How scammers break into Social Security accounts and steal benefits

For the past two decades, Liz Birnbaum's 88-year-old mother, Marge, has received her Social Security check on the second Wednesday of every month. It's her only source of income, which pays for her room at the long-term care center, where she arrived last October after suffering a stroke.

When the deposit didn't arrive in January, they checked into Marge Social Security AccountThey found some startling evidence: the last four digits of a bank account number that didn't match her own, at a bank they didn't recognize.

“Someone walked in, and then I hit the panic button,” said Ms. Birnbaum, of Chappaqua, New York.

It quickly became clear that a scammer had redirected $2,452 to an unknown Citibank account. Marge, who lives in Minnesota, had never dealt there before. (Ms. Birnbaum has asked that her mother be referred to by her first name only to protect her from future fraud.)

Ms. Birnbaum immediately began making calls to put things right. When I finally called a Social Security representative from a local office in Bloomington, Minnesota, the representative casually mentioned that this happens “all the time.”

“I was stunned,” Ms. Birnbaum said.

Social securityRelated scams, in general, are rampant – scammers posing as employees to try to extract money and valuable identifying details from people in a variety of locations. Advanced schemes. But this scam in particular — where criminals use stolen personal information to break into online Social Security accounts or create new ones, shifting benefits elsewhere — has plagued people for more than a decade.

Once scammers have access to an individual's Social Security account online, they can change the beneficiary's address and direct deposit information, or request replacement cards.

Almost everyone is a potential target. The Social Security Administration sends checks to more than… 70 million Beneficiaries, including retirees and the disabled, total approximately $120 billion per month. An estimated 2,000 beneficiaries had their direct deposits redirected last year, according to Social Security Administration fraud officials.

It can be a profitable scam, and a devastating loss of interest. An estimated $33.5 million in benefits — intended for about 21,000 recipients — were redirected in a five-year period ending in May 2018, according to the most recent review from the Office of Inspector General, an independent group responsible for overseeing investigations and audits at the agency. Another $23.9 million worth of fraudulent redirects were prevented before they occurred during the same time period.

“The scammers were able to obtain enough information about the true beneficiary to convince the Social Security Administration that they were the beneficiary,” said Jeffrey Brown, deputy assistant inspector general at the Office of Social Security. the general inspectorwho analyzed The case is in 2019. “Once they got to the front door, they were able to change their direct deposits.”

Social Security fraud has surged during the pandemic, According to the Office of Inspector General Officials, when Social Security offices were closed to the public, forced people to rely on the agency's online services.

The Federal Trade Commission, which collects self-reported complaints from consumers, said more than 7,600 people reported transferring their benefits from 2019 through the end of 2023, with an uptick in activity last year.

“Many consumers tell us they discovered their direct deposits were redirected to another account or to a fraudulent account,” said Maria Mayo, associate director of the FTC's Division of Consumer Response and Operations. “A lot of times they say they received a scam call and provided their information, and they believe that's how that information was used to redirect interest.”

In another development, there were nearly 6,100 fraudulent claims last year, or 0.3% of all retirement claims filed online, which involved criminals who applied for benefits on the earnings records of Americans who had reached retirement age, but did not claim. After the benefits. Social Security fraud officials said.

Criminals collect the personally identifiable information they need in any number of ways, which they later use to break into government accounts or create fraudulent accounts. You need a Social Security number to create an online account with the agency, but you don't need the full nine numbers to open an existing account.

Amy Nofziger, director of fraud victim support at AARP's Fraud Watch Network, recently scanned its database of cases and found a handful of victims whose Social Security number had been obtained by a third party within the past six months. An unsuspecting person gave it to a scammer promising insurance benefits. Another criminal pretended to be a representative of the victim's bank. In another case, the scammer pretended to be calling from a credit bureau to verify the victim's Social Security number.

Sometimes identity thieves claim to be calling from a doctor's office, and in other cases they are able to hack into someone's device and collect valuable information, such as passwords or other saved personal details.

