|
|
05-09-2010, 09:49 AM
|
#1
|
Thinks s/he gets paid by the post
Join Date: Jul 2009
Location: Austin
Posts: 1,142
|
USAA phishing
A friend of mine uses some of his ER free time to help track down web scams for the OpenDNS folks. This site was recently shut down, then popped up again at a different ISP.
See anything wrong with this page (other than the Phishtank logo)?
I don't either.
Be Careful!
phishing.PNG
__________________
Start by admitting
from cradle to tomb
it isn't that long a stay.
|
|
|
|
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!
Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!
You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!
|
05-09-2010, 09:55 AM
|
#2
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jun 2002
Location: Texas: No Country for Old Men
Posts: 50,021
|
I've had several of these USAA phishing attempts hit my email over the past couple of weeks. They are scarily realistic.
__________________
Numbers is hard
|
|
|
05-09-2010, 09:59 AM
|
#3
|
Thinks s/he gets paid by the post
Join Date: Jul 2009
Location: Austin
Posts: 1,142
|
I haven't seen the emails. I suppose they give some reason for logging into your account and then include a link to the phony site. Could you post some details?
__________________
Start by admitting
from cradle to tomb
it isn't that long a stay.
|
|
|
05-09-2010, 10:07 AM
|
#4
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jun 2002
Location: Texas: No Country for Old Men
Posts: 50,021
|
Here is the text of an email I got last week. The message was from USAA Savings Bank and titled "Unauthorized Activity".
__________________
Numbers is hard
|
|
|
05-09-2010, 10:14 AM
|
#5
|
Thinks s/he gets paid by the post
Join Date: Jul 2009
Location: Austin
Posts: 1,142
|
I presume you weren't taken in. I just might have been.
__________________
Start by admitting
from cradle to tomb
it isn't that long a stay.
|
|
|
05-09-2010, 10:23 AM
|
#6
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jun 2002
Location: Texas: No Country for Old Men
Posts: 50,021
|
I never respond to an email from any of my financial sites through a link in the message. But it is easy to see how some dottering old Colonel who thinks he's still at the top of his game could easily fall for it.
__________________
Numbers is hard
|
|
|
05-09-2010, 10:34 AM
|
#7
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jun 2008
Posts: 13,143
|
I almost fell the for ol' paypal phishing scam before. I had just purchased something via paypal by coincidence and while caught off guard, my mind automatically incorrectly associated my purchase with the phishing email. I use Spoofstick as a safety check when any emails seem phishy.
|
|
|
05-09-2010, 10:36 AM
|
#8
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 38,140
|
Any time I get a phishing email, I forward it (with headers expanded) to the financial institution being targeted. Most institutions have an email address for fraud.
Audrey
__________________
Retired since summer 1999.
|
|
|
05-09-2010, 10:53 AM
|
#9
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Oct 2005
Location: North Oregon Coast
Posts: 16,483
|
Most scams like this use a generic greeting like "Dear Member" or "Dear Customer" or something like that. Most genuine communications will actually refer to you by name. (That's not a sure thing, but I would look with *extreme* suspicion in an e-mail from a financial institution that didn't address me by name.)
Also, any legitimate e-mail that contains links will also allow you to perform the same action directly by typing in the site's URL in the browser.
Note also that in a phishing scam, even when they display a legitimate URL (as in the USAA phishing example above), the underlying code takes you to a different place which often differs from the legitimate site by adding another letter or putting in a dash instead of a slash among other things.
__________________
"Hey, for every ten dollars, that's another hour that I have to be in the work place. That's an hour of my life. And my life is a very finite thing. I have only 'x' number of hours left before I'm dead. So how do I want to use these hours of my life? Do I want to use them just spending it on more crap and more stuff, or do I want to start getting a handle on it and using my life more intelligently?" -- Joe Dominguez (1938 - 1997)
|
|
|
05-09-2010, 01:14 PM
|
#10
|
Thinks s/he gets paid by the post
Join Date: Nov 2005
Location: North of Montana
Posts: 2,769
|
Right click the link and select <Properties>. This will give you (among other things) the URL that will be addressed if you follow the link. Usually it's easy to spot a non-authentic URL. If you're not sure, assume its phishing.
Using Firefox, you can also:
Roll your mouse over the link, then look at the bottom left area in your browser. The URL will be there.
__________________
There are two kinds of people in the world: those who can extrapolate conclusions from insufficient data and ..
|
|
|
05-09-2010, 01:14 PM
|
#11
|
Moderator Emeritus
Join Date: Dec 2002
Location: Oahu
Posts: 26,860
|
Haven't seen it yet. Might not ever see it.
