Social Security Scam on the Loose: How to Spot the Latest Social Engineering Attack
The Social Security Administration’s Office of the Inspector General (OIG) has sounded the alarm about a new scam where criminals are impersonating the OIG to steal personal information and money. With more than 70 million Americans relying on Social Security benefits, and over $12 billion in fraud-based losses, any attempts at exploitation deserve serious attention.
In this post, we’re breaking down how this scam works and how to spot it before it’s too late.
The Hack
It starts with an official-looking communication with a subject line: “Alert: Social Security Account Issues Detected.” Attached to this email is a fake document titled “SUSPENSION OF SOCIAL SECURITY NUMBER DUE TO CRIMINAL ACTIVITIES,” which claims that the recipient’s Social Security number will be suspended in 24 hours due to criminal activity and if you don’t immediately contact the OIG using the provided number.
Of course, the number is not in fact the OIG, but connects you with a scammer – be it a human or automated message – who will then request personal and sensitive information or fraudulent payments.
If you do end up calling the number, a scammer will answer, or an automated message may prompt you to provide them with personal information or payment to clear out some legal charges. Before you know it, your sensitive information has been compromised.
How to spot the scam
First off, the SSA OIG “will never send letters like this,” according to Michelle L. Anderson, acting inspector general. This is the same across most businesses and government administrations.
Typically, sensitive information and sudden, urgent requests are not conducted through texts or emails alone. Never share any type of sensitive information over text or email unless you are absolutely sure the recipient is legitimate, and even then, we recommend against it.
Here are a few telltale signs that an email is fraudulent:
- Urgent and threatening language: Scammers key into our fears, using terms like “Suspension,” “Urgent,” “Immediate,” and other words that might get a recipient afraid. They want people to act fast and without thought, because it’s a lot easier to scam someone who’s panicking.
- Unexpected email: Anything as serious as a Social Security issue will not suddenly appear in your inbox or text message. If you receive sudden news about criminal behavior or a threatened suspension out of nowhere, there’s a good chance you may be getting scammed.
- Suspicious sender address or phone number: Inspect the sender’s email closely. If the email you received has typos, strange domains, random numbers, or anything that doesn’t match an official government address, it’s likely a scam. The same goes for phone numbers that don’t trace back to any government agency. government agency, chances are you’ve been contacted by a scammer.
- Attachments or links: Always be wary of attachments, especially if they’re included in urgent-sounding emails. Many phishing scams use PDFs or documents that contain links or instructions that push you toward malicious websites or try to get you to call fake numbers.
What to do if you fall for a Social Security Scam
First, don’t panic. It’s not your fault. These scams can be hard to spot. But acting promptly and decisively can be the difference between safety and disaster. Here’s what you do:
- End contact immediately. Stop responding and do not call the scammer again.
- Place a fraud alert. Contact the three major credit bureaus: Equifax, Experian, and TransUnion, so they can add a fraud alert to your credit report.
- Protect your Social Security number. Watch your accounts for suspicious activity. You can also contact the Social Security Administration about next steps and whether you need a replacement SSN card.
- Notify your bank or payment providers. If you shared financial information, alert your bank or credit card company immediately.
- Inform your workplace, friends, or family if needed. If your email or other communication accounts were compromised, let people know so they can be cautious about any unusual messages.
- Change your passwords. Update passwords on all of your important accounts, using strong, unique passwords for each one.
Moral of the Story
Scams like this work because they are playing off our fears and try to force immediate action. By hiding behind trusted institutions like Social Security, they only increase their chances of succeeding.
Take a moment to pause and think before responding to any urgent or sudden email. Consider who the sender is, where the message is coming from, how urgent it sounds, and whether the agency mentioned would realistically reach out by text or email.
And if you do fall for one of these scams, don’t panic. Act quickly and notify the right parties so you can secure your accounts as fast as possible.
Still, the best form of defense is by staying proactive. Knowing what these scams look like and having systems in place to filter out fake messages can make a massive difference. If you’re looking for a partner who can help you stay ahead of these threats, reach out. The 20 MSP has been helping its clients remain secure for more than three decades. We can help keep you safe, too.
Want more tips like this?
Subscribe using the form on the right and get our latest insights delivered straight to your inbox.
About The 20 MSP
As a leading provider of managed IT services, The 20 MSP serves thousands of businesses nationwide, including single and multi-location organizations, delivering white-glove service, secure and streamlined IT infrastructure, and 24/7/365 support. We believe in building lasting relationships with clients founded on trust, communication, and the delivery of high-value services for a fair and predictable price. Our clients’ success is our success, and we are committed to helping each and every organization we serve leverage technology to secure a competitive advantage and achieve new growth.
