Protecting your Social Security benefits from identity thieves

David Pollino
Posted by David Pollino

The Social Security Administration is stepping up its cybersecurity game, and you may want to do the same sooner rather than later to stay ahead of thieves eager to snatch your Social Security benefits.

Older couple sitting on a bench in a park, looking at a tablet.The agency has previously warned us of fraud scams that target personal information.  Criminals use phone calls, emails, and other methods to obtain personal information, then use it to commit identity theft.

Now, the Social Security Administration (SSA) has changed its login procedures to enhance security. It recently began asking accountholders for a cellphone number, which enables the agency to send an 8-digit code via text (SMS), which you must enter along with your username and password in order to access the SSA’s website.

But if you haven’t yet created your own account, this won’t stop thieves from using your identity to create an online account in your name. From there they can redirect your direct deposit benefits to an account they control. All they need to open an account is your full name, date of birth, social security number, address and phone number. This information can often be bought online for just a few dollars.

So if you’ve never set up your account, you might want to consider doing so sooner rather than later. When you do so, you can also enable the website’s extra security options, which I recommend doing (for example, signing up to receive alerts when your SSA account is accessed). These steps will require you to supply additional personal information and answer some questions.

Social Security phishing alert

Phishing is the practice of using social engineering techniques over email to trick a recipient into revealing personal information, clicking on a malicious link, or opening a malicious attachment. As always, stay alert for phishing attempts, in this case communications that appear to come from Social Security but in fact are bogus.  Here is some useful additional information from the SSA on phishing:

  • Most emails from Social Security will come from a “.gov” email address. If an email address does not end in .gov, use caution before clicking on pictures or links in the email.
  • Links, logos, or pictures in the body of an official Social Security email will always direct you to an official Social Security website. Rather than rely on the way a link looks, follow these steps to confirm authenticity:
    * Links to the official Social Security website will always begin with or
    * To verify the Web address of a link or picture, hover over it with your mouse until a text box appears with the web address. This is the actual address you will be directed to and it should always end in “.gov/”. A forward slash should always follow the “.gov” domain.
    * Example –
  • Here are examples of fraudulent websites pretending to direct you to Social Security (don’t click on these links!). Notice on these fraudulent links the forward slash does not come after “.gov/” as it does on a legitimate link. The misplaced forward slash is always an indicator of a fraudulent site that you should stay away from:

If you receive a phishing scam pretending to be Social Security, report the incident by forwarding the scam email to the US Computer Emergency Readiness Team at

If you find that someone has stolen or is using your personal information to open credit accounts or for other non-SSA-related purposes, you should report that to the Federal Trade Commission via email or call 1-877-ID-THEFT.

Reminder: All comments are moderated prior to publication and must follow our Community Guidelines.

Submit an Idea

[contact-form-7 id="32" title="Share An Idea"]

You are leaving the Bank of the West Change Matters site. Please be aware: The website you are about to enter is not operated by Bank of the West. Bank of the West does not endorse the content of this website and makes no warranty as to the accuracy of content or functionality of this website. The privacy and security policies of the site may differ from those practiced by Bank of the West. To proceed to this website, click OK, or hit Cancel to remain on the Bank of the West Change Matters site.