I received this email at 1:15 this morning:
When I saw it this morning, I was confused. I have never before received an email from “loyaltygateway.com”, and I was asleep at 1:15am, not placing an “order” to be confirmed by this email as its subject implies.
It sure looks like spam, right?
Well, it turns out it’s not, and there’s one little hint of legitimacy at the bottom of the email: “…please contact us at 1-800-980-USAA…”
I do indeed have a USAA cash-back credit card. However, I’ve had that card and been receiving cash back for eight months, and I’ve never before received an email like this one.
Let’s count the problems:
- The fact that it’s from USAA isn’t mentioned anywhere in the header of the email.
- The email was sent from from some random third-party domain I’ve never heard of before, not from usaa.com.
- The fact that it’s about cash back for a USAA credit card is never explicitly mentioned.
- Heck, the fact that it’s about cash back for any credit card is never explicitly mentioned.
- I have my account set up to automatically redeem cash back whenever its balance reaches $100, but there’s no indication in the email that this is what triggered this redemption. Instead, it says it’s for an “order” which I did not place.
This shockingly poorly designed email notification is just stupid and annoying in this particular case. However, generally speaking, emails like this aren’t just stupid and annoying, they’re dangerous, because they condition people to ignore the telltale signs of phishing and scam emails, making it more likely that they’ll think they’re real and fall prey to them.
Please do better, USAA.