Phishing emails encouraging you to create a my Social Security account are circulating.
What is phishing?
Phishing is the practice of using social engineering techniques over email to trick a recipient into revealing personal information, clicking on a malicious link, or opening a malicious attachment.
How can I detect a phishing scam pretending to be Social Security?
- Most emails from Social Security will come from a “.gov" email address. If an email address does not end in “.gov”, use caution before clicking on pictures or links in the email.
- In a few instances, we use marketing firms to raise awareness of Social Security’s online services, and this includes creating a my Social Security account. We allow these firms to send email directly to individuals. Any links you find within these emails should always point to a “.gov/” web address.
- Links, logos, or pictures in the body of an official Social Security email will always direct you to an official Social Security website. Rather than rely on the way a link looks, please follow these steps to confirm authenticity:
- Links to the official Social Security website will always begin with http://www.socialsecurity.gov/ or https://secure.ssa.gov/.
- To verify the web address of a link or picture, hover over it with your mouse until a text box appears with the web address. This is the actual address you will be directed to and it should always end in “.gov/” A forward slash should always follow the “.gov” domain.
- Example - http://www.ssa.gov/myaccount/
What should I do if I’ve received a phishing scam pretending to be Social Security?
- If you are not certain that an E-mail you received came from Social Security or one of our marketing firms, DO NOT respond to the email or click on any links contained in the email message. Instead, navigate directly to the Social Security website, www.socialsecurity.gov/, and click on the my Social Security icon.
- Report the incident by forwarding the scam email to the U.S. Computer Emergency Readiness Team at firstname.lastname@example.org. (http://www.us-nocert.gov/nav/report_phishing.html).
What are other tips I can use for detecting phishing scams?
- Look for poor choices in wording, phrasing, or spelling. Use caution when opening email from people you do not know.
- If an email includes a business name, telephone number, or website link, verify the legitimacy of these items by searching for the official number or website in a search engine.
- Do not respond to emails requesting personal information. Reputable businesses and public agencies will not ask you for personal information in an email.
Are there other resources I can use to learn more about phishing?
For more information about "phishing," go to OnGuard Online.