Another day, another scam. Cybercriminals are sending fake Social Security emails to trick victims into installing a remote access tool on their computers, Malwarebytes reports.

The emails appear to come from the Social Security Administration (SSA) and prompt you to download a Social Security statement. Quite often, the entire email is in the form of an image, and clicking on the download link will allow malicious actors to install a remote access tool called ScreenConnect.

One of the fake Social Security emails in circulation (Credit: Malwarebytes)

The attack has been linked to a phishing group called Molatori. Their primary goal is to take control of your PC, steal sensitive or banking information about you, and commit financial fraud. They can also use the stolen data for identity theft and other harmful activities. 

To avoid falling for this trap, pay attention to your messages. Since these emails are generated on compromised WordPress sites and are delivered as images, they tend to pass through email filters quite easily. You’ll have to verify the source of the email independently and avoid clicking on links to open or download files unless you’re sure they are not malicious. 

To download Social Security statements, the SSA recommends visiting ssa.gov and accessing them yourself. 

Additionally, you should look for some obvious giveaways. In phishing emails, the grammar often seems off, or punctuation may be missing, as seen in the screenshots shared by Malwarebytes and the SSA. Odd color combinations for links and wonky paragraph alignment are some other telltale signs. That said, phishing emails are getting sophisticated and harder to spot, thanks partly to AI.

(Credit: SSA)

If you are a victim of this scam, the SSA recommends cutting off any communication with the scammer, reporting the issue to the SSA OIG, and filing a police report. If you have lost money, you should file a complaint with the FBI’s Internet Crime Complaint Center.

Get Our Best Stories!

Stay Safe With the Latest Security News and Updates

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

About Jibin Joseph

Contributor

Jibin is a tech news writer based out of Ahmedabad, India. Previously, he served as the editor of iGeeksBlog and is a self-proclaimed tech enthusiast who loves breaking down complex information for a broader audience.

Read Jibin’s full bio

Read the latest from Jibin Joseph