Extra Security for ssa.gov?

[Spock]

I got a strange email today from ssa.gov (supposedly) saying I had a message, to log into the acct (there's a link), etc.
Alarm bells go off that it's phishing.
So I go to ssa.gov by typing the URL into a browser window, log in, and there are no new messages and nothing in the message archive so.. the email was phishing.
BUT. I just happened to notice the 'you last logged in' date said I logged in yesterday. I did not. Now other alarm bells are going off.


I changed the password, added security questions, etc.

The 'my ssa' site offers "additional security". Says it will ask for 8 digits of a credit card, W2 info, or info from a 1040-SE (self employment return) and there is a 10 day snail-mail paper process to add the extra security.

The credit card is a no brainer (assuming they use a current card), I haven't had a W2 in 6 years. Never had a 1040-SE.
I don't expect a bureaucracy to ask a question I'll recognize.


Has anybody else enabled the extra security feature on the SSA site?
Any problems?

My other option is to disable online access... don't really want to do that as I turn 62 next year... I don't plan to claim at 62, but I'm also hemorrhaging cash the this year and want to keep options open.

 

[Sunset]

I keep bookmarks of sites I will visit, instead of typing them in as I could make a mystake while tyuping

I've never heard of a CC being used as security, very odd. Since for some CC , the first 4 digits are pretty much the same. So one only needs the last 8 to have a CC number.

 

[Spock]

The clown college graduates strike again.
When I logged in and changed my password on a maintenance page, I just got a "password RESET" warning email from SSA. Maybe I'm cursed by being a software engineer, but a reset is for when you forget your password and is a completely different process than changing your password on an account maintenance page... but apparently SSA programmers don't see that distinction.

 

[homestead]

I just got an email from SSA saying I had a message. I checked the link in the email and it was the correct one to login to SSA. I did have a message but it was a pdf version of the what they had just mailed to me of my new monthly payment a few days ago.

 

[Spock]

Just now I got a text message from SSA saying I had a new message.
But my account does not have text notification enabled. My wife has text notification enabled but the only message up there was an already read msg from 11/30.

 

[RetMD21]

I just got an email from SSA saying I had a message. I checked the link in the email and it was the correct one to login to SSA. I did have a message but it was a pdf version of the what they had just mailed to me of my new monthly payment a few days ago.

Me too it was my 2023 IRMAA statement pdf although there was no new message indicator o the site. I have 2 factor turned on, isn't it required?

 

[disneysteve]

Whenever you get a suspicious email, the first thing to do is check the sender’s address. If it came from an ssa.gov account, fine. But if it came from morgan19xxx@hotmail.com it’s safe to assume it’s spam.

 

[Spock]

Whenever you get a suspicious email, the first thing to do is check the sender’s address. If it came from an ssa.gov account, fine. But if it came from morgan19xxx@hotmail.com it’s safe to assume it’s spam.

email addrs can be spoofed same as phone numbers.

 

[Sunset]

And the old method of hovering over a link to see if it's real is not so good these days.

Now scammers can use a certain encoding (language type) to put in letters that look real, but are different. A tiny dot above or below some letters is the give away, but it' hard to see unless one is very careful and has good eyesight. Makes the URL look real when hovering over it.

 

[RetireBy90]

I have received email notification of new message which was the new payment amounts and Medicare amounts. DW and I both got paper copies of the same mailed 2 times in last weeks. They seem to be sending duplicate notifications for some reason.

 

[pacergal]

We also got the notifications this past week. It was the new payment amounts for 2023.
DH and I have set the two factor authorization for our account. Can't log in with out a code that is texted to our phones.