The email arrived with an urgent subject line: “Important Changes to Access Your Social Security Account!” Was it real, or was it another effort to steal millions of people’s private information? Another came from the “AT&T Office of the President”. Was it also a phishing attempt? The answers may surprise you.
While Social Security fraud takes many forms, this email fit the phishing profile for several reasons. First, the greeting was generic; it lacked the recipient’s name and other identifying information.
Second, the email's first sentence warned, “Soon you will no longer be able to sign in to your online Social Security account using your Social Security username and password.” Fraudsters try to create a sense of urgency. The second sentence reinforced the need to take action: "To access Social Security online services, including my Social Security, you will need to create a Login.gov or ID.me account.”
That first paragraph also contained a third criminal tactic: persuade the recipient to log into what looks like an authentic website to capture a person’s ID and password. A large button at the bottom of the email read, “Sign In to Your Account.” A sharp-eyed reader would have noticed that “Into” was misspelled, a fourth clue that scammers are at work.
Many people became suspicious of the email. Some alerted local news stations from WSTP in Tampa Bay to KTLA in Los Angeles. Viewers wanted to know, “Is this a scam?” It wasn’t, but no one could be sure until the Social Security Administration issued a press release. It included this promise from Social Security Commissioner Martin O’Malley: “My Social Security is a safe and secure way for people to do business with us.”
The email with the AT&T logo at the top stated that the customer’s bank had restricted the recipient’s credit card used to pay monthly charges. To resolve the problem, the individual needed to fax their Social Security number, date of birth, mailing address, and a government photo ID to a toll-free number.
A quick online search revealed that the number had been used in a similar restricted-use scam involving a Kroger supermarket gift card. The AT&T president’s phone number listed in the message was assigned to people whose corresponding email addresses indicated that they resided in Mauritania, a country in northwestern Africa.
The lesson here is: Do your homework. An online search would have found stories from TV news stations with government broadcast licenses and the press release on the Social Security website.
A call to AT&T at its real phone number would have found that the account was not restricted. Besides, when the sender asks for your Social Security number, date of birth, and other identifying information such as your driver’s license or passport, you know it is a scam. Government agencies, financial institutions like Tropical Financial Credit Union, utility companies and the like will never ask you for your personal information, ID or account password.
For more details on what to do if you feel your Tropical Financial account has been compromised click here or call 1-888-261-8328.