This is an example of a “phishing” email that is designed to trick you into giving the bad guys your login credentials so that they can empty your bank account. In the real email, if you clicked on the “login” button, it would have taken you to a server in Russia controlled by the thieves.
We see these type emails on a daily basis.
Even worse are similar emails that, if you click on the link, will install malware that may compromise your computer, spew malware to all of your friends, encrypt all of your data, or worse.
Mouse over any link you might be tempted to click on to see where it actually goes. If it doesn’t go where you expect, DO NOT click on it.
Likewise, DO NOT open attachments sent to you from unknown sources and don’t open attachments from people you know if you are not expecting them to send you something. Automatically delete any emails that come from friends, but have an email address not matching their name.
Better safe than sorry.
It is worth pointing out that USAA didn’t send the email. It didn’t go out from their servers. They are just as much a victim of the scammers as anyone else. We’ve seen similar emails purporting to come from all of the major banks.