Protecting your Social Security benefits from identity thieves
The Social Security Administration is stepping up its cybersecurity game, and you may want to do the same sooner rather than later to stay ahead of thieves eager to snatch your Social Security benefits.
The agency has previously warned us of fraud scams that target personal information. Criminals use phone calls, emails, and other methods to obtain personal information, then use it to commit identity theft.
Now, the Social Security Administration (SSA) has changed its login procedures to enhance security. It recently began asking accountholders for a cellphone number, which enables the agency to send an 8-digit code via text (SMS), which you must enter along with your username and password in order to access the SSA’s website.
But if you haven’t yet created your own SSA.gov account, this won’t stop thieves from using your identity to create an online account in your name. From there they can redirect your direct deposit benefits to an account they control. All they need to open an account is your full name, date of birth, social security number, address and phone number. This information can often be bought online for just a few dollars.
So if you’ve never set up your ssa.gov account, you might want to consider doing so sooner rather than later. When you do so, you can also enable the website’s extra security options, which I recommend doing (for example, signing up to receive alerts when your SSA account is accessed). These steps will require you to supply additional personal information and answer some questions.Social Security phishing alert
Phishing is the practice of using social engineering techniques over email to trick a recipient into revealing personal information, clicking on a malicious link, or opening a malicious attachment. As always, stay alert for phishing attempts, in this case communications that appear to come from Social Security but in fact are bogus. Here is some useful additional information from the SSA on phishing:
- Most emails from Social Security will come from a “.gov” email address. If an email address does not end in .gov, use caution before clicking on pictures or links in the email.
- Links, logos, or pictures in the body of an official Social Security email will always direct you to an official Social Security website. Rather than rely on the way a link looks, follow these steps to confirm authenticity:
* Links to the official Social Security website will always begin with http://www.socialsecurity.gov/ or https://secure.ssa.gov/.
* To verify the Web address of a link or picture, hover over it with your mouse until a text box appears with the web address. This is the actual address you will be directed to and it should always end in “.gov/”. A forward slash should always follow the “.gov” domain.
* Example – http://www.ssa.gov/myaccount/
- Here are examples of fraudulent websites pretending to direct you to Social Security (don’t click on these links!). Notice on these fraudulent links the forward slash does not come after “.gov/” as it does on a legitimate link. The misplaced forward slash is always an indicator of a fraudulent site that you should stay away from:
If you receive a phishing scam pretending to be Social Security, report the incident by forwarding the scam email to the US Computer Emergency Readiness Team at firstname.lastname@example.org.
If you find that someone has stolen or is using your personal information to open credit accounts or for other non-SSA-related purposes, you should report that to the Federal Trade Commission via email or call 1-877-ID-THEFT.