I got phished

[Mr._Graybeard]

I got an email from ssa.gov yesterday saying I had an appointment for a phone interview. Here's the text of the email:

Phone Claim Appointment
Thank you for contacting the Social Security Administration. You scheduled a Phone appointment with Social Security. We will call you at the phone number you provided. This is confirmation of the date and time of your appointment.

Date of Appointment: Friday, March 08, 2024
Time of Appointment: 10:45 A.M.

If you need to cancel or reschedule your appointment, please call our national toll-free number 1-800-772-1213 (TTY 1-800-325-0778).

Social Security Administration

Please do not reply to this email, as we are unable to respond to messages sent to this address.

I was suspicious initially, so I logged into my ssa account and found the toll-free phone number there was the same as in the email. I dialed the phone off the website number and waded through some automated boilerplate. Then the option came up to talk to an agent, and I punched the appropriate number.

As I expected, a voice told me there was a long wait for an agent, and I could have the agent call me back at my number. The voice also told me the number to expect for the callback.

An hour later the phone rang and someone posing as an agent took some personal information from me in what I assumed was an ID check. As soon as I gave the info the "agent" hung up.

I thought I was being careful; I checked for an email origin and it looked legit. I've checked several ssa websites, and the 800-772-1213 number looks consistent as well as the TTY number. I'm still not sure how the scammer got through.

Be careful, folks.

 

[PaunchyPirate]

Did you not have an appointment scheduled? Is that why you called them back?

It seems that if you called them at a phone number from their website, then the agent you spoke with should be an employee of the SSA. Perhaps they just got disconnected?

 

[Fermion]

That would be a sophisticated scam. They either hacked a .gov site and put in their phone number, or the scammer actually got a job with the social security administration?

 

[Mr._Graybeard]

I'm still at a loss what happened. Of course I have all my credit accounts frozen and a Lifelock-type service watching my activity (a company where I w*rked got hacked for employee info last year). I did file a fraud report with the ssa. If I just got disconnected they never called back. And no, I hadn't scheduled a phone interview, which convinced me I should call to thwart any identity scam that might be going on. Ironic, eh?

 

[Winemaker]

I had a similar experience with pre-TSA over the weekend. They took in my info; charged us $149 for the background check, and then said there would be an additional nominal charge when we made our visit. The TSA employee told us we were scammed. Called the CC company, and the $149 charges each, were posted yet. So they got the CC number, so we cancelled that card and got new account. Pretty sneaky!

 

[braumeister]

WADR, as soon as I saw "Thank you for contacting the Social Security Administration. You scheduled a Phone appointment ..." when I had not done so, I would immediately have assumed it was a phishing attempt and deleted it.

 

[Fermion]

Still not understanding how you got scammed when calling a number that is listed on the OFFICIAL .gov site. That is the scary part.

 

[Mr._Graybeard]

WADR, as soon as I saw "Thank you for contacting the Social Security Administration. You scheduled a Phone appointment ..." when I had not done so, I would immediately have assumed it was a phishing attempt and deleted it.

The phone number is what threw me. It looked correct. Google it and you'll see what I mean.

 

[Dtail]

WADR, as soon as I saw "Thank you for contacting the Social Security Administration. You scheduled a Phone appointment ..." when I had not done so, I would immediately have assumed it was a phishing attempt and deleted it.

Same thought here.

 

[MichaelB]

One explanation is an agent working for the SSA is in league with the scammers, and notifies them when someone has called in and is waiting for a call back. If a real callback was scheduled the agent then cancels it.

I would report this to the police, FBI, FTC, and freeze my credit.

Mr._Graybeard‘s warning is timely and the sophistication is reason to be concerned.

 

[GenXguy]

I checked for an email origin and it looked legit.

Email addresses can be spoofed, so if that's what you're talking about, that doesn't mean anything. What about the email headers? Does it show ssa.gov in there?

I also notice that the person who took your personal info and hung up was NOT on the call that you made. That's when someone called you, which could have been a spoofed number, and they were anticipating that you were waiting for a real call-back from ssa at that time.

I would check the headers.

Example:

Received-SPF: Pass (protection.outlook.com: domain of ssa.gov designates 137.200.4.65 as permitted sender) receiver=protection.outlook.com; client-ip=137.200.4.65; helo=sscbulk18.ssa.gov; Received: from sscbulk18.ssa.gov (137.200.4.65) by HE1EUR04FT006.mail.protection.outlook.com (10.152.27.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1943.19 via Frontend Transport; Sat, 1 Jun 2019 08:37:56 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:GYUJTDFYHU1A76FB4432F4EF76876B72C567791AB;UpperCasedChecksum;FE4399AB59B080DFF29C361D4A17F733D532029555545FF289E4234AB2E33;SizeAsReceived:1308;Count:11 Received: from nsc-prd-mail-bulk-039.ssa.gov (unknown [10.24.29.41]) by sscbulk18.ssa.gov (Postfix) with ESMTP id 4GD7FlGTyz3

 

[GrayHare]

Might have been an untimely disconnect, or a rude clerk, but certainly suspicious. Email snooping is too common, so someone might have guessed you'd be waiting for an SSA callback.

