I got phished

WADR, as soon as I saw "Thank you for contacting the Social Security Administration. You scheduled a Phone appointment ..." when I had not done so, I would immediately have assumed it was a phishing attempt and deleted it.

+1 To me, this is no different from all the fake invoices I get from Norton, PayPal, Geek Squad every day. They are all spoofed to read like this: <PayPal> admin.gdkfljgdlkfjg@dfigudoifg.com but only "<PayPal> admin." is visible unless I hit "Reply" just so I can view the entire BS email address along with the fake invoice. Then I delete the email.
 
OK, since @scrabbler1 brought up e-mail, let's review:

Most e-mail messages today are sent in HTML format, instead of the old-school text-only messages. This way the sender can include different colors, backgrounds, fonts and images. If you're the sender, this makes sense. You want your message to be eye-catching.

But as a recipient, there's very little value in all the graphics, and a huge down side. Each image, and sometimes other elements like fonts, can be sent as a link to a file on the sender's (or some tracking company's) server. When you open the e-mail, your e-mail client acts like a web browser. Or, if you're using web-based e-mail, it is your browser.

So the client/browser sends a GET request to the server, asking for those graphics files needed to "pretty up" the message. That request almost certainly contains a tracking number assigned specifically to your address when the message was sent. The GET request also has header information including your IP address, what client you're using and other information.

Again, this is fantastic for the sender. They can tell exactly which of their messages were opened, when, by whom, from where and using what client software. It also confirms that the recipient is an active e-mail account which is being opened and, presumably, is a good target for further spam.

Two things you can do to avoid this:

First and foremost, turn off the "preview pane" in your e-mail client if you have one! This is the one which opens the e-mail in a separate pane the moment you click on it. You want the option to delete the message without opening it!

Second, consider setting your e-mail client to "text only" or "don't download images" or whatever similar setting your client has. You want to be able to check whether or not the e-mail is legitimate before broadcasting to the sender that you've opened it, and sharing more data with them. There should be a button to allow you to download the images and such once you've decided it's legit.
 
Then why didn’t the SS call back eventually? I get how the scam would/could work, but since the request for a call back presumably went to a legitimate SS system, wouldn’t they call back eventually?
Yes, good question indeed. Maybe it was a legit call that just was disconnected. We all know "you can't get good help these days" :LOL:
 
I got an email from ssa.gov yesterday saying I had an appointment for a phone interview.

1. Do you think there might be any reason the ssa admin would contact you?

2. Can you share the email header info which might help confirm if this was indeed a scam?

3. Perhaps call back the ssa (outside of busy times) using the phone number on their website to see if they have any call docs/notes that they called you?
 
We're not in Kansas anymore.

We overestimate our ability to recognize scams. However, criminals and scammers are always evolving new techniques to break down human targets.
 
I'm glad I'm reading this thread. From now on, I'm just going to wait regardless of how long it takes rather than requesting a call-back.
 
I immediately delete all emails from what appears to be SSA.gov or similar.
They are all scams, spoofed if you will...

Nope. You will get a stream of emails from ssa.gov when you become eligible for medicare, new statements are available (they won't mail those any more), changes to your online account, etc. I have 65 of them in my email folder. The first "get ready for medicare" email was sent 1 year prior to the medicare start date.
 
Nope. You will get a stream of emails from ssa.gov when you become eligible for medicare, new statements are available (they won't mail those any more), changes to your online account, etc. I have 65 of them in my email folder. The first "get ready for medicare" email was sent 1 year prior to the medicare start date.
I used to get yearly reminders from ssa to review my social security, maybe I'm still getting them. I just delete them. I've also gotten occasional emails from ssa.gov about protecting myself over the years. These emails are legitimate. Some of them can be unsubscribed from.
 
Someone hacked my email account after a Windows 11 update where I was somewhat forced to provide my MS email upon OS installation (I later found out you can bypass the email creds).

They copied the email server by adding hacker alias. Got my main fed credit union one time login link and comprimised that account. Lost my fb and instagram accounts for good (Meta is unresponsive), recovered a roblox and epic game account.

They went after any account that had ways to send some sort of cash value asset. PayPal, USPS, UPS, Ebay, and a few odd ball other ones.

I contacted the CA Atty General, and they said they cannot help me recover my META related accounts (FB and Insta). So I started a new FB.

The reason FB was disabled, again 1 time login link accessed while I was sleeping, and then they updated the password, replaced my linked insta with a hacker insta and then started spamming my networks (FB and isnta).

I will likely lose my business FB page to the account lock. Unless someone cares enough over at FB to unlock me.

