Phishing emails encouraging you to create a my Social Security account are circulating.

What is phishing?

Phishing is the practice of using social engineering techniques over email to trick a recipient into revealing personal information, clicking on a malicious link, or opening a malicious attachment.

How can I detect a phishing scam pretending to be Social Security?

  • Most emails from Social Security will come from a “.gov" email address. If an email address does not end in “.gov”, use caution before clicking on pictures or links in the email.
    • In a few instances, we use marketing firms to raise awareness of Social Security’s online services, and this includes creating a my Social Security account. We allow these firms to send email directly to individuals. Any links you find within these emails should always point to a “.gov/” web address. 

  • Links, logos, or pictures in the body of an official Social Security email will always direct you to an official Social Security website. Rather than rely on the way a link looks, please follow these steps to confirm authenticity:
    • Links to the official Social Security website will always begin with http://www.socialsecurity.gov/ or https://secure.ssa.gov/
    • To verify the web address of a link or picture, hover over it with your mouse until a text box appears with the web address. This is the actual address you will be directed to and it should always end in “.gov/” A forward slash should always follow the “.gov” domain.
    • Example - http://www.ssa.gov/myaccount/
  • Below are examples of fraudulent websites pretending to direct you to Social Security. Notice the location of the forward slash.
      • https://www.socialsecurity.gov.gmx.de/
      • http://www.socialsecurity.gov.bx.co.rx/setup

    What should I do if I’ve received a phishing scam pretending to be Social Security?

    If you receive phishing E-mails, please forward them to the U.S. Computer Emergency Readiness Team at phishing-report@us-cert.gov. (http://www.us-cert.gov/nav/report_phishing.html).

    What are other tips I can use for detecting phishing scams?

    • Look for poor choices in wording, phrasing, or spelling. Use caution when opening email from people you do not know.
    • If an email includes a business name, telephone number, or website link, verify the legitimacy of these items by searching for the official number or website in a search engine.
    • Do not respond to emails requesting personal information. Reputable businesses and public agencies will not ask you for personal information in an email.

    Are there other resources I can use to learn more about phishing?

    For more information about "phishing," go to OnGuard Online.