Online-banking bandits are trying to use conniving emails to pilfer funds from the bank accounts of members of the U.S. military and their families.
The United Services Automobile Association, a San Antonio, Texas-based financial firm that serves current and former military and their families, issued a warning Monday advising its customers to be aware of an "aggressive email phishing scam."
The phony emails, titled "Deposit Posted," appear to come from the USAA; the logo is accurate and includes a four-digit "Security Zone" number that looks similar to the customer's real member number, a USAA spokesperson told SecurityNewsDaily. The message informs recipients that the firm processed a deposit and posted it to their account.
Beneath the made-up deposit, the phishing email reads: "Please refer to attached file for more details." Users who click on this attachment would be immediately hit with a dangerous Trojan designed to steal banking credentials.
A nearly identical scam targeted USAA members in November 2010, but that particular campaign hit targets with fake login pages that attempted to trick them into entering their financial information, rather than infecting their computers and stealing it themselves.
While this batch of phishing emails only targets USAA members, it provides an important lesson: Don't blindly trust emails that appear to come from your financial institution, especially ones that ask you to click suspicious links or enter confidential information. Legitimate financial institutions will never send unsolicited messages asking for your personal banking details. It's also important to run anti-virus software on your computer, which can help detect phishing campaigns like this.
In addition to anti-virus software, people need to use basic common sense to keep themselves out of harm's way.
Speaking about the prevalence of online scams, and the fact that year after year people continue to fall for them, Robert Enderle, principal analyst for the Enderle Group, told SecurityNewsDaily people tend to go on "auto-pilot" when they're on the Web, a default mentality that can leave them extremely vulnerable.
"It's very much like we don't fully engage our brains," he said. "With Facebook requests, or the kinds of [emails] we're getting all day long, even if they obviously look off, it's easy to go through and say, 'Let's see what it is.'"
"All of us need to be a lot more careful," he added. "It's a hostile world out there … nobody should feel safe, like, 'It couldn't happen to me.'"
Richard Clooke, online-security expert for the security firm PC Tools, echoed Enderle's call to battle online scams with awareness.
"Everyone needs to be better educated and tech savvy," he told SecurityNewsDaily. Clooke compared browsing the Web to driving a car on a familiar road, and said, "You become so relaxed, you're not looking out for those things that might not be what they are."