(Credit: SAUL LOEB/AFP via Getty Images)
Another day, another scam. Cybercriminals are sending fake Social Security emails to trick victims into installing a remote access tool on their computers, Malwarebytes reports.
The emails appear to come from the Social Security Administration (SSA) and prompt you to download a Social Security statement. Quite often, the entire email is in the form of an image, and clicking on the download link will allow malicious actors to install a remote access tool called ScreenConnect.
The attack has been linked to a phishing group called Molatori. Their primary goal is to take control of your PC, steal sensitive or banking information about you, and commit financial fraud. They can also use the stolen data for identity theft and other harmful activities.
To avoid falling for this trap, pay attention to your messages. Since these emails are generated on compromised WordPress sites and are delivered as images, they tend to pass through email filters quite easily. You’ll have to verify the source of the email independently and avoid clicking on links to open or download files unless you’re sure they are not malicious.
To download Social Security statements, the SSA recommends visiting ssa.gov and accessing them yourself.
Additionally, you should look for some obvious giveaways. In phishing emails, the grammar often seems off, or punctuation may be missing, as seen in the screenshots shared by Malwarebytes and the SSA. Odd color combinations for links and wonky paragraph alignment are some other telltale signs. That said, phishing emails are getting sophisticated and harder to spot, thanks partly to AI.
(Credit: SSA)If you are a victim of this scam, the SSA recommends cutting off any communication with the scammer, reporting the issue to the SSA OIG, and filing a police report. If you have lost money, you should file a complaint with the FBI’s Internet Crime Complaint Center.