We’re seeing more phishing scams that use a PDF email attachment to lure people into clicking a link to a malicious website.

The latest report is of an email alleging to be from USAA, urging people to open a PDF. The PDF is an excellent copy of a real USAA document–using stolen logos, layout and boilerplate language. The PDF’s similarity to legitimate documents underscores how important it is to always inspect emails and attachments for signs of fraud.


Even with the stolen USAA formatting, you can see some of the signs of fraud:

  • blatant typos (“transffered [sic]”) and capitalization errors
  • grammar mistakes (“details… is missing [sic]”)
  • the “Confirm Your Account” button that doesn’t take you to USAA, but to www.binni-ks.com/modules/dashgoals/binni.htm
  • salutation of “Dear Customer” instead of addressing you, their customer, by name
  • strange content about another customer putting funds in your account.

Remember, 99.999999% of emails and attachments to email that ask you to click a link to confirm or verify your account are phishing scams!

Never click a link in an unexpected attachment without checking it first; if you check this one quickly, you can see it’s not legitimate. If you receive an email like this, contact the alleged sender (USAA in this case) directly using their published phone number, website, or email address to report fraud or inquire about the legitimacy of the message.

This scam is similar to one reported last week, in which scammers sent some people at UD an “important message” as a PDF attachment to email.

Think before you click!