Members of USAA insurance and banking programs have been receiving email that appears to come from USAA (which stands for United Services Automobile Association), but which are actually phishing scams. The scam email comes from the nonexistent domain usaaservice.com (such as from “USAA.ServiceAccount@usaaservice.com”).
While it is unclear when and exactly how the scammers obtained the email addresses of the members, and we could find no announcement of USAA being hacked, USAA members have been complaining of being hacked over on the USAA member forums.
So far, most of the complaints have been of USAA member debit card and bank accounts being impacted (with some members saying that their accounts were wiped out), and in at least some cases the criminals had in their possession all of the credentials necessary to appear to be the account holder and to get full access.
– BTX, 06-02-2016
The spoof email from USAA appears to come from “USAA.ServiceAccount@usaaservice.com” (the real USAA sends from “usaa.com” – the domain usaaservice.com doesn’t actually even exist as of the time of this writing), and the samples we’ve seen bear the subject line “Member Service Mail Alert”.
But perhaps the most immediately telling thing about this scam email is that it contains no text at all, it’s just one big image (legitimate companies never – or at least should never – do that).
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
Here’s what it looks like:
Looks pretty legitimate, doesn’t it?
|We know you're sick of ads on websites. But we still need to pay to keep the lights on for you. So instead of huge ads and video ads, we use smaller, plainer ads. Still, if you'd like to support the Internet Patrol but not the ads, please consider supporting us here:|
But here’s what happens when you hover over any part of the image – including the “links”, which they want you to click:
Of course, wegnerpc.hu is the scammers’ site. (.hu is the top level domain for Hungary.)
Here’s what an actual USAA notice, which will come from a subdomain with usaa.com as the primary domain, such as customermail.usaa.com or mailcenterusaa.com, looks like:
As is always, always the case, when you get an email from a company asking you to log in to your account, always, ALWAYS go directly to the site in your browser and log in, instead of clicking on any links in the email.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!