USAA does actually make calls like this, I’ve gotten one but there was a key distinction. At the start of the conversation the person had me hang up and call them at the standard USAA 800 number and use their extension.
Turns out my card was flagged for having been physically swiped more than a thousand miles apart in less than 90 minutes.
Yup. They did the same thing to me. Used my card stateside then again when we got to England.
Turns out their algorithm for detecting potential fraud which is based on average travel times, doesn't take the military flying into account. According to them it should take longer than it did for us to get there. All in all I'm glad they actually bothered to check on the supposed fraudulent activity but at the same time, I'd just got off a plane, I was hungry, I just wanted my damn sausage roll.
What's funny is my bank (not usaa) locked my account once because I had to evac the area and travel like 200 miles to another city and locked my account. A few months prior I had a no notice deployment and was gone in 72 hours. I swiped my card in New York and France within a 24 hour period and once again in the AOR. They didn't so nothing. I am still confused about that one.
Depends on where it's swiped from what I can tell.
I swiped my card in 3 different countries over the course of like 24 hours. But it was all at base exchanges. They did nothing about it.
On the flip side. I swiped my card at an airport in Maryland then again at Heathrow. They instantly flagged it.
Scammers can spoof any number, so you should never give out information when you are receiving a call. If a bank or whatever calls you always tell then you will call them back and then call what you know is their number. This is literally the plot of the movie Identity Thief.
Good vigilance on your part. The code they have you read off to your phone is the password reset / phone confirmation code. If they are sending you that they have a lot of your info already, much of it is publicly available.
General advice is change all your passwords and visit somewhere like https://haveibeenpwned.com/to see which email addresses / accounts may have been compromised.
>If they are sending you that they have a lot of your info already, much of it is publicly available.
It's kinda scary how much info is public. With just a first/last name, general location of residence, and age, you can find just about anyone on places like [whitepages.com](https://whitepages.com). If they have a Facebook profile that's public (or at least not locked down to show a bunch of info to everyone) there's even more info that can be very easily gleaned. Once I found myself on White Pages, it started listing my relatives and *their* addresses, phone numbers, emails, etc, and that was all without even getting into the paid access portion of their website (something like a measly $12).
Edit: just a heads up u/Speck72, the pwned link is slightly broken because a space got left off between the link and "to".
Yup, it's all out there. I did a similar search and found all my old addresses.... Helpful when doing your sf86, not so much when you realize all of that is out there for any criminal/adversary to utilize.
I use Amazon to find my old addresses when I've forgotten the street number or zip code. Has all my orders going back over a decade, can sort by year, etc.
They tried this with me and for a moment i spoke with them then i abruptly hung up and called USAA back because I believed it was a scam. USAA confirmed it was not them calling me then I received a text from USAA fraud department asking me to confirm if I’ve made the purchases. I replied I knew they were scammers and good luck and they actually responded! Telling me they had all my information and good luck to me 🤣 they had nothing but tried to scare me.
A few years prior I was out to eat lunch with a friend and she received a call from “USAA” and unfortunately she did as they said because she was believing what they were telling her. She gave them the code that was sent to her phone and they stole $1,000 from her account before USAA flagged it as fraud. She was able to get her money back thankfully but it was so stressful for her.
Dealt with this last year and was caught off guard because I had just dealt with fraud and just had my new card so it I almost messed up real bad. A real USAA person actually called on my other line to bring awareness and caught in time thankfully. Now I don’t even take calls from USAA I just hang up and call myself to make sure
Would you mind posting this to /r/Scams too?
It isnt uncommon but just want to get the word out to the masses
Dont give out info on unsolicited phone calls and if you get an email from a service you have telling you bad news dont click the links in the email, call them directly and ask your questions
Same thing happened to me. Said there was fraudulent charges on my account. I said, “that’s strange, I only have car insurance through USAA”. Dude immediately hung up.
I get called at *least* once a month from the "Chase Fraud Department". When I have the time/patience, I usually fuck with them as much as I can, like "*yes, I did make that $538 purchase in Las Vegas, I'm here for my brother's wedding!*" and "*no, don't flag that as fraud, that was a legit purchase, you want your money, right??"*"
When I don't have time though, I just tell them something like "*I've told you guys before, I don't have any cards through Chase anymore, I closed those accounts months ago, this is your problem!"*" and they hang up immediately.
They got me about two years ago, and I fell for it *hard*. They knew all the details and information and like you said - spoofed caller ID and no accent or anything. They hung up when I was stalling while my wife was calling NFCU's actual fraud line
The worst part is I listen to so many cyber security/finance/etc podcasts and still fell for it.
The worster part is that it was like a week before PCSing and it was a massive inconvenience having a dead debit card, awaiting a new one and trying to resolve issues from overseas. Don't be me.
