The federal government has issued a new Social Security scam alert, warning millions of retirees about a dangerous scheme involving fake emails that appear to come from the Social Security Administration (SSA). These fake emails are designed to trick you into downloading harmful files that can be used to steal your personal and financial information.
According to the Office of the Inspector General (OIG) at the SSA, the emails appear to be official SSA messages. These fake emails claim that your Social Security Statement is available and that you can view it by clicking a link or downloading an attachment.
Once you click, the download can install dangerous software that enables scammers to take over your computer remotely and access sensitive information like passwords, bank accounts, and Social Security numbers. This kind of remote-access tool is called ScreenConnect and while it is widely used by IT support professionals, scammers are using it to commit fraud on unsuspecting Social Security recipients.
Why the Email Looks Legitimate
The scam email is dangerous because it looks similar to the actual SSA emails in terms of design and layout. It also includes an SS logo or official-looking format and it may thank you for choosing to receive electronic statements.
However, despite the similarity to the actual SSA emails, the sender’s email doesn’t end in”.gov.” Real emails from the SSA come from official.gov addresses. Therefore if an email says it’s from SSA but doesn’t have a “.gov” in the sender’s domain, it is illegitimate.
You can view a sample of the fake email in the official alert released by SSA OIG here.
What’s at Risk
Downloading the file in the email enables hackers to access and take full control of your device. It enables them to also install more harmful programs, steal saved login details, or monitor your activity. In many cases, they target retiree’s bank credentials and financial records.
According to the National Council on Aging, Americans over 60 lost $3.4 billion in fraud in 2023 alone. This number is likely to increase as scammers are increasingly using high-tech tools to trick seniors into giving out information without realizing it.
How to Spot the Scam
Here are key warning signs:
- The sender’s email doesn’t end in “.gov”
- The message urges you to download your statement or click a link
- It includes language like “Your Social Security statement is now available”
- It appears to come from SSA but asks you to open an attachment
Even if the design looks real, always verify before clicking.
What to Do if You Receive the Suspicious Email
If you receive one of these suspicious emails:
- Do not click any links or download anything
- Delete the email immediately
- Do not reply to the message
- Report it to the Federal Trade Commission (FTC) or the SSA through ssa.gov/scam
If you have already clicked or downloaded the file, run a security scan on your device immediately and contact a trusted IT professional to perform advanced security measures. It is also crucial to alert your bank and monitor your accounts regularly for any suspicious activity.
How to Protect Your Benefits
To stay safe:
- Always check if emails are from a “.gov” address
- Avoid opening attachments in unexpected emails
- Create a My Social Security account at ssa.gov/myaccount so you can securely view your real statements
- Talk to an elder law attorney if you’re unsure about any communication claiming to be from SSA
Conclusion
This scam is dangerous because the emails being sent look real and it targets retirees, who rely on monthly Social Security payments most. You can protect yourself from this scam by being cautious, checking the sender’s address, and avoiding clicking or downloading from an email you didn’t request.
The SSA and the Office of the Inspector General urge the public to be alert and have advised the public to avoid clicking the links or downloading anything unless they are sure it’s from a trusted, government “.gov” source. Also, stay informed because that’s your first line of defense.