By: Mikel Van Cleve, CFP^®

Imposter Scams Are on the Rise

As people become more tech savvy and active online, so too do cyber scammers who are looking for opportunities to access your personal information. That said, there are those who attempt the “oldies-but-goodies” — namely, imposter fraud.  

USAA has seen a rise in imposter fraud activity and sent out a notice to members warning them of this trend. Here’s what you need to know. 

What is imposter fraud?

Imposter scams occur when someone contacts you pretending to be an individual or a representative of an institution that you trust to convince you to send them money or share with them your personal information (which they will then use to try to get to your money).  

The Federal Trade Commission (FTC) reported¹ that 1 in 5 people lost money to imposter scams in 2021 — $2.3 billion¹ — a 92% increase compared to 2020. Military members, veterans, retirees and their families are most often targeted by government and business imposters, according to 2021 FTC data.¹ 

USAA and other financial institutions are seeing an increase in imposter fraud scams. Scammers are using social engineering tactics, such as phishing or baiting, and reaching out to members on different platforms, including phone calls, text messages, emails and social media to gain your trust and access to your accounts. 

Spotting an imposter

Members are being contacted by bad actors pretending to be USAA. They receive a text asking if they recognize a transaction. This text is not from a USAA phone number. Once the member responds, they are contacted by someone pretending to be a USAA employee and are asked to verify their USAA information. The scammer might even spoof the caller ID to appear as if they are calling from USAA. The information is then used to access and move money out of the member’s accounts.  

• Red flag alert! USAA will never call or text you and ask for your one-time verification code, USAA personal identification number (PIN) or password.

Similarly, members are being contacted via email with the same types of questions related to “account activity” and attempts to “verify” account details. A quick way to identify a fraudulent email is that it will not include the USAA Security Zone box in the top right corner. In a legitimate USAA email, look for the Security Zone box that will show a personalized stamp, your first and last name and the last four digits of your member number.   

Personalized Stamp in USAA Emails

• Red flag alert! Do not respond to any email that asks you to update your personal information online or by dialing a telephone number. Use only the customer service numbers listed on usaa.com. 
  
  
• Red flag alert! Remember that a legitimate USAA representative will never ask you to download software from an email or text or while you’re on the phone.  

If you received a call, text or email and provided your password or other logon information to someone, and you’re not sure it was USAA, call us at 800-531-8722. If you didn’t provide any information, but want to report a suspicious call, text or email, send an email to abuse@usaa.com to report the phone number and message details. 

How to protect your personal information

USAA security professionals recommend members monitor their account activity on a regular basis and take advantage of all the tools available to mitigate risks when checking their account on their desktop, smartphone or tablet. 

Enhanced authentication measures help strengthen your logon security. USAA offers members a handful of options based on their personal preference. 

• Biometrics. In the USAA Mobile App, confirm your identity at logon using either your face, voice or fingerprint. 

• Browser recognition. Identify trusted browser and log on as usual. When using a different browser not recognized by USAA, you’ll be prompted with additional security measures for logging on. 

• CyberCode^TM token. Use a new password every time you log on. Tokens are a combination of your PIN and a unique security code. (Codes are generated every 30 seconds.)² 

• CyberCode text — Log on with your Online ID and password as usual and receive a unique code via text to use (versus entering your PIN) to complete the process.³ 

• Quick logon. Enter your PIN and a unique security code provided via Symantec VIP. 

While USAA uses sophisticated detection processes, we’re most effective in fighting fraud when we work together with our members. 

More types of imposter fraud

Imposters all have the same goal: to get your money. Posing as an employee of your financial institution isn’t the only way they try. More examples of this social engineering fraud include: 

• Romance scams. You meet someone on a dating site, and they start asking for money. Taking advantage of your senses of familiarity and liking are the social engineering tactics at work here. 

• IRS scams. An imposter posing as an IRS official reaches out to you to say you owe back taxes. Preying on targets’ sense of obedience using authority and intimidation social engineering tactics can be convincing. 

• Tech support scams. Someone calls to say you urgently need to make updates for your networks and devices to continue working, and says your personal information is required. Older folks may be at the greatest risk here, with imposters relying on their lack of confidence with technology. 

The common thread here is that imposters will attempt to target your feelings and emotions to overrule your logic. Trust your instincts. If something doesn't look, sound or feel right, delete that email or text, or hang up that phone call. If this is your bank, use only the customer service numbers listed at their website or on the back of your debit or credit card. 

If you did not provide any information, but want to report a suspicious call, text or email, send an email to abuse@usaa.com to report the phone number and message details.

Related Posts:

Banks Don't Ask That

How to Detect an Imposter Scam in Real Life

¹You are leaving USAA and being directed to a third party site that is not maintained, owned or operated by USAA. USAA does not control and is not responsible for the site content or the privacy or security practices of third parties. You should read the third party's privacy and security policies and site terms, as their practices may differ from those of USAA. 

²You may only activate one security token per account. 

³Your phone carrier's data charges may apply. 

Not all security features may be available for your device. 

Certified Financial Planner Board of Standards, Inc., owns the certification marks CFP^® and CERTIFIED FINANCIAL PLANNER^TM in the U.S., which it awards to individuals who successfully complete CFP Board's initial and ongoing certification requirements. 

The information contained is provided for informational purposes only and is not intended to represent any endorsement, expressed or implied, by USAA or any affiliates. 

 NC0422