Back when USAA started the text notifications and phone calls to verify suspicious transactions I thought it was squared away. My wife was recently conned into giving information that could have been devastating if it hadn't been for our segregation of accounts, one specifically for online transactions she only has access to and one that pays the auto pay and transfer bills that only I manage.
The emails, phone calls, and text messages she received were very convincing since USAA does not digitally sign their emails.
1) If I have the app do a push notification
2) Send a SMS to check my USAA messages on the app (the implied task of sending a message in the USAA message center is applicable here, which currently doesn't occur)
3) Sign emails with the USAA user cert, it's the only way to verify the sender since the 90's. The government gives training on only opening signed emails and then refuses to sign their emails because it is one extra click when sending an email. We are just asking for some follow thru on messaging security practices.
I don't trust a phone call unless I can get the representative's extension and can call them back from the main 1800531USAA number.
Thank you for sharing, I wanted to add a few more tips in case you or another member who reads this wants to brush up on some ways to help prevent fraud:
I am sorry to hear your wife fell victim to a phishing scam. Your feedback is very important to us and will be collected. Thanks for taking the time to share your comments. - Jesse