Phishing Scam Lures Consumers into Creating Account on Fake Social Security Website

Phishing Scam Lures Consumers into Creating Account on Fake Social Security Website
Image: NCCC
February 22, 2016

AARP Illinois is warning of a phishing scam that tricks consumers into visiting a fake Social Security Administration (SSA) website.

Emails appear to be coming directly from the federal office and the website to which it directs consumers looks like the real thing. The website, however, is instead used by criminals to collect personal information.

The emails circulating appear to be sent directly from the Social Security Administration encouraging consumers to create a My Social Security account—a new online portal that allows for consumers to make requests for new Social Security cards, check the status of their future retirement, disability and survivors benefits, and more. The website linked in the email looks identical to the official site and has the potential to obtain people's social security number and other sensitive personal information.

"Fraudsters are getting craftier as technology advances," AARP Illinois Communications Manager Gerardo Cardenas said in a statement. "The emails they're sending are looking more realistic and the websites they're linking to are near replicas of the real thing. Consumers have to be extremely aware of their tricks and what they need to look out for to protect themselves and their personal information."

If you've received an email seeming to be from the SSA, AARP Illinois has the following tips:

  • Most emails from Social Security will come from a ".gov" email address. If the email doesn't end in ".gov," use caution before clicking on any link included or responding to the email.
  • Social Security occasionally uses marketing firms to raise awareness of new online services like my Social Security who are allowed to send emails directly to individuals. The links included in these emails should always point to a ".gov" web address.
  • To check that a link included is directing to a ".gov" address, hover your mouse over the link until a text box appears with the web address.
  • Look for poor choices in wording or spelling.
  • Should the email include a business name, telephone number, or web site link, verify them by searching for the official number or website in a search engine.
  • If uncertain whether the email came from SSA or any of their marketing firms, do not respond to the email or clink on any links with in the email. Navigate directly to the Social Security website.

Report the incident immediately by forwarding the fraudulent email to the U.S. Computer Emergency Readiness Team at phishing-report@us-cert.gov.