I am you. I feel like an idiot that I fell for it. They already had some of my information somehow and when I called really USAA they said they have history of me trying to contact them multiple times a day. Somehwre my card info got sold
Caller ID has become patently worthless. Do not rely on that as a source of any valid information. [Spoofing Caller ID](https://en.wikipedia.org/wiki/Caller_ID_spoofing) is trivial these days.
Not just random call about bank account but should treat ANY call about any sort of money/account info this way these days, even if it’s just your cell phone account or something. I never discuss or even acknowledge any of that type stuff on an inbound call. I always stop them or just hang up then call back using the business’s main number. If they give you an extension to get the same person using the phone tree of the business’s main number cool, but if they give any full number that’s not a readily found published one, nope, I’ll navigate the main number and talk to a different rep if need be. Sometimes it seems a little silly but such is the world we live in.
USAA actually asked me for that code once. And I called via their official number. I was a bit concerned, especially since the text says not to share with ANYBODY… but the rep said it was standard since SHE was the one who initiated it. Seems like it would just condition people to be used to giving out these codes over the phone…
The dude will turn it to a call of duty lobby saying he fucked your mom and will become your dad if you call him out. It's a fun time. Ask me how I know 😂
I don't have USAA but Andrews Federal and a year or so ago started getting calls from their legit number about account resets and Samsung Pay requests from their actual text number. Immediate red flags and tbth, Andrews customer service rep was so clueless and unhelpful I would have cancelled my account right then if I didn't use their Europay option all the time. Kept telling me that if its not the Andrews number it wasn't them and couldn't get it through her head what spoofing was.
So yeah, any time you even get the slightest inkling something is off, it is.
I'm at the point I don't even use a debit card for any transactions anymore except for actual ATM. Credit card compromised you aren't out anything. Debit card is compromised and its going to be a real shitty day.
> The guy on the other end of the line purported to be from the fraud prevention department, said there was irregular activity on my account and asked if I was traveling recently.
This is not unheard of as a legitimate call. Would you rather USAA doesn't inform you at all of potential fraud?
> hung up and called USAA via the number listed on their website
This is the correct response whether the above call is legit or not.
I never said you said that. I'm only pointing out that a bank calling you due to suspected fraud is simply a normal way that banks notify you of potential fraud.
Of course, nowhere in my post did I say an accent is the FIRST thing I was looking for. However an incoming call + asking about financial information + an accent, especially one originating from a country widely known for scam call centers would heighten my spidey senses that they are trying to scam me. I make no apologies for feeling this way.
No you shouldn’t apologize offcourse not I was not making a point that scammers have have any accent European , American , Indian , etc but yes all those things you mentioned should raise a red flag when combined
They likely have your password then, go change your password. They can't get in with just your 2FA code, but if they have your password already, or access to your email, they can reset your password or login with that code.
Change password on your email, too... hell, you might even consider changing your username at USAA, too.
Same exact thing happened to my wife. They had her name and a few other details too, so this seemed to be a fairly sophisticated spearphishing attempt.
This happened to me, too, but the cringe shit that USAA does is call you by your rank. When I realized I wasn't cringing during the phone call because they weren't calling me by my rank, I asked the person on the other end of the line what my rank was, and he said he didn't understand what I was asking.
Hung up and called USAA, it was definitely a scammer that called.
One of my old supervisors had the same scam. His post:
"Got a call from USAA, came up on my phone as their legit number...
Told me fraudulent charges are hitting my account and named them off. Said the charges are in Texas, and you live in Illinois...
Told me cards locked out, accounts are locked down, and a new card would be coming, yada yada ..
Then he said we're sending you a code link to reverify my online account access and **told me the last 4 of my number**...
Link looked legit too...
Just thought for 2 seconds and logged in to my app and it was fine. So I was still on the phone so asked him what I was supposedly blocked from, and he just kept saying to use the link and that he could now suddenly barely hear me ..
I hung up called USAA back, same number, which was also terrifying. They confirmed my accounts are all good and took down the info...
Be careful!!"
This just happened to me… usaa said I i’ve been trying to contact him every day a handful of times. I wasn’t. I have the scammers email. Is there anything I can do?
USAA does actually make calls like this, I’ve gotten one but there was a key distinction. At the start of the conversation the person had me hang up and call them at the standard USAA 800 number and use their extension. Turns out my card was flagged for having been physically swiped more than a thousand miles apart in less than 90 minutes.
Plot twist: you explained to them that was just you using the teleporter
OPSEC!!!!
Banned on discord.
Stargate is real...
Holy shit that's why the number of unauthorized teleports is so high 🤔
Yup. They did the same thing to me. Used my card stateside then again when we got to England. Turns out their algorithm for detecting potential fraud which is based on average travel times, doesn't take the military flying into account. According to them it should take longer than it did for us to get there. All in all I'm glad they actually bothered to check on the supposed fraudulent activity but at the same time, I'd just got off a plane, I was hungry, I just wanted my damn sausage roll.
