Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
USAA phishing
Old 05-09-2010, 10:49 AM   #1
Thinks s/he gets paid by the post
IndependentlyPoor's Avatar
 
Join Date: Jul 2009
Location: Austin
Posts: 1,142
USAA phishing

A friend of mine uses some of his ER free time to help track down web scams for the OpenDNS folks. This site was recently shut down, then popped up again at a different ISP.

See anything wrong with this page (other than the Phishtank logo)?
I don't either.

Be Careful!
phishing.PNG
__________________

__________________
Start by admitting
from cradle to tomb
it isn't that long a stay.
IndependentlyPoor is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 05-09-2010, 10:55 AM   #2
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
REWahoo's Avatar
 
Join Date: Jun 2002
Location: Texas Hill Country
Posts: 42,074
I've had several of these USAA phishing attempts hit my email over the past couple of weeks. They are scarily realistic.
__________________

__________________
Numbers is hard

When I hit 70, it hit back

Retired in 2005 at age 58, no pension
REWahoo is offline   Reply With Quote
Old 05-09-2010, 10:59 AM   #3
Thinks s/he gets paid by the post
IndependentlyPoor's Avatar
 
Join Date: Jul 2009
Location: Austin
Posts: 1,142
I haven't seen the emails. I suppose they give some reason for logging into your account and then include a link to the phony site. Could you post some details?
__________________
Start by admitting
from cradle to tomb
it isn't that long a stay.
IndependentlyPoor is offline   Reply With Quote
Old 05-09-2010, 11:07 AM   #4
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
REWahoo's Avatar
 
Join Date: Jun 2002
Location: Texas Hill Country
Posts: 42,074
Here is the text of an email I got last week. The message was from USAA Savings Bank and titled "Unauthorized Activity".
Attached Images
File Type: jpg USAA phish.jpg (46.0 KB, 42 views)
__________________
Numbers is hard

When I hit 70, it hit back

Retired in 2005 at age 58, no pension
REWahoo is offline   Reply With Quote
Old 05-09-2010, 11:14 AM   #5
Thinks s/he gets paid by the post
IndependentlyPoor's Avatar
 
Join Date: Jul 2009
Location: Austin
Posts: 1,142
I presume you weren't taken in. I just might have been.
__________________
Start by admitting
from cradle to tomb
it isn't that long a stay.
IndependentlyPoor is offline   Reply With Quote
Old 05-09-2010, 11:23 AM   #6
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
REWahoo's Avatar
 
Join Date: Jun 2002
Location: Texas Hill Country
Posts: 42,074
Quote:
Originally Posted by IndependentlyPoor View Post
I presume you weren't taken in. I just might have been.
I never respond to an email from any of my financial sites through a link in the message. But it is easy to see how some dottering old Colonel who thinks he's still at the top of his game could easily fall for it.
__________________
Numbers is hard

When I hit 70, it hit back

Retired in 2005 at age 58, no pension
REWahoo is offline   Reply With Quote
Old 05-09-2010, 11:34 AM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,884
I almost fell the for ol' paypal phishing scam before. I had just purchased something via paypal by coincidence and while caught off guard, my mind automatically incorrectly associated my purchase with the phishing email. I use Spoofstick as a safety check when any emails seem phishy.
__________________
easysurfer is offline   Reply With Quote
Old 05-09-2010, 11:36 AM   #8
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,456
Any time I get a phishing email, I forward it (with headers expanded) to the financial institution being targeted. Most institutions have an email address for fraud.

Audrey
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 05-09-2010, 11:53 AM   #9
Moderator
ziggy29's Avatar
 
Join Date: Oct 2005
Location: Texas
Posts: 15,612
Most scams like this use a generic greeting like "Dear Member" or "Dear Customer" or something like that. Most genuine communications will actually refer to you by name. (That's not a sure thing, but I would look with *extreme* suspicion in an e-mail from a financial institution that didn't address me by name.)

Also, any legitimate e-mail that contains links will also allow you to perform the same action directly by typing in the site's URL in the browser.

Note also that in a phishing scam, even when they display a legitimate URL (as in the USAA phishing example above), the underlying code takes you to a different place which often differs from the legitimate site by adding another letter or putting in a dash instead of a slash among other things.
__________________
"Hey, for every ten dollars, that's another hour that I have to be in the work place. That's an hour of my life. And my life is a very finite thing. I have only 'x' number of hours left before I'm dead. So how do I want to use these hours of my life? Do I want to use them just spending it on more crap and more stuff, or do I want to start getting a handle on it and using my life more intelligently?" -- Joe Dominguez (1938 - 1997)

RIP to Reemy, my avatar dog (2003 - 9/16/2017)
ziggy29 is offline   Reply With Quote
Old 05-09-2010, 02:14 PM   #10
Thinks s/he gets paid by the post
 
Join Date: Nov 2005
Location: North of Montana
Posts: 2,753
Right click the link and select <Properties>. This will give you (among other things) the URL that will be addressed if you follow the link. Usually it's easy to spot a non-authentic URL. If you're not sure, assume its phishing.

Using Firefox, you can also:
Roll your mouse over the link, then look at the bottom left area in your browser. The URL will be there.
__________________
There are two kinds of people in the world: those who can extrapolate conclusions from insufficient data and ..
kumquat is offline   Reply With Quote
Old 05-09-2010, 02:14 PM   #11
Moderator Emeritus
Nords's Avatar
 
Join Date: Dec 2002
Location: Oahu
Posts: 26,616
Haven't seen it yet. Might not ever see it.

