United Services Automobile Association (USAA) is a well-known financial services group that provides banking, investing, and insurance products to current and former members of the military and their families. Unfortunately, scammers often take advantage of USAA’s trusted reputation by sending out fake emails that appear to come from the company. One common USAA phishing scam claims you have a payment on hold and must take action to receive it.
This article will provide an in-depth look at how the “USAA Payment On Hold” email scam works, how to spot red flags, what to do if you provided personal information, and steps to protect yourself going forward.
Overview of the Scam
The “USAA Payment On Hold” phishing email states that a payment, refund, or deposit to your USAA account has been suspended. Scammers claim you must verify your account information immediately or the funds will not be released.
A fraudulent “USAA Online Banking” logo and branding are used to make the message appear legitimate. The email includes a link to a fake website that mimics USAA’s real login page.
If you enter your username, password, and other sensitive details, scammers can steal your banking credentials. They use this info to take over your account, make unauthorized transactions, or steal your identity.
This scam is quite deceptive since the emails come from addresses that look like real USAA accounts. Variations of “service@usaa.com” and “secure@usaa.com” are commonly used. Always check the full email address, not just the display name, to spot red flags.
How the USAA “Payment on Hold” Scam Works
Here is an overview of how scammers carry out this phishing attack:
1. You Receive an Email Claiming a Payment is On Hold
The scam starts with an email landed in your inbox with an alarming subject line like:
- “Action Required: Release of Payment from USAA”
- “Your Scheduled USAA Transfer is On Hold!”
- “USAA: Payment Not Deposited Due to Invalid Information”
The message states that USAA tried to deposit funds into your account but could not verify your information. It claims you must confirm your personal details within 24-48 hours or the payment will be canceled.
A fake USAA logo and branding help make the email look legitimate. The message may include partial details like the last four digits of your account number to appear credible.
2. The Email Provides a Fake USAA Login Link
Within the email is a link prompting you to verify your account. The text of the link says something like “usaa.com/login”, but when you hover over it, the actual fraudulent URL is revealed.
Sometimes real company names are hidden within long scam website addresses. For example, the link could direct to a domain like “usaaverifyaccountDR3213.xyz”.
3. Entering Information Reveals Your USAA Login Credentials
If you click the provided link, it takes you to a website impersonating the real USAA login portal. Everything from the design to the web address may look authentic at first glance.
Once you enter your username and password, the criminals capture your login credentials. They can now access your real USAA account and initiate fraudulent activity.
In some cases, you may be prompted to provide additional sensitive information beyond your login details, such as:
- Full name
- Date of birth
- Social Security Number
- Credit card number
- Bank account number
Providing any of this info gives scammers more tools to steal your identity and commit financial fraud.
4. Criminals Take Over Your Account
With your compromised USAA username and password, scammers can log in to your real account. From there, they may:
- Transfer or withdraw funds
- Access private financial information
- Change account passwords and security details
- Open new credit cards or loans in your name
- Apply for services that require your SSN and DOB
In addition to draining your accounts, they can damage your credit, rack up debt, and wreak havoc on your finances.
This all happens quickly once your details are captured, which is why it’s critical not to click on links or provide information to suspicious emails.
Spotting Red Flags in the USAA “Payment On Hold” Scam
While scammers go to great lengths to mimic legitimate USAA messages, there are key signs that reveal the “Payment On Hold” email is a scam:
Grammatical Errors and Strange Wording
Scam emails often contain typos, grammar mistakes, and awkward phrasing not typical of a major financial institution. Any communication with odd language should raise a red flag.
Generic Greetings
Legitimate businesses normally address you directly in emails by your full name. Scam messages use generic greetings like “ Dear USAA Member”.
Suspicious Sender Address
As mentioned above, the “from” email address probably won’t match a real USAA domain on close inspection. Look for misspellings or extra characters.
False Urgency and Threats
Scammers create a sense of urgency and pressure you to act immediately to release the “on hold” funds. Real banks give you time to deal with account issues.
Requests for Sensitive Information
USAA would never ask for your full Social Security number, passwords, or other personal details over email. Only provide sensitive info through official USAA websites and phone numbers.
Poor Quality Logos and Design
While scammers copy real branding, logos may look blurry, low-resolution, or outdated on fake sites. Poor design quality is a giveaway.
The more red flags an email raises, the more likely it’s a scam attempt rather than a legitimate message. When in doubt, directly contact USAA to verify the communication.
What To Do If You Already Provided Information to the Scam Email
If you already input your USAA username, password, or other sensitive details through one of these scam links, take the following steps right away:
Log In to Your Real USAA Account
First, open a new browser window and manually go to usaa.com. Log in to your account with your existing credentials if still active.
Review recent transactions and account changes for signs of unauthorized activity. Look for withdrawals, money transfers, new payees, updated account details, and more.
Change Your USAA Account Password
Immediately change your password and security questions to lock the scammers out of your account. Create a new, complex password that’s hard to crack.
Avoid reusing the same password on multiple sites. Update passwords anywhere else you used the same login.
Enable two-factor authentication for an added layer of security when logging in to your USAA account.
