A blog run by AppRiver is seeing heavy traffic related to a phishing campaign that is attempting to steal money as well as personal data from members of the US military and their families. The phishing campaign is directed at members of the financial services firm USAA, a financial institution popular among current/retired military members.
These emails come with subject lines such as USAA Notification, Security Alert, Urgent Message for USAA Customer, etc. A link in the email takes you to a fake login page that asks you for all your pertinent USAA login and personal financial data. Once the information is submitted you are directed to a faked USAA website that looks identical to the real thing. For more information and screenshots of what the emails look like, click here.
Other helpful resources: Antiphishing.org | DISA: IA Training
Update (Nov 10): Below is the message I received. Do not click on the links!
“We recently have determined that different computers have logged onto your Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us.
If this is not completed by November 11, 2010, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner.
To confirm your Online Banking records click on the following link:
https://www.usaa.com/inet/ent_logon/Logon
Thank you for your patience in this matter.
USAA Customer Service
Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.”