Since I switched from Hotmail to Gmail my spam has gone from 3-4/day to one or two a week. Oddly enough they're for SEO, nothing else.
__________________
*
*

The book written on E-R.org, "The Military Guide to Financial Independence and Retirement", on sale now! For more info see "About Me" in my profile.
I don't spend much time here anymore, so please send me a PM. Thanks.
Nords is offline   Reply With Quote
Old 05-10-2010, 07:01 AM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 8,637
The best defense is to never follow an email link to a financial site - period. Trying to analyze URLs or other means to determine whether it is a phish attempt risks getting fooled by especially talented phishers. Granted this one was typically weak. Look at the following language, certainly not from the English grads in the marketing department: "...appreciate your support in helping us maintaining the integrity..."
__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is online now   Reply With Quote
Old 05-10-2010, 07:58 AM   #13
Thinks s/he gets paid by the post
 
Join Date: Nov 2009
Posts: 3,856
My ladyfriend has received a few of those from those claiming to be her bank but she is savvy enough to suspect them and not click on the link. Instead, she contacted her bank and was given an email address of their security/fraud team to send the phishing email to. She got an email from one claiming to be my bank so she forwarded it to me and I sent it to my bank's security/fraud team.
__________________
scrabbler1 is offline   Reply With Quote
Old 05-10-2010, 11:28 AM   #14
Full time employment: Posting here.
Darryl's Avatar
 
Join Date: Mar 2007
Posts: 577
I got this email closed it signed into USAA the normal way and they had a warning posted already about the scam. The fake quality is improving.
__________________
I highjacked a rainbow and crashed into a pot of gold - Bon Jovi
Darryl is offline   Reply With Quote
Old 05-10-2010, 11:36 AM   #15
Thinks s/he gets paid by the post
IndependentlyPoor's Avatar
 
Join Date: Jul 2009
Location: Austin
Posts: 1,142
I wish USAA would switch to a two-step login like the one Vanguard uses.
__________________
Start by admitting
from cradle to tomb
it isn't that long a stay.
IndependentlyPoor is offline   Reply With Quote
Old 05-10-2010, 11:41 AM   #16
Thinks s/he gets paid by the post
Bimmerbill's Avatar
 
Join Date: Jan 2006
Posts: 1,631
I have not seen it, but my log in page doesn't ask for PIN up front. It only asks for PIN once I've logged in and try to select one of my accounts.
__________________
Bimmerbill is offline   Reply With Quote
Old 05-10-2010, 09:52 PM   #17
Recycles dryer sheets
beowulf's Avatar
 
Join Date: Oct 2007
Posts: 466
I've received several of the USAA e-mails and forwarded them to abuse@usaa.com. Each time I received an acknowledgement from USAA. They send these things to millions of e-mail addresses and have no idea who is or is not a USAA member. I also get them for many banks I do no business with and some I have never heard of.

I agree with everyone who said never to sign into a webpage linked to an e-mail. That's the safest way.
__________________
Mission accomplished - not necessarily ER, but certainly R.
beowulf is offline   Reply With Quote
Old 05-10-2010, 10:01 PM   #18
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,079
Quote:
Originally Posted by IndependentlyPoor View Post
I wish USAA would switch to a two-step login like the one Vanguard uses.
I like this approach also, but apparently it doesn't help the vast majority of account holders. A phishing site will put out a message apologizing that their image server is down and the person being phished will proceed and enter their password.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Old 05-11-2010, 10:44 AM   #19
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
mickeyd's Avatar
 
Join Date: Apr 2004
Location: South Texas~29N/98W
Posts: 5,880
USAA has had an alert regarding phishing scams like this on it's web site for a while. I suppose that it's an ongoing problem. Always good to remember that legit financial sites do not EVER send out emails asking for data from their customers.
__________________
Part-Owner of Texas

Outside of a dog, a book is man's best friend. Inside of a dog, it's too dark to read. Groucho Marx

In dire need of: faster horses, younger woman, older whiskey, more money.
mickeyd is offline   Reply With Quote
Old 05-11-2010, 12:17 PM   #20
Thinks s/he gets paid by the post
Rustic23's Avatar
 
Join Date: Dec 2005
Location: Lake Livingston, Tx
Posts: 3,624
USAA, and others could solve this. All they have to do is stop putting links in their emails, and let their customers know that they won't. Then when you get and email with a link in it, you know it did not come from USAA. If they want to direct you to some page, tell you to log on to USAA and click the 'Whats of futsit button'! or link on their site.
__________________

__________________
If it is after 5:00 when I post I reserve the right to disavow anything I posted.
Rustic23 is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
USAA Phishing Scam mickeyd Other topics 0 04-01-2009 02:59 PM
Paypal Phishing? TromboneAl Other topics 12 06-13-2008 08:49 PM
USAA phishing scam mickeyd FIRE and Money 2 06-05-2007 12:12 AM
USAA Member? Please read about Phishing mickeyd Other topics 0 07-10-2006 03:33 PM
excellent phishing attempt eridanus Other topics 6 03-21-2006 03:58 PM

 

 
All times are GMT -6. The time now is 08:20 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.