Summary: Email purporting to be from Social Security Administration claims that the recipient's Social Security statement may contain errors and urges him or her to click a link to review the statement (Full commentary below).
Status: Message is a scam designed to install malware and steal information
Example:(Submitted, November 2009)
Subject: Watch for errors on Social Security statement
Due to possible calculation errors, your annual Social Security statement may contain errors.
Use the link below to review your annual Social Security statement:
Review your annual Social Security statement [Link to scam website removed]
This e-mail has been sent from an auto-notification system that cannot accept incoming e-mail.
This email, which purports to be from "Social Security Administration", claims that the recipient's annual Social Security statement may contain errors. It urges recipients to click a link in the message in order to review a copy of the statement and look for "possible calculation errors".
However, the message is not from Social Security Administration. Instead, it is a scam email designed to harvest social security numbers and trick users into installing an information stealing computer trojan. Those who click on the link will be taken to a bogus website designed to resemble the genuine United States Social Security Online website. Visitors are first asked to enter the Social Security Number and then click a "Continue" button. They are then taken to a second look-a-like webpage where they are instructed to click another button that will supposedly generate their annual Social Security statement.
Clicking the button does not generate a statement however. Instead it downloads and installs a version of the Zbot.P trojan. Once installed on the victim's computer, the trojan can collect sensitive information such as passwords and transmit them to Internet criminals.
Social Security Administration, and other government entities such as the IRS are often used by scammers as a means of tricking people into submitting private information or downloading malware. Beware of unsolicited emails from government departments that request you to follow a link or open an attachment to provide information or review documents. Government departments are very unlikely to ask citizens to provide private personal or financial information via an unsolicited email. If you need to login to a government department's official website, be sure to do so by typing the address in your browser's address bar rather than clicking a link in an email.
Scammers have used similar tactics to target United States Social Security Administration clients a number of times in the past. Scammers also regularly target citizens of other nations via similar scam emails that falsely claim to be from government departments such as the Australian Tax Office or Canada's Department of Finance.