Initially I resisted signing back on, but I make a decent revenue off of advertising to fb group for my service I provide, as well as selling on fb marketplace. Which I cant do because I need to re-establish myself and tenure as a fb seller.

So quite a bit of hassle, did cost me some opportunity right now, but all in all they tried to billpay an actor in Chicago which I caught, stop payment and new accounts.

Word of caution, you can never be too secure. 2FA/MFA. Fingerprints, Biometrics, complex passwords, VPN, virus/malware scans etc etc.
 
It might help to actually find and punish the scammers as well.
 
It might help to actually find and punish the scammers as well.

Yeah. You better believe I feel as judge jury and executioner that these should be offenses worth holding people accountable for. Fines. Jail. Probably would end up with Porky here but I guess if I think about it scamming has probably been going on since the dark ages.
 
On the bright side, at least we don't have to carry all our worldly goods down a road and get bonked over the head by "highway men" only to wake up (if we're lucky) to have no possessions. Yeah, there are still "bad guys" in the world, even violent ones, but they're thankfully rare in my neck of the woods
 
Email addresses can be spoofed, so if that's what you're talking about, that doesn't mean anything. What about the email headers? Does it show ssa.gov in there?

I also notice that the person who took your personal info and hung up was NOT on the call that you made. That's when someone called you, which could have been a spoofed number, and they were anticipating that you were waiting for a real call-back from ssa at that time.

I would check the headers.

Example:
Received-SPF: Pass (protection.outlook.com: domain of ssa.gov designates 137.200.4.65 as permitted sender) receiver=protection.outlook.com; client-ip=137.200.4.65; helo=sscbulk18.ssa.gov; Received: from sscbulk18.ssa.gov (137.200.4.65) by HE1EUR04FT006.mail.protection.outlook.com (10.152.27.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1943.19 via Frontend Transport; Sat, 1 Jun 2019 08:37:56 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:GYUJTDFYHU1A76FB4432F4EF76876B72C 567791AB;UpperCasedChecksum;FE4399AB59B080DFF29C36 1D4A17F733D532029555545FF289E4234AB2E33;SizeAsRece ived:1308;Count:11 Received: from nsc-prd-mail-bulk-039.ssa.gov (unknown [10.24.29.41]) by sscbulk18.ssa.gov (Postfix) with ESMTP id 4GD7FlGTyz3
@Mr._Graybeard

Did you check into those headers?
 
The approval should show on your mySS account. My husband applied iJanuary 1st for an April start and it shows it’s approved in his account. But won’t get a letter until the middle of April it says.
 
I immediately delete all emails from what appears to be SSA.gov or similar.
They are all scams, spoofed if you will...

SSA does send out an email around your birthday, telling you that your annual statement is ready. (former SSA employee here)
 
SSA does send out an email around your birthday, telling you that your annual statement is ready. (former SSA employee here)
Those are the ones I posted the headers from earlier, but I actually get them nearly a full 3 months before my birthday.

800-772-1213 is correct. Former SSA employee here.

Side note, 772 = SSA on the phone key pad
Of course, that was discussed already, but he hasn't reported on the email headers, yet, and it could have been scammed easily because he received the call where they took all his personal info, and calling numbers can be spoofed. Details were given on how the scam could have been done.... if it was indeed a scam. The OP @Mr._Graybeard has vanished.
 
Last edited:
This is silly. How did you know that it was actually the SSA calling you back? Because of number that showed on the caller ID? Doesn't everybody know by now that scammers and spammers can fake up whatever caller ID they want?
 
This is silly. How did you know that it was actually the SSA calling you back? Because of number that showed on the caller ID? Doesn't everybody know by now that scammers and spammers can fake up whatever caller ID they want?
Read the thread to get the details of the scam. He actually called the official SS number and was told he would receive a call-back. He hasn't confirmed whether it was a scam or just lost connection.
 
So, did you get a second call from the real SSA? If the first call was a scammer, there should have been a second call from the SSA.
 
Phone Claim Appointment
Thank you for contacting the Social Security Administration. You scheduled a Phone appointment with Social Security. We will call you at the phone number you provided. This is confirmation of the date and time of your appointment.

Date of Appointment: Friday, March 08, 2024
Time of Appointment: 10:45 A.M.

If you need to cancel or reschedule your appointment, please call our national toll-free number 1-800-772-1213 (TTY 1-800-325-0778).

Social Security Administration

Please do not reply to this email, as we are unable to respond to messages sent to this address. .


Couple of tells in the 2nd sentence of the message itself. The common noun "phone" is capitalized and the wording of the sentence is unprofessional sounding.
 
Back
Top Bottom