It was just a matter of time. With Boomers retiring in droves, more and more criminals have been targeting them to cash in on their retirement benefits. And if you think you’re safe because you’re not retiring yet, think again. One of the most recent scams will actually register you for retirement long before you’ve ever considered doing so. This means that when you do retire, your money may end up going to someone else. In fact, in some cases, these criminals may have preemptively withdrawn all of your retirement benefits before you even registered for retirement. This attack vector was increasingly used in 2017 and led cybersecurity expert, Brian Krebs, to encourage people to register on the Social Security Administration website as soon as possible.
In order to register on the SSA website, you will need to give them some basic information. This will include a name, address, telephone number, email, and, of course, your Social Security Number. If someone has these, they can register as you. But wait, the SSA uses something called an “Identity Services Provider” to “help us verify the identity of our online customers and to prevent fraudulent access to our customers’ sensitive personal information.” And who is this trusted authenticator? Equifax, a company that was hacked last year and lost its database of 145 million Americans; a database which included all of the above personal information and more. So, yes, your Social Security future may be impacted. To find out if your information was lost in this breach, go here. If you are outside of the US, you’ll have to use a VPN that can redirect you through a US server.
Update: On February 9th, the Wall Street Journal reported that Equifax lost more information than they previously disclosed. This included “tax identification numbers, which are used when someone doesn’t have a social security number, as well as e-mail addresses, credit card information, and some additional drivers license information.”
It has been reported that the data from the Equifax hack was dumped and put up for sale. Whether this is true or not doesn’t really matter. Social Security information is readily available for sale on the deep web. For example, I found this information on one deep web site. I removed sensitive information but it would otherwise be there for all to see.
Some of the information seems to check out.
So, if you have not registered at the SSA website, someone else could certainly do it for you. They could change your address, email, and bank account number to their own and you would be none the wiser.
Then there are the scams. Even if you are registered, criminals can use this information against you. Take a look at a common phishing letter that is making the rounds.
Okay, so the bad grammar may be a give away, but would you otherwise recognize it as fake? If you clicked on the link, you may even go to a sign in page that looks like a legitimate SSA site. Yes, you should hover the cursor over the link to see where it goes (check the lower left hand corner of your screen), but sometimes these links are made to look real. The SSA gives this real example of one such link (don’t worry. It goes nowhere):
Notice that it is has legitimate looking elements and even has an ‘https’ header which seems to give it a secure look. But beware of these so-called secure sites. If you must trust any of them, the ‘https’ should be green. Here are two examples. The first is from the legitimate SSA website. Notice that it is not green, and that includes its sign-in page.
The second, from Bank of America, shows the highest level of security.
The problem is that any website can get the gray certificate. It can even be acquired for free. Check my post on this for more information.
SSA email scams, like the one mentioned above, are a relatively new phenomenon. Most scams targeting seniors use scam phone callers pretending to be from the SSA. They have the same goal, however, to get your personal information. Why do they use phone scams? Because, sadly enough, older people tend to be more trusting, especially when they hear a friendly voice on the other end of the line. But as seniors become more tech savvy and depend more on email and social media, these are more and more likely to become the main attack vectors. Look for such scams to increase and become more sophisticated in the future.