If you receive an email about your Social Security statement, proceed with caution: According to a new report from Malwarebytes Labs , hackers are impersonating the Social Security Administration (SSA) to trick people into installing a remote access tool and handing over full control of their devices.
The SSA is no stranger to phishing scams—the Office of the Inspector General put out an alert last month warning the public of fraudulent emails purporting to include Social Security statements that in reality led to fake websites.
How the Social Security phishing scam works
The current attack is the work of a phishing group known as Molatori. It begins with an email that appears to come from the SSA with the message, “Your Social Security Statement is now available” and a prompt to download an attached document. The supposed statement is actually a ScreenConnect client, which grants remote control of the affected device.
ScreenConnect is a legitimate remote support platform for IT pros to help users configure systems and resolve technical issues by allowing the same access as if they had your device in hand. Once hackers have control of your computer via ScreenConnect, they can use it for anything from installing malware to transferring files to accessing sensitive data, like bank and financial account information, all without your knowledge.
Financial fraud is believed to be the main objective for this campaign, but as always, stolen data can be used for identity theft or sold to other malicious groups.
As Malwarebytes Labs describes, this scheme is hard to identify in part because the phishing emails originate from compromised WordPress sites with legitimate domains. The email body may also be sent as an image rather than text, making it harder for filters to detect it as malicious.
How to protect yourself
All of the common cautions for avoiding phishing scams apply here. Do not click on links or download or open files or attachments sent via email, especially if the message is unsolicited. Go directly to the company’s or organization’s website to locate important documents and verify communication. Attacks that come from compromised (but legitimate) domains can be trickier to catch, so be especially wary of anything you’re instructed to download, click, or fill out from an email.
If you are unsure whether an email or message is real and safe, Malwarebytes also suggests copying some of the text into a search engine to determine if it is part of a known phishing campaign.
