OHIO VALLEY — The subject line says “Get Protected” and the email talks about new features from the Social Security Administration that can help taxpayers monitor their credit reports, and know about unauthorized use of their Social Security number. It even cites the IRS and the official-sounding “S.A.F.E Act 2015.”
It sounds real, but it’s all made up.
It’s a phishing email to get people to click on a scammer’s link. If you do, a scammer can install malware — like viruses and spyware — on your computer. Or, the link might send you to a spoof site — a lookalike website set up by a scammer to trick you into entering your personal information.
Not sure if an email is really from the government? Here are a couple of clues. Did the email end up in your junk folder? Email providers use filters to help catch phishing scams and spam from getting into your inbox. And when you hover your cursor over the link, does it really go to a trusted website? In this fake SSA email, when you hover over the url, you’re told to click, you see the link goes to an unrelated “.com” — instead of the Social Security Administration’s ssa.gov or another “.gov” site.
If you get a questionable email, don’t click on any links or open any attachments. Report it to the FTC by forwarding the email to email@example.com — and to the organization impersonated in the email. You also can report it to your email provider.
Some email providers let you mark messages as phishing scams. Your report is most effective when you include the full email header, but most email programs hide this information. To find out how to include it, type the name of your email service with “full email header” into your favorite search engine. When you’re done, delete the email.