Social Security Scam Uses Fake SSA Emails to Install Remote Access Tool

Summary

• Cybercriminals are behind a new social security scam that impersonates the U.S. Social Security Administration (SSA) in phishing emails claiming your Social Security statement is ready to view.
• These emails prompt recipients to download a file that appears legitimate. However, it is actually part of a social security scam that installs ScreenConnect, a powerful remote access tool.
• Once installed, scammers gain full access to your computer, allowing them to steal banking details, personal data and more.
• The emails often bypass filters by embedding content as images and using compromised websites to appear trustworthy.
• If you receive an unsolicited SSA-related message, do not download or open any files from the emails, nor click on any links. Verify the message directly through your SSA account or by calling the SSA directly.
• To learn more, or if you believe you are the victim of an identity crime, contact the Identity Theft Resource Center. You can reach us toll-free by text or phone at 888.400.5530 or through live chat on our company website, idtheftcenter.org.

Scammers are posing as the Social Security Administration (SSA) in emails that look official, claiming your statement is ready to download. However, instead of a real document, the attachment installs a remote access tool called ScreenConnect, allowing criminals to gain full control of your computer. From there, they can steal sensitive information and commit fraud—all without you realizing it. This social security scam is especially convincing because it uses trusted names and real software, making it harder to detect at first glance.

Who Are the Targets?

Anyone who receives electronic communications claiming to be from the SSA, especially those who may be expecting to view or download official documents.

What is the Social Security Scam?

This social security scam involves sending phishing emails that pretend to be official SSA communications, notifying recipients that their Social Security statement is available. The emails encourage targets to download an attachment and follow instructions, claiming that the file is only compatible with Windows systems.

The attached file is actually a disguised ScreenConnect client, a remote access tool. Once installed, it grants cybercriminals complete control over the victim’s computer. The attacker can view, transfer and modify files; run malware; and steal sensitive information, all without the user’s knowledge.

This social security scam is made even more dangerous by using one, or several, of these stealth tactics:

• Emails are sent from compromised WordPress websites, which appear legitimate.
• The body of the email is often an image, making it difficult for email security filters to scan.
• The file may have a misleading name, such as SSAstatement11April.exe.

What they Want

• Steal personal and financial information like your banking details, PINs and other financial documents.
• Commit identity theft by stealing and using your personal information gleaned from your computer.
• Engage in financial fraud, which is the primary goal of this social security scam.

How to Avoid this Social Security Scam

• Do not download or open files from unsolicited emails, even if they appear to be from a government agency.
• Never click on links in unexpected messages; instead, go directly to the agency’s website.
• Verify SSA communications by logging into your official SSA account or calling the SSA directly.
• Use trusted anti-malware software and keep it up to date.

Contact the ITRC

If you have additional questions about this social security scam or believe you have been a victim of an identity crime, contact us. You can speak with an Identity Theft Resource Center expert advisor toll-free by text or phone (888.400.5530) or live chat on our company website. Just visit www.idtheftcenter.org to get started.