From AppRiver Blog:
We are seeing heavy traffic related to a phishing campaign that is attempting to steal money as well as personal data from members of the US military and their families, demonstrating once again that cybercriminals have no trepidation about ripping off anyone and everyone they can. The phishing campaign is directed at members of the financial services firm USAA, a financial institution that is very popular among current and former members of the armed forces.
These emails come with subject lines such as USAA Notification, Security Alert, Urgent Message for USAA Customer, etc. A link in the email takes you to a fake login page that asks you for all your pertinent USAA login and personal financial data. Once the information is submitted you are directed to a faked USAA website that looks identical to the real thing. This is actually quite unique in an attack like this, as most of the time you would be redirected to the ACTUAL USAA website. Each unique domain is serving up a complete fake USAA website. At this time we are monitoring (and blocking) over 1500 unique domains that are all registered with the free .tk (tld).