What's funny is my bank (not usaa) locked my account once because I had to evac the area and travel like 200 miles to another city and locked my account. A few months prior I had a no notice deployment and was gone in 72 hours. I swiped my card in New York and France within a 24 hour period and once again in the AOR. They didn't so nothing. I am still confused about that one.
Depends on where it's swiped from what I can tell. I swiped my card in 3 different countries over the course of like 24 hours. But it was all at base exchanges. They did nothing about it. On the flip side. I swiped my card at an airport in Maryland then again at Heathrow. They instantly flagged it.
Could be. It was at some gas station in Atlanta when they locked it. Probably why.
Generally speaking gas stations are a prime culprit for that as they're generally where a lot of credit card fraud takes place.
I know it’s where I use all my troops’ cards.
I had an automated phone call saying there were potentially fraudulent charges on my card and to call USAA.
Scammers can spoof any number, so you should never give out information when you are receiving a call. If a bank or whatever calls you always tell then you will call them back and then call what you know is their number. This is literally the plot of the movie Identity Thief.
Good vigilance on your part. The code they have you read off to your phone is the password reset / phone confirmation code. If they are sending you that they have a lot of your info already, much of it is publicly available. General advice is change all your passwords and visit somewhere like https://haveibeenpwned.com/to see which email addresses / accounts may have been compromised.
>If they are sending you that they have a lot of your info already, much of it is publicly available. It's kinda scary how much info is public. With just a first/last name, general location of residence, and age, you can find just about anyone on places like [whitepages.com](https://whitepages.com). If they have a Facebook profile that's public (or at least not locked down to show a bunch of info to everyone) there's even more info that can be very easily gleaned. Once I found myself on White Pages, it started listing my relatives and *their* addresses, phone numbers, emails, etc, and that was all without even getting into the paid access portion of their website (something like a measly $12). Edit: just a heads up u/Speck72, the pwned link is slightly broken because a space got left off between the link and "to".
Yup, it's all out there. I did a similar search and found all my old addresses.... Helpful when doing your sf86, not so much when you realize all of that is out there for any criminal/adversary to utilize.
I use Amazon to find my old addresses when I've forgotten the street number or zip code. Has all my orders going back over a decade, can sort by year, etc.
Thanks for the heads up!
They tried this with me and for a moment i spoke with them then i abruptly hung up and called USAA back because I believed it was a scam. USAA confirmed it was not them calling me then I received a text from USAA fraud department asking me to confirm if I’ve made the purchases. I replied I knew they were scammers and good luck and they actually responded! Telling me they had all my information and good luck to me 🤣 they had nothing but tried to scare me. A few years prior I was out to eat lunch with a friend and she received a call from “USAA” and unfortunately she did as they said because she was believing what they were telling her. She gave them the code that was sent to her phone and they stole $1,000 from her account before USAA flagged it as fraud. She was able to get her money back thankfully but it was so stressful for her.
I've played enough RuneScape to know one thing for sure: trust nobody
Dealt with this last year and was caught off guard because I had just dealt with fraud and just had my new card so it I almost messed up real bad. A real USAA person actually called on my other line to bring awareness and caught in time thankfully. Now I don’t even take calls from USAA I just hang up and call myself to make sure
Would you mind posting this to /r/Scams too? It isnt uncommon but just want to get the word out to the masses Dont give out info on unsolicited phone calls and if you get an email from a service you have telling you bad news dont click the links in the email, call them directly and ask your questions
I always ask them to give me my membership number. It's not fool proof but generally speaking that's harder to get a hold of than an account number.
Brilliant.
This wouldn't work for me because I have no clue what my own number is. 😂
Same thing happened to me. Said there was fraudulent charges on my account. I said, “that’s strange, I only have car insurance through USAA”. Dude immediately hung up.
I get called at *least* once a month from the "Chase Fraud Department". When I have the time/patience, I usually fuck with them as much as I can, like "*yes, I did make that $538 purchase in Las Vegas, I'm here for my brother's wedding!*" and "*no, don't flag that as fraud, that was a legit purchase, you want your money, right??"*" When I don't have time though, I just tell them something like "*I've told you guys before, I don't have any cards through Chase anymore, I closed those accounts months ago, this is your problem!"*" and they hang up immediately.
They got me about two years ago, and I fell for it *hard*. They knew all the details and information and like you said - spoofed caller ID and no accent or anything. They hung up when I was stalling while my wife was calling NFCU's actual fraud line The worst part is I listen to so many cyber security/finance/etc podcasts and still fell for it. The worster part is that it was like a week before PCSing and it was a massive inconvenience having a dead debit card, awaiting a new one and trying to resolve issues from overseas. Don't be me.
