The United Services Automobile Association (USAA) is warning members that their Enterprise Security Group has come across an “aggressive email phishing scam” that alerts recipients of a deposit that was made on their behalf.
The email is designed to look as genuine as possible, containing links and symbols that belong to the organization and even links that point to the legitimate website.
However, if the recipient wants to find out detailed information on how $1,674 (1171 EUR) was deposited without his knowledge, he has to open an attachment that allegedly contains explanations.
Once the attachment is opened, it unleashes a piece of malware that targets the banking information that belongs to the unsuspecting user.
Since the email comes from a spoofed address, it may be easy for recipients to fall into the cleverly set trap.
Unfortunately, USAA members are highly targeted by phishing scams, each time the crooks coming up with different topics and threats and that is why the association advises customers to follow some basic steps to determine the legitimacy of such an email.
First of all, they should check the four digits in the Security Zone section to make sure they match the last four digits found in their member number.
Crooks can’t easily obtain those numbers, which means that in most cases, the numbers from the email will not match the real ones.
When they discover such phony notifications, users are recommended to forward them to firstname.lastname@example.org so they can be tracked by USAA which will make sure their clients are kept informed about scams like this.
Individuals are also advised to avoid emails that don’t address them by their names. Companies that send notifications usually possess a database that automatically creates emails with precise information.
Messages that make threats are also to be avoided. A trusted organization rarely threatens customers, especially with account suspension.