'Social Security Account Missing Information' Scam
An investigation into the 'Social Security Account Missing Information' spam email has revealed that it functions as a phishing tactic. The email purports to be about the recipient's social security documentation, which is said to be included in an attached file.
The attached file is labeled as 'encrypted' and requires the recipient to log in with their email account to access it. However, the login credentials entered by the recipient are recorded and sent to the fraudulent individuals behind the 'Social Security Account Missing Information' spam campaign.
Lure Claims Found in the 'Social Security Account Missing Information' Scam Emails
The email, with the subject line 'Your Social Security Document is now available' (which is possible to vary), informs the recipients that their social security account is missing information and provides an attachment supposedly containing the missing documentation. The attachment is said to be encrypted for security purposes, and the recipient is asked to review it for accuracy and notify the sender of any errors or necessary changes. The email instructs the recipient to log in with their email account to access the file, claiming that it uses multi-factor authentication.
However, upon downloading and opening the attachment, the HTML file presents itself as an encrypted PDF document and instructs the recipient to log in with their email to decrypt it.
Still, this 'Social Security Account Missing Information' email and its attachment are both fake and are part of a phishing tactic. Any information entered into the bogus file will be compromised by the fraudsters.
The Consequences of Falling for a Phishing Tactic may be Severe
Cybercriminals also may be able to collect other information obtained through the exposed email account, such as social media accounts, usernames and passwords, and personal information. This information can be used to request loans from contacts, promote tactics and spread malware. Additionally, any hijacked finance-related accounts, such as online banking or digital wallets, can be used to make unauthorized transactions and purchases.
