| The NJCCIC received reports of Social Security Administration (SSA) phishing emails, consistent with the SSA’s scam alert earlier this month. The emails contain SSA branding to appear legitimate and claim to be from the SSA. However, upon further inspection, they were sent from non-.gov top-level domains (TLDs) with the sender’s display name as “Social Security administration.” The subject line displays, “Your benefits statement is now available for download.” The emails create urgency to convince potential victims to download and review their Social Security statements immediately to ensure uninterrupted access to their benefits and prevent processing delays. The emails also instruct potential victims to click the “Download Statement” button and install the required file specifically on PC/Windows systems. If clicked and installed, sensitive information and devices may be at risk. |
| These communications are not legitimate, as the SSA will not ask for personally identifiable information (PII), including Social Security numbers or dates of birth, or financial information via email, phone, or text message. Also, the SSA will not threaten to suspend your Social Security number, demand immediate payment, warn of legal action, download “secure” software, or request permission to access your device. |
| Recommendations |
| Refrain from responding to unsolicited communications, clicking links, or opening attachments from unknown senders. Exercise caution with communications from known senders. Confirm requests from senders via contact information obtained from verified and official sources. Navigate to official websites, such as the SSA, by typing official website URLs into browsers manually and only submit account credentials and sensitive information on official websites. Use strong, unique passwords for all accounts and enable MFA where available, choosing authentication apps or hardware tokens over SMS text-based codes. Confirm the legitimacy of the requests by contacting the SSA directly through their official website. |