USAA Spoof Spam Lures USAA Members with Hacked Credentials

If you find this useful please share it!

Members of USAA insurance and banking programs have been receiving email that appears to come from USAA (which stands for United Services Automobile Association), but which are actually phishing scams. The scam email comes from the nonexistent domain usaaservice.com (such as from “USAA.ServiceAccount@usaaservice.com”).

While it is unclear when and exactly how the scammers obtained the email addresses of the members, and we could find no announcement of USAA being hacked, USAA members have been complaining of being hacked over on the USAA member forums.

So far, most of the complaints have been of USAA member debit card and bank accounts being impacted (with some members saying that their accounts were wiped out), and in at least some cases the criminals had in their possession all of the credentials necessary to appear to be the account holder and to get full access.

 

The criminal called again stating they had been in a wreck and needed to get cash to pay the expense out of pocket, again denied. They then somehow accessed my on-line account and I am told they were able to answer 3 of the 4 security questions, my SSN#, my PIN, and my phone password so the request was granted and they then proceeded to wipe me out in 8 increments of around $640 and one at over $400.
BTX, 06-02-2016

The spoof email from USAA appears to come from “USAA.ServiceAccount@usaaservice.com” (the real USAA sends from “usaa.com” – the domain usaaservice.com doesn’t actually even exist as of the time of this writing), and the samples we’ve seen bear the subject line “Member Service Mail Alert”.

But perhaps the most immediately telling thing about this scam email is that it contains no text at all, it’s just one big image (legitimate companies never – or at least should never – do that).

Here’s what it looks like:

Read Internet Patrol Articles Right in Your Inbox
as Soon as They are Published! Only $1 a Month!

Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
USAA Spoof Spam Lures USAA Members with Hacked Credentials
Or get notified of new Internet Patrol articles for free!

usaa scam email image

 

Looks pretty legitimate, doesn’t it?

But here’s what happens when you hover over any part of the image – including the “links”, which they want you to click:

usaa spam phishing

 

Of course, wegnerpc.hu is the scammers’ site. (.hu is the top level domain for Hungary.)

Here’s what an actual USAA notice, which will come from a subdomain with usaa.com as the primary domain, such as customermail.usaa.com or mailcenterusaa.com, looks like:

actual usaa notice

 

 

As is always, always the case, when you get an email from a company asking you to log in to your account, always, ALWAYS go directly to the site in your browser and log in, instead of clicking on any links in the email.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money.That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?Thank you!

USAA Spoof Spam Lures USAA Members with Hacked Credentials

Get notified of new Internet Patrol articles!
People also searched for hacking emails from USAA (1), usaa bank account hacked (1), usaa card hacked (1), usaa checking account hacked (1), usaa member number (1), usaa spoof (1), usaa spoof email (1)

If you find this useful please share it!

3 Replies to “USAA Spoof Spam Lures USAA Members with Hacked Credentials”

  1. There are other features of that phishing message that betray its nature.

    Firstly, the message does not address the recipient by name, or in any other way identify the account that has supposedly undergone suspicious activity.

    Secondly, the pretext doesn’t make sense. Messages that describe (successful or unsuccessful) logins say something along the line of “If you performed this action, no further action is required of you. If not, let us know.” Making the customer log in will not help characterize the previous, unsuccessful login attempt.

    Thirdly, if login attempts failed, that contradicts the statement that different users could access the account.

    Thirdly, in at least four places the grammar is erroneous or clumsy. This is a situation in which the grammar that we learned in school is useful.

  2. I actually received that email but deleted it as I don’t bank with USAA, but it looked fairly legitimate. Good article.

Leave a Reply

Your email address will not be published. Required fields are marked *