In a world filled with bad actors online, people have become conditioned to be suspicious of any emails that involve our personal information. That’s why federal employees across America were put on guard earlier this month when they received an email from the Social Security Administration.
In a short email, the SSA instructed Americans to create a new login using a new system. It even included a helpful link. In nearly all cases, I’d argue that this is a suspicious email.
Real or Fake?
The Federal Trade Commission provides various details to look out for in emails attempting to scam you. The problem is that this SSA email checked nearly all the boxes with multiple “red flag” items:
- generic greeting
- requesting action
- provides a link
While this email seems like a scam, it is real. The SSA did send out an official blast email to online account holders of “My Social Security” instructing them that they must create an account with Login.gov if their SSA account was created prior to September 18, 2021.
They are phasing out the older usernames and passwords and Americans will no longer be able to access their online accounts without the new login.
Now What? Be On High Alert
If your agency hasn’t already required that you create your Login.gov account, you should go ahead and do so. This will help make sure that you are up to date on your information.
Next, be on high alert. Scammers, phishers, and other bad actors will almost certainly seize the opportunity to get in front of Americans.
Now that you have been desensitized by this email, you are more willing to accept another email from the SSA (or other organizations) and not scrutinize it as carefully. This is exactly what fraudsters online are counting on.
Protecting Yourself
To help defend against potential problems, here are a few things to watch out for.
First, know how to spot fraudulent messages received. The Federal Trade Commission offers guidance to help with this.
Next, it may be helpful to know what the real email looks like. You’ll find a screenshot at the end of this column. There are helpful details to watch out for.
You want to see if the email comes from a legitimate “.gov” email address. Be careful not to confuse the email address domain with the email account name. The name of an email account can be customized to anything, so be watchful.
You should also be cautious of any phone calls received claiming to be from SSA, IRS, or any other agency. SSA and IRS representatives do not call you to ask about your information except for in rare and specific cases.
While less common, I have heard of cases where fraudsters also attempt to impersonate OPM if they know the call recipient is/was a federal employee, so please be aware.
I also encourage you to take this opportunity to check your credit report. This is a recommended annual exercise to ensure your information isn’t being used fraudulently. It’s best practice to freeze your credit if you don’t plan on applying for credit soon; just remember to unfreeze it if applying for loans or opening a new line of credit.
Remaining vigilant is the most important thing you can do. Take your time when reviewing (or listening) to information and take caution not to feel rushed into providing information. Fraudsters often rely on urgency, so make sure you always pause and do your research before moving forward with action.
