We are seeing heavy traffic related to a phishing campaign that is attempting to steal money as well as personal data from members of the US military and their families, demonstrating once again that cybercriminals have no trepidation about ripping off anyone and everyone they can. The phishing campaign is directed at members of the financial services firm USAA, a financial institution that is very popular among current and former members of the armed forces.
These emails come with subject lines such as USAA Notification, Security Alert, Urgent Message for USAA Customer, etc. A link in the email takes you to a fake login page that asks you for all your pertinent USAA login and personal financial data. Once the information is submitted you are directed to a faked USAA website that looks identical to the real thing. This is actually quite unique in an attack like this, as most of the time you would be redirected to the ACTUAL USAA website. Each unique domain is serving up a complete fake USAA website. At this time we are monitoring (and blocking) over 1500 unique domains that are all registered with the free .tk (tld).
Here is a look at the phishing email
A link in the email leads to this fake login page:
Although we do see phishing attempts directed at USAA members among hundreds of other financial firms on a regular basis, this is one of the more intricate and widespread phishing campaigns that we have seen in quite some time. Remember never submit any personal or financial data after following links sent via email as your financial institution will not ask you to do so.
Powered by Compendium
Comments for Scam Takes Aim At Military Families
blog comments powered by Disqus