USAA is warning its members about a sophisticated phishing scam that attempts to install a malicious banking Trojan on members computers.
The Texas-based financial services association issued a notice to members on Monday about what it described as an “aggressive email phishing scam” directed at USAA members. The phishing e-mails have the subject line “Deposit Posted” and even include a randomly generated four digit “Security Zone” number that mimics the customer’s actual USAA member number, the firm said.
USAA said that the e-mail messages do not contain malicious links, but do ask members to open an attachment that, once opened, will install a “malicious banking virus” designed to steal user account information and that would “require a complete reinstall of your computers (sp) operating system.”
This isn’t the first time USAA, which serves current and former U.S. military officers and their families, has been subject to phishing scams. The Association warned members in September, 2010, about a phishing campaign against its members in which e-mail messages claiming to have detected fraudulent account activity were used to try to harvest user credentials. In November, a similar scam posed as a USAA Confirmation form.