Consumers need to be extra cautious if they receive an email seeming to be from the Social Security Administration. Not only are fraudulent emails with malicious links offering “new features” to monitor finances floating around, but new emails urging consumers to create a My Social Security account are making the rounds. The Social Security Administration has issued an alert on their site to be on the lookout for email phishing and AARP Illinois is helping to warn people of the new scam.
Phishing tricks consumers into revealing sensitive personal information by clicking on a fraudulent link or opening a malicious attachment. The emails circulating appear to be sent directly from the Social Security Administration encouraging consumers to create a My Social Security account—a new online portal that allows for consumers to make requests for new Social Security cards and more. The website linked in the email looks identical to the official site and has the potential to obtain people’s social security number and other sensitive personal information.
If you’ve received an email seeming to be from the SSA be aware that:
- Most emails from Social Security will come from a “.gov” email address. If the email doesn’t end in “.gov,” use caution before clicking on any link included or responding to the email.
- Social Security occasionally uses marketing firms to raise awareness of new online services like my Social Security who are allowed to send emails directly to individuals. The links included in these emails should always point to a “.gov” web address.
- To check that a link included is directing to a “.gov” address, hover your mouse over the link until a text box appears with the web address.
- Look for poor choices in wording or spelling.
- Should the email include a business name, telephone number, or web site link, verify them by searching for the official number or website in a search engine.
- If uncertain whether the email came from SSA or any of their marketing firms, do not respond to the email or clink on any links with in the email. Navigate directly to the Social Security website.
- Report the incident by forward the fraudulent email to the U.S. Computer Emergency Readiness Team at firstname.lastname@example.org.