Scammers have a new way of getting to you. Their weapon: a phishing email claiming to come from the Social Security Administration.

The subject line reads “Get Protected” and the return address appears as “no-reply@ssa.gov.” The email appears to offer new features that will help you monitor your credit report and warn you of unauthorized users of your Social Security number. It even refers to the IRS and mentions the “SAFE Act 2015.” All you need to do to register is click on a link.

This Social Security email is a classic phishing ploy, a form of identity theft in which hackers use fraudulent websites and fake emails to attempt to steal your personal data, especially passwords and credit card information. Clicking on the link may open your computer to malware, such as viruses and spyware. Or the link might send you to a spoof site—a copycat version of the Social Security Administration’s site—to trick you into entering your personal information, including your Social Security number. 

Figuring Out Whether It's Fake

Before you click on any link—ever—take a minute to check it out. These clues from the Social Security email scam will reveal whether the email can be trusted or should be tossed. Here's how to do it: 

  • Hover your cursor over the address link. The URL of the fake Social Security email directs you to an unrelated “.com” address, not the Social Security Administration’s legitimate ssa.gov or another .gov site.
  • Examine the name of the sender. In the case of AAFE Act 2015, nothing seems wrong with the name. Phishing emails often use real-sounding names in order to gain credibility. But look further, and there is reason to be suspicious. While the SAFE Act was passed by the House of Representatives last November, the acronym stands for Security Against Foreign Enemies and refers to the Iraq and Syrian refugee crisis. It has nothing to do with the Social Security Administration.
  • Ask yourself why this email ended up in your spam folder. Email providers use filters to prevent phishing scams and spam from infiltrating your email. If an email ends up in your spam folder, it could be a sign that it's not legitimate.
  • Contact the agency yourself. If you’re unsure about a Social Security email that claims to come from the government, call or email the agency. Just be sure to look up the address on Google; if you use the contact info listed in the phishing email, you’ll be directed back to the scammer, who'll try to convince you that the site is authorized.

Report all questionable emails to the FTC and to the organization impersonated in the email.