The United States military has enough hardship without malware attacks. A new phishing attack is circulating which seeks to steal money and identity information from United States military members and their families.
Specifically, the phishing scam is aimed at the more than seven million members of USAA. USAA--which stands for United Services Automobile Association--is a Fortune 500 financial services company which has expanded well beyond the scope of a simple automobile association. USAA provides banking, investments, and insurance for current and former military members and their families.
A blog post from AppRiver explains, "We are seeing heavy traffic related to a phishing campaign that is attempting to steal money as well as personal data from members of the US military and their families, demonstrating once again that cybercriminals have no trepidation about ripping off anyone and everyone they can."
AppRiver describes the phishing attack, "These emails come with subject lines such as 'USAA Notification', 'Security Alert', 'Urgent Message for USAA Customer', etc. A link in the email takes you to a fake login page that asks you for all your pertinent USAA login and personal financial data. Once the information is submitted you are directed to a faked USAA website that looks identical to the real thing."
One thing that is unique about this phishing attack, aside from specifically targeting American military members, is that the victim is directed to a spoofed USAA Web site rather than simply being redirected to the real site once the credentials are captured. AppRiver says, "Each unique domain is serving up a complete fake USAA website. At this time we are monitoring (and blocking) over 1500 unique domains that are all registered with the free .tk (tld)."
I served in the United States military, and I have a number of close friends who still do. I can tell you that the distinguished members of our armed forces are not typically wealthy individuals. Sadly, although paid from United States tax dollars in the first place, soldiers incomes are also taxed, and many military members fall below poverty lines that qualify them for additional government welfare and assistance. Hardly a proper "thank you" for the service and dedication of these brave individuals.
That is why this particular threat seems both silly--from the standpoint that most military families won't really have much in the way of assets to steal, and heinous--from the standpoint that those serving in the United States military, and their families, already put up with enough hardship without also being targeted by a phishing attack.
With this attack, as with all malware and phishing scams, users need to be aware that reputable companies and financial institutions might e-mail an alert message, but will not include a file attachment or link within the message. Never open any file attachment or click on any link in an e-mail such as this no matter how credible it looks.
If you receive an alert like this in your e-mail, and you are concerned that it could be legitimate, close the e-mail and type in the URL to connect with the organization yourself to ensure you aren't being redirected to a malicious page. Better yet, pick up the phone and call customer service to verify whether or not there is a real issue with your account.