Just one example of the many attacks in action;
Original release date: December 20, 2011 at 11:00 am
Last revised: December 20, 2011 at 11:00 am
US-CERT is aware of public reports of an active spear-phishing attack via email messages directed at United Services Automobile Association (USAA) members. These messages contain the subject line "Direct Posted" and contain a randomly generated four-digit number placed in the USAA security zone section. The messages ask users to open an attached file containing malicious software that if activated could provide access to a user's personal information.
US-CERT encourages users to do the following to help mitigate the risk:
* Review the alert posted by USAA regarding this issue.
* Do not open attachments in email messages from unknown sources.
* Refer to Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
* Install anti-virus software and keep virus signature files up to date.
Relevant Url(s):
http://www.us-cert.gov/cas/tips/ST04-014.htmlhttp://www.us-cert.gov/reading_room/emailscams_0905.pdfhttps://www.usaa.com/inet/pages/2011_19_12_deposit_phish_scamThis entry is available at
http://www.us-cert.gov/current/index.html#usaa_phishing_scam_and_malware 
