: USAA – Account Security Update
Message body:
Dear Valued Customer,We detected irregular activities on your USAA Internet Banking account. Your Internet banking account has been temporarily suspended for
your protection, you must verify this activity before you can continue using your Internet banking account with USAA Bank.Please follow the reference link below to verify your account.
[link] Click here to verify [/link]
Security advice : Always log-off completely your Internet banking account after using internet banking from a public places or computer for security
reasons.Thank you,
USAA Internet Banking.
Once a recipient clicks Click here to verify, he/she is then taken to a legitimate-looking USAA login page. However, do take note of the URL:
click to enlarge
This phishing page asks for a member’s Online ID, password and the PIN number of their USAA-issued credit or debit card, which the phishers made a compulsory detail to add on the login page. Note, however, that the actual USAA login page does not ask for their members’ PINs.
PIN numbers can personally identify individuals and their owners must only have sole knowledge of them. Members must never disclose them to any service provider or individual. Likewise, service providers must never ask for them (as proof of membership) nor store them in any form.
Private citizens are also not safe from this phishing attack. Although USAA caters more to the military folks and their families, USAA has made available its online banking service to anyone, locally and internationally.
USAA clients should be aware that phishing attacks are happening not just to online banking and e-commerce sites but also to financial services and insurance companies.
We advise recipients of the phishing email to delete it from their inboxes and not forward it to friends, families and colleagues, nor attempt to reply to the supposed sender. It is still best for users to visit the actual USAA website and login from there.
To get the latest spam- and phishing-related mail threats, tune in to GFI Software’s Tumblr page (www.gfisoftware.tumblr.com).
Jovi Umawing (Thanks to the GFI Labs team)
Leave a reply
