The Weekly Breach Breakdown: Remote Control – How Social Security Scam Emails Open the Door to Identity Theft

Summary

• This episode of the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown highlights a new phishing campaign impersonating the Social Security Administration (SSA).  
• The Social Security scam email tricks recipients into downloading and installing a dangerous remote access tool called ScreenConnect. 
• When installed, this tool gives attackers complete control over the victim’s computer, allowing them to steal data or install malware. The phishing campaign uses convincing emails and attachments labeled as official SSA documents. 
• To avoid a Social Security scam email, remain cautious of unexpected emails, especially those prompting downloads or installations and follow the steps to stay safe. 
• To learn about the latest data compromises, consumers and businesses should visit the ITRC’s data breach tracking tool. If you believe you are the victim of an identity crime, call or text toll-free at 888.400.5530 or live chat on our website, www.idtheftcenter.org.  

Full Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for May 9, 2025. I’m Timothy Walden. Thanks to SentiLink for their support of the ITRC and this podcast. Each week, we bring you the latest developments in data security and privacy. Today, we’re talking about a phishing campaign that’s both convincing and dangerous—Social Security scam emails. It could end with someone taking complete control of your computer. It starts with a fake email from the ‘U.S. Social Security Administration’ or SSA. 

The subject line? “Your Social Security Statement is now available.” 

It sounds official. It even thanks you for choosing electronic delivery and invites you to download your statement. There’s a note at the bottom that says it only works on Windows PCs—another detail that adds a false sense of legitimacy. But that attachment? It doesn’t contain your Social Security statement. It contains something much more sinister: a remote access tool called ScreenConnect. 

ScreenConnect, recently rebranded from its previous name, ConnectWise Control, is a legitimate program IT teams use to provide technical support remotely. If you’ve ever had a tech person fix your computer by taking over your screen, they might have used a tool like this. The key difference here? You didn’t ask for help. And the person on the other end isn’t there to fix your computer—they’re there to hijack it. 

Once installed, ScreenConnect gives an attacker nearly complete control over your machine. They can move your mouse, open files, install software, run scripts, and, yes, plant malware—all without your knowledge. They can see what you type, what you access and what data you store. It’s like handing over your house keys to a burglar disguised as your mail carrier. 

The phishing group behind the Social Security scam emails—nicknamed Molatori based on the domain names they use—crafts emails that look and feel authentic. The SSA is such a trusted source that the scam works. People click. They download. They install. Suddenly, their personal data is wide open to exploitation. So, how can you protect yourself? 

Here are a few practical steps to avoid a Social Security scam email: 

1. Be skeptical of unexpected emails, even those that appear to be from government agencies. The SSA doesn’t send attachments asking you to download software. 
2. Never install software from an email attachment unless you’re 100 percent sure it’s from a legitimate source and you’ve verified it independently. 
3. Use antivirus and anti-malware tools to flag and block suspicious activity. Many of these tools can catch remote access apps like ScreenConnect if used maliciously. 
4. Enable multi-factor authentication on your key accounts so that even if someone gains access to your computer, they’ll have a harder time getting into your personal accounts. 
5. Report suspicious messages to the appropriate authorities. If you believe you’ve already installed a tool like this by accident, disconnect from the internet and seek help immediately from a trusted IT professional. 

If you have concerns about how your personal information may be at risk, Social Security scam emails, or if you suspect you’ve fallen victim to fraud or identity theft, the ITRC is here to help. You can speak with an expert ITRC advisor by phone or text, chat live on the web, or exchange emails during our regular business hours (6 a.m. – 5 p.m. PT). Just visit idtheftcenter.org to get started. 

Thanks to SentiLink for their support of the ITRC and this podcast. Please hit the like button for this episode and subscribe wherever you listen to your podcasts. We will return next week with another episode of the Weekly Breach Breakdown. I’m Tim Walden; until then, thanks for listening.