When collecting different parts of someone's identity, scammers may also turn to marketplaces on the dark web, where a lot of personally identifiable information is sold — often stolen through security breaches.

People who live in medical facilities or assisted living facilities are also often vulnerable to these crimes, said Pam Dixon, executive director of the Global Privacy Forum, a research group focused on data management and protection. She added: “It is one of the worst forms of identity theft.”

Just months before the redirection of MARGE benefits, the Office of Inspector General issued a report Which said the administration's portal, called My Social Security, did not fully comply with federal requirements for identity verification: It said it did not go far enough to verify and validate the identities of new registrants, in all cases. Once the account is created through one of… Two identity verification portalswhich is required to access my Social Security account, and the agency does not require users to re-verify their identities with sufficiently strong evidence (such as providing a driver's license with a selfie, for example).

This was not the first time independent investigators found shortcomings date back to Introducing the My Social Security Portal in 2012. The Office of Inspector General recommended strengthening the digital identity verification process in 2016, and while the agency made several improvements, OIG officials said it was still not fully compliant when it released the My Social Security Portal. Last audit in 2023.

The Social Security Administration said it has implemented many of the office's recommendations since launching the portal, including adding a fraud analysis team to conduct investigations. The agency has also updated its identity verification process to respond to emerging threats, and plans further updates, she added.

“Our office conducts ongoing analyzes of online transactions and looks for anomalous behavior, and if we see new characteristics, we flag them and implement additional controls to stop any potentially fraudulent behavior,” said Joe Lopez, assistant deputy commissioner for analytics. Audit and oversight in social security.

“The environment is always evolving, and we adjust our models as needed,” he added.

The Social Security Administration mails notices to beneficiaries asking them to contact the agency if they have not authorized a recent change in their direct deposit information, resulting in millions of dollars in benefits being diverted and lost, OIG officials said. It is also possible to block changes to accounts.

It was impossible for someone like Marge to correct the problem on her own. It was hard enough for Ms. Birnbaum, a marketing consultant, and her brother, who lives near their mother in suburban Minneapolis, who worked together to recover benefits and secure Marge's account.

Ms. Birnbaum — who reported the crime to the Office of the Inspector General and the FBI and notified state and federal representatives — once spent two and a half hours on hold with the Social Security Administration before connecting with a regional caseworker. The representative was able to see that her mother's direct deposit information had been changed in early December, the month before the benefits disappeared.

Mrs. Birnbaum's brother visited their mother's local Social Security office and became “Marge.”Beneficiary representative“, allowing him to handle her affairs (Social Security does not accept powers of attorney).” They had to find ways to make the correction without bringing Marge into the office, which Ms. Birnbaum said would have been a “daunting task.”

Marge received the missing funds on March 1, about a month and a half after the problem was discovered.

“For her, it ended happily, but for many, who don’t have advocates lobbying every day, it is the cybercriminals who win,” Ms. Birnbaum said.

How to protect yourself from Social Security fraud

Consider closing your accounts. construction My Social Security accountbut then add Electronic services block, a feature that prevents anyone, including you, from seeing or changing your personal information online. You will need to contact your local office to have it removed.

Another feature, Direct Deposit Fraud Prevention, prevents anyone from signing up for direct deposit, or changing your address or direct deposit information through your online account or financial institution. You must contact your local office to make any changes or to remove the ban.

Don't trust, check too. If your phone's caller ID says “Social Security Administration,” don't trust it — it may be a spoofed number and just the agency Calls Beneficiaries in limited cases call back the agency through its main line 1-800-772-1213 or call a local location using its number Office locator.

a report suspected Tricks And scam to Office of Inspector General website Or call 1-800-269-0271.

communication Federal Trade Commission if you suspect someone may also have used your personal information during Its website Or call 1-877-IDTHEFT (1-877-438-4338).

review Social Security Administration Resources page On how to spot scams.