Takeaways
-
A new phishing attack is targeting Social Security recipients with email messages pretending to be from the Social Security Administration (SSA), prompting them to download fake Social Security statements.
-
These malicious downloads give hackers access to sensitive personal information, including bank account credentials.
- Individuals should be cautious of emails requesting statement downloads and verify the sender’s address to protect their Social Security account from potential compromise.
If you or a loved one are among the 71.6 million people receiving Social Security benefits, be careful of downloading email attachments. You could receive a dangerous email from hackers pretending to be the Social Security Administration (SSA), and the email looks convincing.
This official-looking email prompts recipients to download a fake Social Security statement. The download contains technology that allows hackers to take over the victim’s computer and access sensitive information such as bank account login credentials, per MalwareBytes Labs. The hackers seem to be targeting financial information, but the scam could also be used for identity theft.
Knowing what to look out for and understanding how the scam works can help you protect yourself and your loved ones.
What Are Phishing Scams?
Phishing is a form of fraud. In phishing scams, cybercriminals often pretend to be from a known organization or individual to gain a person’s trust and access personal information.
Phishing typically occurs through technology that allows predators to hide their identity. Their messages, including emails, texts, and phone calls are like bait as they seek information and access.
Unfortunately, phishing emails are common, with more than 3.4 billion sent each day, per AAG IT Support. Every day, Google blocks 100 million phishing emails. While email services can filter and block spam, some phishing emails can get past these security measures and into your inbox.
The National Council on Aging (NCOA) reports that scams often target older adults. Scammers may believe that older adults have more wealth than other populations. Elder community members can be particularly vulnerable to online scams, with $3.4 billion in total fraud loss reported by Americans 60 and older in 2023.
What to Look Out For
Look out for an email that appears to come from the Social Security Administration. Typically, it states that “your statement is now available.” The email may look legitimate, with convincing font, formatting, and colors. While there are variations in these messages, the email typically says that your Social Security statement is available, thanks you for opting to receive electronic statements, and tells you to download the attachment.
This alert from the SSA Office of the Inspector General (OIG) shows what the scam email can look like. The OIG warns Social Security recipients to beware of scam emails asking to download statements. The warning notes that while these emails closely resemble official correspondence, they lack the .gov email address that indicates a genuine government sender.
How the Scam Works
The hackers are using a technology that allows them to control computers from afar. When individuals download the attachment, thinking it is a Social Security Statement, they are actually downloading technology.
This technology, called ScreenConnect, is a remote support and access platform. ScreenConnect is commonly used to help IT professionals work on someone’s computer, such as to install software or troubleshoot issues. When used by cybercriminals, it can take complete control of the computer, facilitating access to personal information.
The Email Could Get Through Security Measures
This dangerous email could end up directly in your general inbox, not your spam folder. The Social Security statement email scam may appear legitimate — and bypass security measures — for several reasons, according to MalwareBytes Labs. These include using WordPress sites that appear legitimate, embedding content as an image to avoid scanning and blocking services, and using normal applications such as ScreenConnect.
Receiving a Suspicious Email
If you receive a phishing email, consider deleting it and blocking the sender. Never clink on a link or download files or attachments that appear in a potentially suspicious email message.
Unsure if an email is phishing? Always pause. Try running a Google search for scams and asking a trusted family member or friend for a second opinion. Review the SSA scam alerts. Take a careful look at where the email came from. To be genuine, it must have a .gov address, per the SSA OIG.
You can also report phishing to the Federal Trade Commission.
An elder law attorney can also help you navigate correspondence with the SSA and understand how to look out for scam emails. If you are the victim of a scam, find a local, elder law attorney today for assistance so that you can do whatever possible to protect your finances and identity.
Created date:
05/20/2025
