A recent phishing scam involved emails claiming to be from the Social Security Administration. Although the emails claimed to help consumers watch for unauthorized use of their Social Security Numbers, in fact the emails were designed to infect victims’ computers with malware and steal their personal information.
Phishing emails can seem real, and phishing emails use several features to gain the trust of victims. These emails referenced the IRS and the “official-sounding S.A.F.E. Act 2015.” Some include official logos and seals of government agencies in an attempt to appear legitimate.
The Social Security Administration suggests watching for the following clues that an email did not actually come from the Federal government:
- The email landed in your junk or spam folder. Email providers have gotten better at identifying spam and scam emails. Although there are occasional false positives (as well as false negatives) if an email is in your spam folder, it is probably spam.
- The link you are to click on does not go to the official .gov website. Do not click on an unknown link in an email, but when you hover the cursor over the link, what URL is displayed? If it is not the Social Security Administration’s http://socialsecurity.gov/ or other .gov site, it is probably a fraud. In the recent scam, links went to a .com address. However, scammers may use URLs that include socialsecurity.gov but do not lead to the official site. Note the location of the forward slash in the following examples of fraudulent URLs:
- https://www.socialsecurity.gov.gmx.de/
- http://www.socialsecurity.gov.bx.co.rx/setup
The Social Security Administration advises that if you receive a suspicious email you should not click on any links in the email or open attachments. Forward the email to the Federal Trade Commission at spam@uce.gov.
If you wish to contact the agency the email says it is from, look up the contact information elsewhere. Do not rely on web addresses, email addresses or phone numbers provided in an email.