The subject line says “Get Protected,” and the email talks about new features from the Social Security Administration (SSA) that can help taxpayers monitor their credit reports, and know about unauthorized use of their Social Security number. It even cites the IRS and the official-sounding “S.A.F.E Act 2015.” It sounds real, but it’s all made up.
It’s a phishing email to get you to click on a scammer’s link. If you do, a scammer can install malware — like viruses and spyware — on your computer. Or, the link might send you to a spoof site — a lookalike website set up by a scammer to trick you into entering your personal information.
Not sure if an email is really from the government? Here are a couple of clues. Did the email end up in your junk folder? Email providers use filters to help catch phishing scams and prevent spam from getting into your inbox. And when you hover your cursor over the link, is the web address really a trusted website? In this fake SSA email, when you hover over the URL you’re invited to click on, you see the link goes to an unrelated “.com” — instead of the Social Security Administration’s socialsecurity.gov or another “.gov” site.
If you get a questionable email, don’t click on any links, or open any attachments. Report it to the FTC by forwarding the email to firstname.lastname@example.org — and to the real organization impersonated in the email. You also can report it to your email provider. Some email providers let you mark messages as phishing scams. Your report is most effective when you include the full email header, although most email programs hide this information. To find out the full header, type the name of your email service with “full email header” into your favorite search engine, and include this information in your report. When you’re done, delete the email.
If you’re unsure about an email that looks like it’s from the government, contact the agency directly. But find the contact info yourself.