Phishing Campaign Targets United Services Automobile Association
In yet another phishing campaign held by the security experts at security firm, GFI Software, customers of a Texas-based diversified financial services group of companies, United Services Automobile Association (USAA) that offers banking, investing, and insurance services to people who served in the US military.
The mail opens up in a very authentic note claiming the account holder that their account has been suspended temporarily for security reasons. Thus to continue access with Internet banking account with the USAA Bank, the customer needs to undergo the verification process. To do the same, they are required to follow the reference link.
A link is provided below with the following heading, "Click here to verify [Link]".
Another authentic looking advice in the mail says that the user is required to log-off completely their Internet banking account once the Internet banking has been accessed from a public place or computer.
In the e-mail, the sender also attaches a thank-you note on behalf of 'USAA Internet Banking'.
Even though the notification seems to be set in an authenticated tone, these are only some ways of winning confidence and indulge the naïve user into clicking some of the fake USAA login page. It is so because the victim is asked to provide all the confidential information like their IDs, passwords and PINS.
Nevertheless, GFI experts highlights that the actual USAA login page does not request the user for the same.
According to Jovi Umawing, Writer, Researcher, Marketing and PR Person with GFI Software, PIN numbers are easily identified and thus recommended not to provide them by any means. Members should never provide such confidential information and service providers should also never ask for them, as published by gfi.com on November 7, 2012.
The banking service of USAA is accessible to anyone locally and internationally. Thus, the phishing campaign is not safe for private citizens as well.
However, GFI notifies recipients of the phishing e-mail not to forward the same to their friends or acquaintance and delete it immediately. They should not indulge in replying the mail to too for their own security.
Related article: Phishing Attacks, Growing in Sophistication
» SPAMfighter News - 17-11-2012