I just received an email that looks suspicious, but it’s an SSA Critical Alert Notification that seems to be from the Society Security Office. I rely on my SSA so can’t afford to ignore any problems that might arise. Is it legit? How can I tell?? Help!
Any time you get an email, letter, text message, or phone call that creates anxiety your first step is always to slow down and take a deep breath. There are a lot of scammers out there, and some of them are very slick and sophisticated in their attacks. They can come across as concerned and friendly, wanting to help you out of a risky situation, but they all have the same ultimate goal: To separate you from your money or other property.
One of the most common scams is related to the United States Social Security Administration because almost all older folk receive money from the SSA so it’s a government agency that’s top of mind. Even if you don’t receive a check, it’s like the Internal Revenue Service and other governmental and law enforcement agencies in that you never want to have a problem arise. These nefarious scammers prey on that, creating a sense of urgency that too often overrides common sense and a healthy dose of skepticism.
Don’t be that person!
Since what you received is indeed a scam, I found a similar message in my massive spam archive (over 3,000 messages a month, which is ridiculous) which I’m going to dissect so you can do your own detective work next time too. Key is that most scammers are lazy and offer clues that it’s fake. The very best might go to significant lengths to appear legit – including printing up high-quality stationary, setting up scam Web sites that seem “kinda” legit, having ID badges if they knock on your door and more. Beware!
SCAM EMAIL FROM THE SSA
Here’s the email message I received from “Wendy Parlin”:
Right off the bat, it’s suspicious for a lot of reasons. Why would someone use an @gmail.com address to send me an official communication about the Social Security Administration? Why isn’t their email address their name rather than “firstname.lastname@example.org”? Why didn’t they sign their email? Why was it sent as a PDF attachment?
See the tiny triangle adjacent to “to me” near the top? Turns out if you click on it, Gmail (which it’s probable you use too) offers more information about the sender and the message:
You can see this highly suspicious message info. That email address is a sufficient red flag that you should just delete this message and move on with your day. No government agency will ever send email from a free email service like Gmail, Yahoo, or Comcast. None.
If not, what’s with the subject? “SSA Critical Alert notification”, okay, but “OGVPMRHB49O8PXJV69MT5C”? You can bet that while the real Social Security Administration uses case numbers, they’re not quite so much like a cat running across a keyboard.
You should never do what I did at this point either: Click to view the attachment. It’s one way you can end up getting malware surreptitiously installed on your computer, which can cause all sorts of other headaches. I did, though (safely) and the PDF attachment opened up to reveal:
Even a relatively lazy scammer could have at least had the Case ID in this notification match that in the subject line and use their name again, but… the much bigger issue here is that it’s just a dumb attack in the first place; the Social Security Administration doesn’t “temporarily suspend” accounts. If there was a legit problem, don’t you think they’d send physical mail to your address on file anyway, not email you a PDF doc from a Gmail account? 🙂
Wondering why they space out that phone number (805) 744-1095 like that? So spam filters don’t detect it (even in the PDF) and flag the message as garbage. Another red flag.
Still, tempted to call and check? Then go to the Web site and find a help number don’t trust any number that shows up in an email, text message, or even a legit-looking letter. As I said at the beginning, some scammers are pretty sophisticated in their attacks. Let’s go to the SSA site…
THE SOCIAL SECURITY ADMINISTRATION WEBSITE
It’s easy to type in the address to ensure you go to the real Social Security Administration site, it’s “ssa.gov“. I’m not going to give you a clickable link because this is an instance where you shouldn’t trust any Web page either; if you want to be 100% sure you’re going to the right place, type in the address.
When you get to the SSA site, the first thing you’ll notice is that they have a scam alert on the top!
Before you proceed, however, a quick check to see if it’s the legit site. You can click on “Here’s how you know” on the very top of the page to reveal this info:
Lock? Notice on the address bar of the Web browser there’s a tiny padlock icon. Turns out you can click on it to learn more about the site’s security! Here’s what ssa.gov reveals:
That’s legit, so I’m on the real Social Security Administration site. Good. Now let’s learn more about scams from the organization itself…
If you wanted to log in to your account at this point to check for notifications and alerts, you can be confident you’re on the real site and will get legit and accurate information. And as for your new friend Wendy Parlin? I’d mark her email as spam and forget about it.
Pro Tip: I’ve been writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting. Thanks!