Contact USAA
Notify USAA about the fraudulent email and potential account compromise. They can put additional protections in place and monitor for suspicious transactions.
Ask to place a freeze on your account to block any new activity without approval. Report any unauthorized charges or withdrawals you spot.
Check Accounts at Other Financial Institutions
If you reuse the same password details across financial accounts, scammers may have access to those too.
Log in and change passwords for your bank accounts, credit cards, retirement accounts, and any other services that contain sensitive personal or financial information.
Review recent transactions for those accounts as well to spot any fraudulent use. Contact institutions about any issues.
Monitor Your Credit Reports
Request free copies of your credit reports from Equifax, Experian and TransUnion. Look for any accounts or activity you don’t recognize.
Place fraud alerts and consider credit freezes to help protect your credit from identity theft.
Beware of Any Further Scam Attempts
Once scammed, your details end up on “sucker lists” that criminals buy and sell. Expect an uptick in phishing attempts from a wider variety of scammers. Be extra vigilant about links and providing personal info going forward.
Protecting Yourself from the USAA “Payment on Hold” Scam
Here are some general tips to avoid falling victim to the “USAA Payment on Hold” scam and other phishing attacks:
- Never click links in unsolicited emails – Manually open a new browser and type usaa.com to log in. Avoid clicking the provided link.
- Check the sender’s email address – Even if the “from name” looks legitimate, verify the full email domain matches USAA.
- Toggle email display – Switch your email to show the full email address instead of just the sender’s name.
- Review urgently worded emails carefully – Scams create false urgency. USAA gives you time to deal with account issues.
- Look for poor grammar and spelling errors – USAA emails will be professional and error-free.
- Hover over hyperlinks – Check that link URLs match real USAA domains before clicking. Don’t rely on link text alone.
- Never provide sensitive information over email – USAA only requests personal details through their website or over the phone.
- Use strong unique passwords – Secure your accounts with different complex passwords for each site.
- Set up two-factor authentication – Add an extra layer of protection like biometrics or a code sent to your phone when you log in.
- Check your accounts regularly – Routinely review transactions and statements to ensure no unauthorized activity slips by.
- Be wary of all unsolicited emails and texts requesting personal information or account access. USAA and other legitimate businesses generally don’t contact you this way.
- Use security software – Install antivirus software to detect and disable malware used in phishing attacks.
Staying vigilant against any suspicious money-related emails helps keep your accounts and identity secure. Report phishing attempts and account fraud as soon as possible to limit the damage.
Frequently Asked Questions About the USAA “Payment on Hold” Scam
What is the “USAA Payment on Hold” scam?
This is a phishing scam where victims receive an email claiming there is a payment on hold with USAA that requires account verification or it will be cancelled. The email contains a fake login link that steals USAA credentials when entered.
How do I identify this USAA scam email?
Watch for urgent wording about a payment on hold, a request to verify your account, poor grammar/spelling, generic greetings, suspicious sender address, and low-quality logos.
What happens if I click the link in the email?
The link goes to a fake website impersonating the real USAA login portal. If you enter your username and password, scammers can access your account and steal your personal information.
What should I do if I already clicked the link and entered my info?
Immediately change your USAA password, contact USAA to secure the account, check other accounts for fraudulent activity, monitor your credit reports, and watch out for additional scam attempts.
How can I prevent falling for this scam?
Never click links in emails, manually login to USAA’s website, check sender addresses, avoid entering info on unverified sites, use strong unique passwords, enable two-factor authentication, and be wary of urgent requests for personal details.
Can I tell if it’s a scam by calling the number in the email?
No, scammers often include fake USAA phone numbers that route to them impersonating real representatives. Find official contact info on usaa.com and call to verify the message is legitimate.
What should I do if I notice unauthorized activity in my USAA account?
Notify USAA immediately about any fraudulent transactions, account changes, or suspicious login activity. Ask them to secure your account and begin the fraud investigation process.
How can I recover money lost to this scam?
If reported quickly, USAA may cover unauthorized debit card charges or wire transfers. Review account agreements about fraud reimbursement policies. Monitor accounts frequently to limit losses.
Will USAA ever actually email me about payments on hold?
USAA may send legitimate emails about account issues, but they would never include links to login sites. Verify messages by contacting USAA directly before clicking any links or providing sensitive information.
Conclusion
The “USAA Payment On Hold” phishing scam is one of the more deceptive attempts aimed at stealing banking credentials and identities. Scammers send urgent-sounding emails under the USAA name claiming your account requires immediate verification.
Links within the email direct to convincing but fake login pages that capture your USAA username and password. With this info, criminals gain full access to your accounts.
Watch for red flags like grammatical errors, urgent timelines, requests for sensitive data, and suspicious sender addresses. If you provided your details, move quickly to change passwords, contact USAA, monitor your credit, and be alert for further phishing attempts.
Going forward, treat all money-related emails with caution, manually type in web addresses, use strong unique passwords, and enable two-factor authentication. Staying aware of the deceptive tactics used in scams like the “USAA Payment On Hold” email helps keep your hard-earned money and identity secure.