Scammed E-mails Apparently Coming from USAA
Cybercriminals have been sending an electronic mail, which appears to be coming from the United Services Automobile Association (USAA), with the aim to filch the member's private information, according to a Stripes Central news report dated December 1, 2011.
The victims allege that the scammed email, which appears to be coming from the USAA, asks the recipient to follow a link in order to secure his account. The post includes the message stating that the user has tried to access usaa.com, but he was denied the access mainly due to two reasons, either the personal authentication question did not go with the record or the answer was not given.
The email also asks the user to choose for 'That Was Not Me' option if he has forgotten about when he tried to access the online banking. He is then driven to fill in his present identity.
The USAA asserts that the victims, who click on the link given, are questioned about their billing address, PIN and card number, and other vital data.
On clicking 'Next', the member is taken to another website which asks to set up security questions, and a subsequent hit on the 'Next' button leads to the opening of a website which finally inquires about the member's card details, like card number, expiry date, email ID, password, etc.
Though the post contains a USAA sign for the authenticity, security experts are sure that the Association would not inquire about any personal information, like password for email.
According to experts, authentic USAA websites make use of Extended Validation (EV) certificates which are part of a verification process that turns the Web address bar green and helps user visit a genuine website.
The USAA advises the victims that if they get any email or pop-up message which inquires about personal or financial details, then they should neither reply nor click on the link in the post. The genuine companies never ask for such details through emails. On receiving such a post, the recipient should contact the company mentioned in the email through telephone.
» SPAMfighter News - 09-12-2011