The Social Security Office of the Inspector General (OIG) sent a national warning about an email phishing scheme late last week.
The phishing attempt states that a problem might exist with the target person’s Social Security number (SSN) record and provides a link to a website intended to mimic the official Social Security website. Following the link could lead to identity theft or theft of benefits.
So you can protect yourself, following is most of the OIG warning about this particular phishing scheme.
Read the complete OIG fraud advisory here.
July 1, 2016
Social Security Inspector General Warns Public About Email Phishing Scheme
The Acting Inspector General of Social Security, Gale Stallworth Stone, is warning citizens about a suspicious email “phishing” scheme that recently surfaced. The Office of the Inspector General (OIG) received reports that several hundred employees of a private company, with offices across the country, recently received an email message that appears to be from the Social Security Administration (SSA). The message alerts a recipient of “unusual” activity with his or her Social Security number (SSN).
The email subject line reads, “Review Your Social Security Activity”, and while the email sender displayed is “Social Security Administration,” the corresponding email address is firstname.lastname@example.org. The message includes a PDF attachment with the heading “Notification.” It advises the recipient, “We detected something unusual about a recent use of your SSN” and “to help keep you safe, we required an extra security challenge.” The message states that if the recipient did not recently use his or her SSN, then a “malicious user” might have misused the recipient’s number. It asks the recipient to review recent activity via an embedded link, which links to a suspicious SSA-like site. Further, to appear legitimate, the notice includes SSA’s official seal and the words “Social Security Administrator, United States Of America” in the signature.
This type of phishing scheme could lead to identity theft or Social Security benefit theft. Therefore, Acting Inspector General Stone urges all citizens to be extremely cautious when receiving requests to provide personal information over the internet or the telephone. “Don’t provide your Social Security number, bank account numbers, or other personal information, including account passwords, over the internet or by telephone unless you know and trust the source requesting it,” Stone said. “You should be extremely confident that the source is a legitimate entity, and that your information will be secure after you provide it.”
The Social Security Administration does not routinely send emails. Most benefit related correspondence is by letter because email is not secure.
People who have created their own, pin and password secured, my Social Security account occasionally are emailed general Social Security information. These emails do not ask for any personal information and you cannot reply to them.
Identity theft information is on the Federal Trade Commission (FTC) website.