Counterattack: 10 Steps to Take if You Think You’ve Been Hacked

Photographs By Pat Molnar/Drew Leach

Have you ever had the sinking feeling that you just replied to a phishing email – one purporting to be from a trusted source which isn’t?  You’re not alone. Hackers have become more sophisticated in their tactics, and phishing is on the rise. The good news is that USAA is here to help. According to Veronica Aguirre, director of USAA Financial Crimes Management, these steps can help protect your identity and accounts.

1. Keep your digital life healthy—and separate

Create an email account that will be used only for your financial accounts.  Don’t use the same email account that you use for online shopping sites, social media or other sites.

2. Is it from USAA? Look for the USAA Security Zone

USAA emails display the USAA Security Zone stamp in the upper right hand corner of the email. Security Zone contains your first and last name and the last four digits of your member number.  This is your assurance that the email is legitimately from USAA. If you’ve received a suspicious USAA email, send the information to then delete.

3. Strengthen logins

Opt for multifactor authentication methods wherever it’s offered, including your email, social media and financial accounts.  This requires more than one method of authentication (such as one-time code to your mobile phone plus your password) to verify your identity. Change passwords often.

4. Protect your whole household

Fraudsters can gain information about you, your spouse and kids through their accounts. Remind them to monitor their accounts and take the same security precautions as you have.

5. Set up and respond to alerts

USAA and most financial institutions will alert you when suspicious activity is detected on your accounts. Promptly review and respond to these alerts to help ensure that fraud is prevented or detected early.

6. Monitor your credit report and scores

Sign up for USAA’s free Experian CreditCheck to monitor your credit score and changes to your credit profile.

7. Report suspicious activity to counteract threats and get your accounts locked down

USAA can take action to secure and restore your accounts.  Review and respond to security alerts and if you suspect fraud, report it here.

8. Complete an Identity Theft Affidavit

Complete and print an Identity Theft Affidavit at or call the Federal Trade Commission at 1-877-438-4338. Then you can have the fraud alert extended for seven years. This will notify potential creditors or lenders that you are a victim of identity theft and that they must take extra precautions to verify your identity to gain access to your information.

9. Be proactive

If you are not a victim of identity theft but would like to proactively protect your information, you can place a credit freeze by contacting each credit bureau.

10. Active Duty Alert for service members

Service members who are deploying are strongly recommended to place an Active Duty Alert on their credit report which means businesses must take extra steps before granting credit in your name. This alert is renewable for the term of your deployment.

Going forward, Aguirre says, “It’s really about being vigilant and taking the right steps to protect and monitor your accounts.” Visit USAA’s Security Center to learn more.

If you suspect fraud, report it here.

235013 – 0916 

Service provided by While on the CreditCheck Monitoring site, the privacy policy of will apply and is different from USAA’s Privacy Promise. USAA does not provide, and is not responsible for, the products and content available on the website. USAA Bank receives marketing fees in connection with the credit monitoring and identity protection program.

Safety guidelines are not intended to be all inclusive, but are provided for your consideration. Please use your own judgment to determine what safety features/procedures should be used in each unique situation.