Scams are quite common nowadays, but the people perpetrating them have gotten better at making them seem legitimate and either scaring or enticing recipients of the scam into participating in them. The latest scam that you must be vigilant about targets Social Security recipients and it looks quite legitimate. Scammers are sending out fake emails that look like they are from the Social Security Administration (SSA), when they really want to obtain and exploit personal information of beneficiaries, and that is why the Federal Government has launched an official alert to warn recipients.
You must always be vigilant when clicking on emails or other correspondence that may have links attached, like text messages, because nowadays it is easier than ever to impersonate a Government Agency or a financial entity. According to the Office of the Inspector General at the SSA these emails that beneficiaries are receiving pretend to be about your Social Security Statement and compel you to click a link or download a file in order to download this statement. Once you click on the link to download the supposed file, they have your information.
The Social Security email scam, how it works and why it is so effective
The downloaded file does not contain your statement, it contains a virus that can secretly install software on your device that gives scammers access to everything, your passwords, bank info, Social Security number, and more. Official sources claim that the tool they are using is called ScreenConnect and it is a legitimate remote access tool used by IT support, but these scammers are using it to gain access to computers without people’s knowledge.
What sets apart this particular scam is the effort that cybercriminals went to in order to make it look legitimate. They mimicked the SSA’s design, complete with logos and a formal layout and some of the discovered emails even thank you for choosing paperless statements, making it feel more convincing. The only flaw is in the sender’s email, as they cannot get one that even remotely resembles the SSA’s official one as that one ends in “.gov” and only the government can use that domain.
Here are a few ways to recognize the scam:
- The email address does not end in “.gov”
- The message wants you to click a link or download something
- It uses phrases like “Your Social Security statement is now available”
- It seems official but includes an unexpected attachment
In case you have doubts about whether an email is fake or not, these are a good place to start, but just in case, and as a general rule, do not click any links, do not download any files and do not respond to any emails coming from these types of correspondence. Any information that you need can be found through the official SSA portal, so go there directly and use the official source.
If you believe that you have been victim of one of these scams, report it to the SSA at [ssa.gov/scam]or to the Federal Trade Commission, and if you have already downloaded the file, scan your device for viruses right away and contact someone you trust in IT. Also, tell your bank and keep an eye on your accounts in case anything suspicious pops up.
Bear in mind that retirees are often the main target, especially when it comes to financial details and that this has become part of a larger, troubling trend. According to the National Council on Aging, people over 60 lost $3.4 billion to scams in 2023, and with scammers using more advanced tools, that number is not going down anytime soon. The problem in this case is that most people trust government sources and do not tend to verify the email domain.