DON’T! DON’T! DON’T! If you get an email from Social Security saying your statement is attached DO NOT open it. It’s the latest scam to steal your information and your money, and this scam may be more dangerous than any Social Security scam so far.
According to Malwarebytes Labs, cybercriminals known as Molatori are running a sophisticated phishing campaign to get control of your computer. It works like this. You get an email that appears to be from the Social Security Administration with a message that says, “Your Social Security Statement is now available.” Then you’re prompted to download what looks like an official document. But the attachment isn’t a statement at all. It’s an installation file that gives hackers the same kind of remote access to your computer that you would give an IT professional who’s troubleshooting technical problems. Once hackers have control they can:
- Install malicious software
- Access and steal sensitive files
- Monitor your online banking activities
- Capture passwords and login information
- Transfer money from financial accounts
- Collect personal data for identity theft
What makes Molatori’s attack so dangerous is how it bypasses common security measures. The phishing emails are sent from compromised WordPress websites with legitimate domain names, which allows the hackers to get past spam filters. Sometimes the scammers send email content as an image rather than text so security tools don’t scan for suspicious wording.
So, what can you do to make sure you don’t become a Molatori victim?
- Never download attachments from unsolicited emails, even if they appear to come from government agencies.
- Access your Social Security information directly through the official Social Security Administration website (ssa.gov).
- Set up a “mySocialSecurity” account at ssa.gov.
- Be very suspicious of any email asking you to download files.
- If you’re not sure that an email is legitimate, do an online search for phrases in the message to see if they’re associated with known scams.
- Before opening an email, place your cursor on the name of the sender. The email address will pop up and may give you an indication whether the email is legitimate.
- Keep security software updated on all devices.
This isn’t the first time scammers have impersonated the Social Security Administration this year. The Office of the Inspector General has already issued an alert about fraudulent emails containing links to fake SSA websites.
Always keep this in mind. The Social Security Administration will never send your statement as an attachment that needs to be downloaded. If you want or need your Social Security statement, go directly to your “mySocialSecurity” account at ssa.gov and download the statement there.
If a cybercriminal gets access to your computer, they can take everything you’ve got!
This information is presented for informational purposes only and does not constitute an offer to sell, or the solicitation of an offer to buy any investment products. None of the information herein constitutes an investment recommendation, investment advice or an investment outlook. The opinions and conclusions contained in this report are those of the individual expressing those opinions. This information is non-tailored, non-specific information presented without regard for individual investment preferences or risk parameters. Some investments are not suitable for all investors, all investments entail risk and there can be no assurance that any investment strategy will be successful. This information is based on sources believed to be reliable and Alhambra is not responsible for errors, inaccuracies, or omissions of information. For more information contact Alhambra Investment Partners at 1-888-777-0970 or email us at info@alhambrapartners.com.
