Someone recently went “phishing” for personal information, but an observant citizen didn’t take the bait and reported the new email scheme.
Check out the email below, from an “SSN Administrator,” with the subject line, “Your SSN Update.”
Although at first glance this may appear to be a legitimate email from the Social Security Administration (SSA), complete with SSA’s official logo, it’s actually a phishing attempt to obtain your personal information, including Social Security numbers (SSNs) and financial account numbers.
By using SSA’s logo and referencing a recent “cyber attack on our … administrative database,” the sender hopes that you might automatically “CLICK HERE” and respond with your SSN and other identifying information.
Unfortunately, if you do click, you may be providing criminals—not SSA—information to gain access to your accounts. This could lead to Social Security benefit fraud or identity theft.
Don’t fall for it. If you receive something that looks official, please take a few extra moments and read the message carefully. You may notice that the message is written by someone who doesn’t know English very well. It may have misspelled words or poor grammar.
Besides email, we’ve also received reports of scammers attempting to obtain personal information through phone calls and text messages.
In November, we alerted you to a texting scheme in which people received suspicious text messages, asking them to call a number for information about their Social Security disability benefit claim. In fact, these texts were not from SSA—they were from unknown people posing as government officials to obtain personal information.
Previously, we’ve warned you about similar phone schemes. We’ve heard stories about people receiving calls from “SSA employees” selling insurance and requesting birth date information.
The Social Security Administration does not send unsolicited emails or text messages requesting personal information that should already be in its records. Really, no government agency would do this. In fact, the Federal Trade Commission warns consumers that legitimate businesses and government agencies “don’t ask you to send sensitive information through insecure channels.”
The FTC has several tips to help you avoid a phishing attack, including
- using trusted computer security software,
- using caution when receiving emails with attachments from unknown sources, and
- monitoring your financial accounts and statements for irregular activity.
SSA employees may call you in limited situations, such as if you recently filed a claim or have other Social Security business, but you should not have to provide your personal information, like your Social Security number or bank account number. Agency employees will not make unsolicited calls and request personal information.
Be sure not to use phone numbers or links provided in a suspicious email, text, or phone call.
Finally, we encourage you to set up a "my Social Security" account at http://www.socialsecurity.gov/myaccount/. Establishing a legitimate account will prevent someone else from using your personal information to set up an account in your name.
And if you receive a letter from Social Security about a "my Social Security" account—but you haven’t created one—please call SSA or take the letter to a local Social Security office.
You can read more about Social Security phishing emails here: http://www.socialsecurity.gov/myaccount/internetphishingalert.html. And visit http://www.onguardonline.gov/ for general tips on how to protect yourself from identity theft online.