Cybercriminals target USAA members

Never, in any social media setting, provide usernames and passwords to anyone; your bank will not ask for personal information, including debit card numbers and PINs. Photo by Photos.com.
Never, in any social media setting, provide usernames and passwords to anyone; your bank will not ask for personal information, including debit card numbers and PINs. Photo by Photos.com.

U.S. Army Criminal Investigation Command

The U.S. Army’s Computer Crime Investigative Unit warn of a social media fraud scheme targeting USAA members. The scheme may target other groups or financial institutions because the techniques can be easily adapted.

The scammer, pretending to be an official representative of USAA, contacts a USAA member on social media (e.g., Facebook, Twitter, Instagram) claiming the member has won an award or is eligible for a customer incentive. In order to receive the award payment, the member is asked to pay a finder’s fee, commission or service charge.

Conveniently, the fee can be paid from the proceeds of the award. The scammer asks for the USAA member’s mobile banking credentials (username, password and PIN) and uses USAA’s mobile banking application to deposit checks into the member’s account. Then, the member is asked to electronically pay the finder’s fee to the purported USAA official, usually through a wire or money transfer service like Moneygram or Western Union. Wire and money transfer services are used because traceability is often limited.

Predictably, the deposited award checks are not genuine and, after several days, are returned unpaid and charged back to the USAA member’s account. While the deposits are fake, the money the member wires to the scammer is very real.

Most likely, the scammers surf social media content (images and comments) randomly identifying military personnel and their family members. Once identified, they are prime targets for the USAA scam, not because the scammer has specific knowledge of any actual USAA affiliation. Rather, the scammers shotgun their messages betting (and current reporting indicates good odds of success) that at least some of the recipients actually have USAA relationships.

As a reminder, be sure to verify through established channels the authenticity of anyone asking for your personal information, financial information, passwords, PINs and so forth, especially if you did not initiate the interaction.

Recommended Practices

Be suspicious when someone you do not know contacts you and asks for your personal information.

Never, in any social media setting, provide usernames and passwords to anyone; your bank will not ask for personal information, including debit card numbers and PINs.

Verify, verify, verify! Contact the financial institution directly.

Use a telephone number or email you know to be valid; look on the financial institution’s website, the backs of your debit or credit cards or statements.

Do not rely on the person who contacted you to provide a verification telephone number or email. Remember, you are verifying because you are skeptical of the person’s reliability.

If you are suspicious about any social media post claiming to be from USAA or you have been approached as described in this Cybercrime Alert Notice, please contact USAA at abuse@usaa.com. For similar scams involving other financial institutions, please contact their security department, the Internet Crime Complaint Center or the United States Federal Trade Commission.