Exercise caution if you receive an email regarding your Social Security statement. A recent report from Malwarebytes Labs indicates that cybercriminals are masquerading as the Social Security Administration (SSA) to deceive individuals into downloading remote access software, compromising their devices entirely.

The SSA has frequently been targeted by phishing scams. Just last month, the Office of the Inspector General issued a warning about fraudulent emails that falsely claimed to include Social Security statements, leading recipients to fake websites.

Understanding the Phishing Scheme

The latest attack is attributed to a phishing group known as Molatori. It begins with an email that looks like it is from the SSA, stating, “Your Social Security Statement is now available,” with an invitation to download an attached file. However, this file is actually the ScreenConnect client, which enables attackers to gain remote access to the victim’s device.

ScreenConnect is a legitimate remote support tool used by IT professionals to assist users by granting access to their systems. Once the hackers obtain control of the victim’s computer through ScreenConnect, they can engage in various malicious activities, including installing other malware, stealing files, and accessing private information such as banking details, all without the user’s awareness.

This phishing effort primarily aims at financial fraud, but as with many data breaches, acquired information can also be exploited for identity theft or sold to other criminal entities.

According to Malwarebytes Labs, the difficulty in spotting this threat is partly due to the phishing emails being sent from compromised WordPress sites that use legitimate domains. Additionally, the email content may be presented as an image instead of plain text, hindering detection by security filters.

Steps for Protection

The usual precautions against phishing schemes are vital here. Refrain from clicking on any links or downloading attachments from unexpected emails, particularly those that come unsolicited. For official documents, visit the organization’s website directly to confirm any communications.

Phishing attempts from hacked, yet legitimate domains can be especially tricky to identify, so maintain extra vigilance concerning any requests to download files, click on links, or complete forms via email.

If there is uncertainty about the authenticity of an email or message, Malwarebytes recommends copying some text from the communication into a search engine to see if it corresponds with known phishing efforts.