Are your Social Security benefits secure?

Social Security fraud is on the rise, and cybercriminals are specifically targeting people of retirement age. Recent high-profile security breaches — Equifax, Yahoo, and Uber, to name a few — have exposed personally identifiable information of millions of Americans, so it’s more critical than ever to remain vigilant about protecting yourself from identity theft and to take steps to secure your personal data.

Imagine the following scenario: You’ve reached retirement age, but you’re waiting a few more years before you “call it a career” and start collecting your retirement benefits. One day in February, you receive a letter from the IRS along with Form SSA-1099 documenting that you received thousands of dollars in Social Security benefits the previous year. So why would the IRS believe you applied for and received benefits? The answer is likely that your identity has been stolen.

Unfortunately, examples like the one described above are not merely hypothetical. A similar scenario played out for a 67-year-old financial planner in Colorado, who discovered a cybercriminal had used his identity (likely obtained as a result of the Equifax breach) to steal more than $19,000 in Social Security benefits.1 A hacker can easily utilize a stolen Social Security number (SSN) to register for retirement benefits and request a direct deposit from the IRS into a bank account of their choice.

This type of fraud has increased in frequency over the years, and there are few signs of this activity slowing. The 2017 Data Breach Year-End Review by the Identity Theft Resource Center® (ITRC) provides some eye-opening figures on SSNs that were exposed in recent data breaches:

“Throughout 2017, there were 830 data breach incidents involving SSNs, representing more than half of the total reported number of breaches. As a result of these breaches, nearly 158 million SSNs were exposed…”2

If you’re between ages 62 and 70 and have yet to claim Social Security benefits, you are at an increased risk for Social Security fraud. People between ages 66 and 67 are the most likely to be targeted as they are reaching the age at which they can claim full retirement benefits, and the Social Security Administration (SSA) will pay up to six months of retroactive retirement benefits – providing the cybercriminal with the largest possible payout.

Social Security fraud is contributing to a multi-billion problem for the SSA. According to a December 2016 Investopedia article:

“The SSA ranks third among government agencies when it comes to improper payments, including fraud. The total of estimated improper SSA payments in 2015 was $9.8 billion. Retirement, survivors, and disability insurance made up about $5 billion of that amount, while supplemental security income accounted for the remaining $4.8 billion.”3

Safeguard yourself from Social Security fraud

While this is not a small-scale problem for the government to solve, there are simple steps you can take as an individual to protect your Social Security benefits.

  1. Register a “my Social Security” account online. This proactive step can be done immediately. By registering your account ahead of time, your identity with the SSA is protected against modification by anyone else. As an additional security measure, make sure to enable the two-factor authentication option within your account.
  2. Identity theft protection. Seek out a security solution that will monitor for identity theft, alert you of possible compromises, and help with remediation if necessary. There are several options available that will provide monitoring for an entire family at a very reasonable monthly rate. We recommend using a service that is not tied to one of the major credit bureaus.
  3. Protect your Social Security number. First and foremost, don’t carry your Social Security card in your wallet or purse. Also, you should also only conduct business with companies that put a high emphasis on keeping sensitive information secure. While operating online, be sure you are practicing good cyber hygiene – a few best-practice examples include:
    • Patching your systems regularly
    • Being wary of strange links in emails (don’t click!)
    • Checking to see if websites you provide with personal information have valid SSL certificates
    • Using personal virtual private network (VPN) solutions when you connect to public Wi-Fi networks (or avoiding public Wi-Fi altogether)

You should also be cognizant of impersonation schemes via phone. In this common scam, someone posing as an SSA employee might ask you to make an immediate payment (by a specific method), ask for personal information, and even threaten arrest for noncompliance. Hang up if you receive a suspicious phone call, as an SSA employee should never demand immediate payment or threaten you — and they’d only need verification of personal information in a few specific circumstances.

What to do if you’re a victim of Social Security fraud

If you believe you are the victim of identity theft, including Social Security benefits fraud, the first thing you should do is report the incident to the Social Security’s Office of the Inspector General. To report by phone, you can call the hotline (800-269-0271) Monday through Friday between 10 a.m. and 4 p.m. EST. Or you can complete the online form at any time ( You can also report the suspected fraud in person at your local SSA office.

If you have additional questions about taking steps to protect yourself from identity theft or Social Security fraud, please reach out to Kraft Technology Group. We’d be happy to assist you.


Search Site

Search Team

Search Articles