Since I switched from Hotmail to Gmail my spam has gone from 3-4/day to one or two a week. Oddly enough they're for SEO, nothing else.
__________________
*
Co-author (with my daughter) of “Raising Your Money-Savvy Family For Next Generation Financial Independence.”
Author of the book written on E-R.org: "The Military Guide to Financial Independence and Retirement."
I don't spend much time here— please send a PM.
|
|
|
05-10-2010, 06:01 AM
|
#12
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Feb 2006
Location: Washington, DC
Posts: 11,327
|
The best defense is to never follow an email link to a financial site - period. Trying to analyze URLs or other means to determine whether it is a phish attempt risks getting fooled by especially talented phishers. Granted this one was typically weak. Look at the following language, certainly not from the English grads in the marketing department: "...appreciate your support in helping us maintaining the integrity..."
__________________
Idleness is fatal only to the mediocre -- Albert Camus
|
|
|
05-10-2010, 06:58 AM
|
#13
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Nov 2009
Posts: 6,695
|
My ladyfriend has received a few of those from those claiming to be her bank but she is savvy enough to suspect them and not click on the link. Instead, she contacted her bank and was given an email address of their security/fraud team to send the phishing email to. She got an email from one claiming to be my bank so she forwarded it to me and I sent it to my bank's security/fraud team.
|
|
|
05-10-2010, 10:28 AM
|
#14
|
Full time employment: Posting here.
Join Date: Mar 2007
Posts: 577
|
I got this email closed it signed into USAA the normal way and they had a warning posted already about the scam. The fake quality is improving.
__________________
I highjacked a rainbow and crashed into a pot of gold - Bon Jovi
|
|
|
05-10-2010, 10:36 AM
|
#15
|
Thinks s/he gets paid by the post
Join Date: Jul 2009
Location: Austin
Posts: 1,142
|
I wish USAA would switch to a two-step login like the one Vanguard uses.
__________________
Start by admitting
from cradle to tomb
it isn't that long a stay.
|
|
|
05-10-2010, 10:41 AM
|
#16
|
Thinks s/he gets paid by the post
Join Date: Jan 2006
Posts: 1,645
|
I have not seen it, but my log in page doesn't ask for PIN up front. It only asks for PIN once I've logged in and try to select one of my accounts.
|
|
|
05-10-2010, 08:52 PM
|
#17
|
Full time employment: Posting here.
Join Date: Oct 2007
Posts: 798
|
I've received several of the USAA e-mails and forwarded them to abuse@usaa.com. Each time I received an acknowledgement from USAA. They send these things to millions of e-mail addresses and have no idea who is or is not a USAA member. I also get them for many banks I do no business with and some I have never heard of.
I agree with everyone who said never to sign into a webpage linked to an e-mail. That's the safest way.
__________________
Mission accomplished - not necessarily ER, but certainly R.
|
|
|
05-10-2010, 09:01 PM
|
#18
|
Administrator
Join Date: Jul 2005
Location: N. Yorkshire
Posts: 34,124
|
Quote:
Originally Posted by IndependentlyPoor
I wish USAA would switch to a two-step login like the one Vanguard uses.
|
I like this approach also, but apparently it doesn't help the vast majority of account holders. A phishing site will put out a message apologizing that their image server is down and the person being phished will proceed and enter their password.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
|
|
|
05-11-2010, 09:44 AM
|
#19
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Apr 2004
Location: South Texas~29N/98W Just West of Woman Hollering Creek
Posts: 6,674
|
USAA has had an alert regarding phishing scams like this on it's web site for a while. I suppose that it's an ongoing problem. Always good to remember that legit financial sites do not EVER send out emails asking for data from their customers.
__________________
Part-Owner of Texas
Outside of a dog, a book is man's best friend. Inside of a dog, it's too dark to read. Groucho Marx
In dire need of: faster horses, younger woman, older whiskey, more money.
|
|
|
05-11-2010, 11:17 AM
|
#20
|
Thinks s/he gets paid by the post
Join Date: Dec 2005
Location: Lake Livingston, Tx
Posts: 4,204
|
USAA, and others could solve this. All they have to do is stop putting links in their emails, and let their customers know that they won't. Then when you get and email with a link in it, you know it did not come from USAA. If they want to direct you to some page, tell you to log on to USAA and click the 'Whats of futsit button'! or link on their site.
__________________
If it is after 5:00 when I post I reserve the right to disavow anything I posted.
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» Recent Threads
|
|
|
|
|
|
|
|
|
|
|
|
|
» Quick Links
|
|
|