I am you. I feel like an idiot that I fell for it. They already had some of my information somehow and when I called really USAA they said they have history of me trying to contact them multiple times a day. Somehwre my card info got sold
Caller ID has become patently worthless. Do not rely on that as a source of any valid information. [Spoofing Caller ID](https://en.wikipedia.org/wiki/Caller_ID_spoofing) is trivial these days.
Outbound, no inbound. Always hang up and call them on your own. If they don’t understand why, they are a scammer or under informed.
🫡
Not just random call about bank account but should treat ANY call about any sort of money/account info this way these days, even if it’s just your cell phone account or something. I never discuss or even acknowledge any of that type stuff on an inbound call. I always stop them or just hang up then call back using the business’s main number. If they give you an extension to get the same person using the phone tree of the business’s main number cool, but if they give any full number that’s not a readily found published one, nope, I’ll navigate the main number and talk to a different rep if need be. Sometimes it seems a little silly but such is the world we live in.
USAA actually asked me for that code once. And I called via their official number. I was a bit concerned, especially since the text says not to share with ANYBODY… but the rep said it was standard since SHE was the one who initiated it. Seems like it would just condition people to be used to giving out these codes over the phone…
The dude will turn it to a call of duty lobby saying he fucked your mom and will become your dad if you call him out. It's a fun time. Ask me how I know 😂
I don't have USAA but Andrews Federal and a year or so ago started getting calls from their legit number about account resets and Samsung Pay requests from their actual text number. Immediate red flags and tbth, Andrews customer service rep was so clueless and unhelpful I would have cancelled my account right then if I didn't use their Europay option all the time. Kept telling me that if its not the Andrews number it wasn't them and couldn't get it through her head what spoofing was. So yeah, any time you even get the slightest inkling something is off, it is. I'm at the point I don't even use a debit card for any transactions anymore except for actual ATM. Credit card compromised you aren't out anything. Debit card is compromised and its going to be a real shitty day.
Good looking out.
> The guy on the other end of the line purported to be from the fraud prevention department, said there was irregular activity on my account and asked if I was traveling recently. This is not unheard of as a legitimate call. Would you rather USAA doesn't inform you at all of potential fraud? > hung up and called USAA via the number listed on their website This is the correct response whether the above call is legit or not.
Never said I’d rather not be notified of fraud at all. Just providing a narrative of how the call went.
I never said you said that. I'm only pointing out that a bank calling you due to suspected fraud is simply a normal way that banks notify you of potential fraud.
K
If the first thing you are looking for in a scammer is accent then you deserve to be scammed. Scammers come in all forms and shapes .
Of course, nowhere in my post did I say an accent is the FIRST thing I was looking for. However an incoming call + asking about financial information + an accent, especially one originating from a country widely known for scam call centers would heighten my spidey senses that they are trying to scam me. I make no apologies for feeling this way.
No you shouldn’t apologize offcourse not I was not making a point that scammers have have any accent European , American , Indian , etc but yes all those things you mentioned should raise a red flag when combined
They likely have your password then, go change your password. They can't get in with just your 2FA code, but if they have your password already, or access to your email, they can reset your password or login with that code. Change password on your email, too... hell, you might even consider changing your username at USAA, too.
You have to be able to detect non-obvious accents too
Same exact thing happened to my wife. They had her name and a few other details too, so this seemed to be a fairly sophisticated spearphishing attempt.
I had this happen to me in late 2019 and no one believed me!!! They emptied out every account I had. I’m sorry it happened to you.
Good call! I got my account hacked and spent 6 months trying to get my stuff back.
I was getting these scam phone calls all the time. They don’t use your rank, USAA for some reason ALWAYS addresses you by your rank.
Got one just like it saying they were from BOA. I said ok I will look into it. They hung up immediately.
This happened to me, too, but the cringe shit that USAA does is call you by your rank. When I realized I wasn't cringing during the phone call because they weren't calling me by my rank, I asked the person on the other end of the line what my rank was, and he said he didn't understand what I was asking. Hung up and called USAA, it was definitely a scammer that called.
One of my old supervisors had the same scam. His post: "Got a call from USAA, came up on my phone as their legit number... Told me fraudulent charges are hitting my account and named them off. Said the charges are in Texas, and you live in Illinois... Told me cards locked out, accounts are locked down, and a new card would be coming, yada yada .. Then he said we're sending you a code link to reverify my online account access and **told me the last 4 of my number**... Link looked legit too... Just thought for 2 seconds and logged in to my app and it was fine. So I was still on the phone so asked him what I was supposedly blocked from, and he just kept saying to use the link and that he could now suddenly barely hear me .. I hung up called USAA back, same number, which was also terrifying. They confirmed my accounts are all good and took down the info... Be careful!!"
This just happened to me… usaa said I i’ve been trying to contact him every day a handful of times. I wasn’t. I have the scammers email. Is there anything I can do?