So,
I get a spam email from "USAA" telling me: (See the attached screen capture of the email.)
"We recently reviewed your account, and we are suspecting that your USAA Online Banking account may have been accessed from an unauthorized computer.
This may be due to changes in your IP address or location. Protecting the security of your account and of the USAA Savings Bank network is our primary concern.
We are asking you to immediately login and report any unauthorized withdrawals, and check your account profile to make sure no changes have been made."AND, there was a link to the website that looked like this:
<a href="
http://adsl-75-15-152-91.dsl.snlo01.sbcglobal.net/uu.html" target="_blank" onClick="onClickUnsafeLink(event);"><font
color="#0000FF"><u>
https://www.usaa.com/inet/ent_logon/Logon</u></font></a></div>
See the attached screen capture of the fake website. It was an exact duplicate of the USAA website.
This snippit of HTML code made the text link look like this:
https://www.usaa.com/inet/ent_logon/LogonLooks legitimate right?
Well, the real link it pointed to was:
http://adsl-75-15-152-91.dsl.snlo01.sbcglobal.net/uu.htmlWhich resolved to this:
http://75.9.204.121/internet/logon/SBCGlobal.net is owned by AT+T so I contacted their abuse department and advised them of the fraud website.
12 hours later the site was down. Score one for the good guys!The sad part was, the fake site was probably being hosted on a computer whose owner was not aware of what was going on and probably contracted a virus from a website.
Advice if you're worried about getting infected:
1. Keep your
systems patched and updated with software and operating system updates. (REGULARLY!)
2. Keep your
Antivirus up to date. Not a fix-all but it's better than nothing. (Antivirus systems don't "know" about all viruses so you can be infected even if you have the latest AV signatures.
3. Use
firefox with an add-on called "No Script". That disables the web server scripts which could infect your computer. It can mangle some websites but you can selectively add which ones to trust. With "no script" you can't be infected by remote web servers b/c you're not running their code.
4. Don't plug your computers directly into the internet. Meaning,
use a firmware-based firewall. This puts a logical barrier between you and internet scanners which can remotely detect vulnerabilities. (e.g., your computer is compromised and hosting a fraud website. The firewall would block access to your computer so even if your computer was infected and hosting the fraud website, internet traffic couldn't access your computer to use it.) It's complicated.
5. Use extreme
caution using internet cafe computers as they are frequently infected and can be made to capture your username and passwords to any website you visit. Just buy a laptop and use that on the numberous free wifi hotspots you can find just about anywhere. Or, get an iPhone, ha ha.
If you actually clicked the link you were sent and tried to log on (Which I did with a bogus username/password.)
It took whatever password you put in the fields and proceeded to the next page where you were prompted to enter all your private info.
Don't ever do that. If you do, you may have some time to go to the real website and change your password b/c it takes time for these criminals to get around to using your now stolen credentials.
There are ways they could automate the process of, once they have your password the software tries to log on to the real USAA and change your password.
USAA has lots of measures to protect against this like cognitive questions about you, a PIN number in addition to your password/username and some other checks like customer habits. (e.g., if you make a series of purchases which don't fit your purchasing habits, you are contacted by phone to verify that it is really you making the purchases.)
be careful out there!
Author
