E-mails purportedly sent by the United States Automobile Association (USAA) have been hitting inboxes in the last few days, M86 researchers warn.
In it, the recipients are urged to fill out a “new version of USAA Confirmation Form” by following the offered (shortened) link, which redirects the potential victim to the phishing page. The fake form requests users to enter their online ID, password, name, e-mail, USAA card number, expiration date, security code and PIN – since the USAA provides a banking and credit card service:
Luckily for the potential victims, there are many things in this e-mail campaign that can raise their suspicion. A small mistake in the wording of the message, the use of bit.ly shortened links and the warning of the link-shortening service that there might be a problem with the destination URL:
Even if the user chooses to disregard this warning, when he finally lands on the phishing page one look at the address bar will tell him that this is not the correct address.