It’s tax season, and for many Americans, that means receiving alerts from the Social Security Administration and Internal Revenue Service about deadlines, benefits and new credits.
Unfortunately, this is also peak hunting season for cybercriminals targeting retirees and vulnerable beneficiaries.
“Fraudsters continue to bombard the public with spoofed phone calls, text messages, emails, social media messages and even physical mail, all with the goal of stealing money or personal information,” a recent report from the Office of Inspector General stated.
With this in mind, one of the safest things you can do is to immediately delete any form of digital communication you may receive from the Social Security Administration (SSA) before taking further steps to secure your account.
That’s why this two-step process keeps your valuable information and finances safe.
Online fraud is a rapidly escalating problem.
According to the Federal Trade Commission, U.S. consumers lost a total of $12.5 billion to fraud in 2024, a 25% increase from the previous year (2). While this total involves general fraud, a large portion of the damage is done online.
“For the second year in a row, email is the most common method used by consumers to report contact from scammers,” the FTC said. “In 2024, phone calls were the second most common method of contact for scams, followed by text messages.”
While investment fraud was found to be the most common and financially damaging category, imposter fraud was a close second with reported losses of $2.95 billion. In 2024, criminals impersonating reputable government agencies caused $789 million in losses to victims nationwide.
Most imposter scams follow a similar pattern: A notification pops up on your laptop or phone stating that your benefits have been “suspended,” your account has been flagged for “unusual activity,” your tax information is “incomplete” or your identity must be “verified.” The alert may even include images or personal details as evidence, creating a sense of trust in the victim.
There is also usually a prompt to create some sense of urgency; the message may threaten you with fines, penalties, or account suspension if you don’t respond within a certain deadline. This tactic is used to create panic and make the victim take action before they have time to think.
Fortunately, there is a simple two-step process that can mitigate this risk.
Read more: The average American net worth is a surprising $620,654. But that makes almost no sense. Here are the numbers that matter (and how to make them soar)
The safest thing to do is to delete any unsolicited text messages, emails, or pop-ups you may have received from government agencies on your computer. This limits the risk of you accidentally clicking on a malware link or alerting a potential scammer that your phone number or email address is active.
However, this step has a drawback, as it may result in you inadvertently deleting legitimate messages from government agencies. That’s why the second step in the process—independent verification—is so important.
For example, if you receive a text message or email from the SSA indicating that your account information is not current, delete the message, go to SSA.gov and log in to your My Social Security account to independently verify and update your information.
This two-step delete-then-verify process significantly reduces the risk of becoming a victim of cybercrime, while also allowing you to investigate and verify any legitimate alerts from government agencies.
Phone calls are a little trickier because you can’t delete them like you can an email or text message, and in today’s elaborate scams, it’s hard to tell whether the caller is a legitimate government agency representative or a seasoned scammer.
The SSA confirms on its website(3) that “Social Security employees do contact the public by phone for business purposes,” which means hanging up the phone right away may not be the best idea.
A better approach is to extract information from the caller without providing any information of your own. Ask the caller why they are calling, what department they work for, and if they have any identification. Make sure you don’t reveal any personal information during this conversation, such as your Social Security number, date of birth, location, or employment history.
Once you know the reason for the call, hang up and call the agency from a verified phone number to confirm that the call you received is legitimate. This protocol isn’t foolproof, but it’s probably safer than simply discussing personal details with your first contact.
Scammers thrive on urgency and confusion, and tax season is a unique time of year that naturally delivers both. By default, any unexpected messages claiming to be from Social Security should be considered hostile. Delete it and check through official channels to see if there is a problem.
In an age of AI-fueled fraud and mass phishing, caution is no longer optional; it’s an essential form of financial self-defense.
Join more than 250,000 readers and get first access to Moneywise’s best stories and exclusive interviews – curated and delivered with clear insights every week. Subscribe now.
We rely only on vetted sources and reliable third-party reports. For more information, see our Editorial Ethics and Guidelines.
Office of the Inspector General (1); Federal Trade Commission (2); Social Security Administration (3).
This article provides information only and should not be considered advice. It is provided without any warranty of any kind.