 

[Sunset]

What a clever scam. Based on they know the Gov't agency has long wait times, and offers call backs.

Send out emails where a phone number is related (from previous hack lists, fake contests, etc) in the tens of thousands per day.
Wait 1/2 hour.
Start phoning all those numbers with emails associated using a spoofed phone number. Some will answer and since they expect the call will provide their information and or CC #.

 

[sengsational]

I think I see how this works. The scammer sends you an email which gets you to call the social security administration directly. But the scammer knows that you're not going to wait on hold all that time so you're expecting a call back from the social security administration. So when the scammer calls, you're expecting the SSA call so you treat it as if it was legitimate. And of course the scammer can spoof the caller ID from the ssa.

 

[tmm99]

I think I see how this works. The scammer sends you an email which gets you to call the social security administration directly. But the scammer knows that you're not going to wait on hold all that time so you're expecting a call back from the social security administration. So when the scammer calls, you're expecting the SSA call so you treat it as if it was legitimate. And of course the scammer can spoof the caller ID from the ssa.

Yeah, but how did the scammer get the timing of the callback? Only way I can think of is that they know when you're talking to SS admin office, which would be a hard thing to do.

I guess we should never opt to get a callback, from anywhere. Just hang on tight and listen to lame music for 40+ minutes.

 

[jollystomper]

Yeah, but how did the scammer get the timing of the callback? Only way I can think of is that they know when you're talking to SS admin office, which would be a hard thing to do.

Maybe they just guess. They have your email and phone number, they send the email, and wait some period before calling you, in the hopes that maybe you called SS. It may be hit or miss, but they only have to guess right a few times...

 

[statsman]

Speaking as someone who has been waiting for SS to contact me letting me know my January 9th application for SS and Medicare has been approved, this is rather unnerving.

This thread did get me, once again, to log into SS and check the status of my application(s). Still in review mode. But I will keep in mind going forward what the OP experienced.

 

[TheWizard]

I immediately delete all emails from what appears to be SSA.gov or similar.
They are all scams, spoofed if you will...

 

[dmpi]

Check your mail server's sent mail. Some email systems can be setup to send a delivery/read receipt. That way when you read the spam they get notified back and know when to place the call.

 

[Palmtree]

What a clever scam. Based on they know the Gov't agency has long wait times, and offers call backs.

Send out emails where a phone number is related (from previous hack lists, fake contests, etc) in the tens of thousands per day.
Wait 1/2 hour.
Start phoning all those numbers with emails associated using a spoofed phone number. Some will answer and since they expect the call will provide their information and or CC #.

This.

 

[audreyh1]

According to SSA.gov: If you suspect you’ve been contacted by an SSA scammer call the Social
Security Fraud Hotline at 1-800-269-0271.

From SSA about reporting fraud - https://www.ssa.gov/fraud/#:~:text=Do you suspect someone of,at oig.ssa.gov.

 

[isisdave]

This (the timed callback) was my guess.

Another possibility is that someone called SSA and requested a callback, and entered your number by mistake, possibly mistyping a digit.

Then you called and requested a callback too; when you received it, I don't know why they disconnected -- but if Joe Doaks had called with your phone number, and now Mr Greybeard is calling with it, maybe they just disconnect and forward the problem to someone to investigate.

 

[SecondAttempt]

Scammers are getting very sophisticated. I was perplexed by this at first then figured out that the callback was a spoofed number. Had you NOT called SSA you probably would still have gotten a callback and they would have shifted to a different script where they needed your information to investigate the potential fraud.

I do scambaiting for fun and often interact with scammers to waste their time. Mostly I do this from anonymous accounts I have. (Actually not anonymous, I have a complete fictional person setup complete with phone numbers, email addresses, an attorney who occasionally needs to get involved and has a cool website...anyway, you get the idea.

I ran into one a couple of years ago when I got a call on my cell phone connected to me. It might have been less of a scam and more of n attempt to sell me a car warranty. I gave them a bunch of false information regarding the cars I owned and their ages then decline to buy anything.

Then starting about a month later I started getting additional calls and text messages trying to sell me things or asking questions about my "blue 2014 Toyota" that I made up . One call claimed to be from my insurance company (they did not say which one, just said they were with "policy administration for your auto insurance" and wanted to know the mileage on my blue toyota. They even gave me the first several letters/numbers of the VIN as well as one of the last few. These of course they could look up from the year, make, model, and color. The point is, they are getting pretty sophisticated.

 

[SecondAttempt]

You can report this kind of thing to ic3.gov or ftc.gov/compliant

 

[Jerry1]

Then why didn’t the SS call back eventually? I get how the scam would/could work, but since the request for a call back presumably went to a legitimate SS system, wouldn’t they call back eventually?