A report by the Consumer Sentinel Network found that 3.2 million identity theft and fraud reports were made in 2019, resulting in a collective loss of $1.9 billion. When it comes to identity theft, stolen Social Security numbers (SSN) take up a big share of the pie.
A Social Security number is a nine-digit code that the Social Security Administration (SSA) uses to identify and record your earnings and benefits. It also plays a part in many of the most important aspects of our lives, such as our employment, taxes, medical services, and bank accounts. While the SSA is responsible for assigning this number, it’s up to individuals to keep it safe from being compromised since they’re the ones who give it out and hold their SSN cards.
This can be difficult, especially as cybercrimes become more sophisticated, and as social engineering becomes harder to detect. That’s why, in this guide, we’re going to walk you through some of the most common ways that you can become a victim of Social Security identity theft.
How Can Your SSN Get Stolen or Compromised?
While the SSA keeps your Social Security record confidential, refusing to release it to anyone but you, there are plenty of other routes bad actors can take to get their hands on it. Here are some of the most common methods:
- Stolen Documentation: Social Security identity theft can begin with a thief rummaging through trash for important documentation. If these thieves access bank and credit card statements, pre-approved credit offers, new checks, or tax information, they may be able to find your SSN.
- Fake Websites: Beyond stealing sensitive documents to locate your Social Security number, cybercriminals are creating phishing websites (convincingly modeled after popular businesses) to steal personal information, like Social Security numbers. According to Statista, 165,772 unique phishing sites were launched and detected in the first quarter of 2020 worldwide. These websites can send fraudulent emails asking you to verify your PayPal account. The link included in the email may bring you to a fake login page. Once you enter your credentials, it may ask for your SSN to verify your identity. Once the cybercriminals have this information, they can access many of your financial accounts and even open up new ones in your name.
- Social Security Scam Calls: Identity thieves may also use Social Security scam calls to access your information. The criminals can get your number from people-search sites, posing as a representative of a business you’re associated with. In its State of the Phish report, Proofpoint found that 83% of their 3500 participants faced fake phone calls, also known as “voice phishing.” To make Social Security scam calls, thieves may find information about you like your name, number, relationships, and more. Then, they’ll call you pretending they are from Social Security and present this information to convince you that they’re real. Once they have your trust, they may ask for your SSN to prove your identity.
- Inside Sources: Less likely but still troubling, identity thieves have even been known to pay store employees for sensitive information found on applications for goods, services, or credit.
- People-search Sites: Some public records contain highly sensitive information, such as SSNs. When these public records are published by people-search sites, your SSN becomes available to everyone who cares to pay for your background report. At OneRep, we help people restore their privacy and remove highly sensitive details from (and keep them off of) hundreds of people-search sites automatically.
What Can Someone Do When Your SSN Has Been Stolen?
There’s a reason your Social Security number is so private: when it comes to completing many important activities like opening a bank account, your SSN is treated as proof of your identity. If you’re a victim of Social Security scams, then there’s really no limit on the amount of financial fraud a thief can commit – and you’ll be the one dealing with the consequences.
Here are a few things identity thieves can do by committing Social Security scams:
- Leverage it for More Information: As the Social Security Administration mentions in their brochure on identity theft, once an identity thief commits SSN fraud, they can easily use it to access more personal information about you. This will give them all of the information they need to progress to more serious crimes, such as opening up credit cards, accessing your financial accounts, and otherwise using your identity for their own purposes.
- Commit Financial Crimes: This is one of the most feared types of identity theft. Experts predict that checking and savings account takeovers will increase. When an identity thief commits SSN fraud, they compromise your SSN to gain access to existing financial accounts or to open up new ones without your knowledge. This can also extend to governmental actions, such as requesting tax refunds in your name, stealing the money that’s supposed to go to you.
- Commit Medical Fraud: Thieves can commit Social Security identity theft to avoid paying high medical costs. This type of SSN fraud has a lot of unexpected damages. For instance, beyond negatively affecting your health insurance or healthcare coverage, it could put you in danger since incorrect medical files and conditions would be associated with you. The key things to look for to spot medical identity theft are bills or payment requests for medical services that you have no knowledge of, suspicious collection notices on your credit report, or notices from your healthcare provider concerning services you didn’t request.
- Use You as a Scapegoat: While this is less likely to occur than other more common types of identity theft, a stolen Social Security number can also be used by identity thieves to avoid criminal records being attributed to them. This could be as simple as avoiding parking tickets and putting them in your name or as severe as perpetrating a serious crime leading to your arrest. The economic, professional, and social fallout of such a theft could have life-altering consequences. As reports of Social Security scams and identity theft continue to rise, this is becoming a bigger concern.
- Sell your SSN to Others: Once the identity thief is done using your Social Security number, they can sell it on the Deep Web for a profit. At that point, there’s no limit to how many people may compromise and exploit your SSN for their own gain.
What to Do When Your SSN has Been Stolen?
If you’ve recently noticed suspicious activity suggesting that you’re a victim of SSN fraud, then you should take action immediately. Beyond exploiting your personal information for financial gain, the thieves could also use it to block you out of important accounts so they can continue their illegal activities.
- Keep an Eye Out for Suspicious Activity: First of all, keep an eye on your bank accounts. If you find suspicious transactions, flag and report them to your bank. The Office of Inspector General (OIG) recommends checking your Social Security earnings statement to ensure the accuracy of your reported wages. They also suggest that you block electronic access to your Social Security accounts.
- Freeze Your Credit, and Add a Credit Alert: If you know that your Social Security number has been stolen, you should take immediate action by freezing your credit and placing an alert on your credit. This will not stop bad actors from finding other ways to misuse your SSN, but it will alert government agencies and the three major credit agencies. To freeze your credit, contact the following credit agencies:
Equifax: call 1-888-766-0008. Also, see the fraud alert and credit freeze page.
Experian: call 1-888-397-3742. Also, see the fraud alert and credit freeze page.
TransUnion: call 1-800-680-7289. Also, see the fraud-alert and credit freeze page.
- Report Social Security Identity Theft to the OIG: If your Social Security number has been stolen or you suspect that someone is committing fraud, you can contact the OIG’s social security fraud hotline at 1-800-269-0271. You can also submit a report digitally on this website.
- File a Social Security Scam Report with the Local Police and IC3: Having a police report on record will make it easier for you to clear your name in the aftermath of SSN fraud. It can also help your case if you’re going to apply for a new number. You should also report the SSN fraud to the IC3 (the FBI’s Internet Crime Complaint Center). This report will be distributed to relevant federal, state, and local authorities.
- Consider Getting a New SSN: People facing SSN scams often wonder: can you get a new social security number after identity theft? While this is possible, to be perfectly clear, getting a new Social Security number will not be a fix-all for SSN fraud. It will take time, and most agencies will still have your old SSN on file, so thieves may still be able to access your information for some time.
How to Protect Your SSN from Identity Theft
Preventing identity theft is always better than picking up the pieces after you’ve been targeted. While you can’t always know if your SSN has been compromised until malicious activity occurs, you can take steps to keep your SSN safe before it gets into the wrong hands. In this section, we’re going to look at a few of the most important steps you can take to prevent SSN scams.
- Get Your Information Off People-Search Sites
One of the easiest ways for identity thieves to access your Social Security number is by searching for you on people-search sites. While there’s no guarantee that they’ll be able to find your SSN, there is plenty of other highly sensitive information that people-search engines expose. Cybercriminals can access this information by getting your background report from these websites. This information can be used to access other accounts or to create a convincing scam to obtain your SSN.
When these public records are published by people-search sites, you become vulnerable to cybercriminals from across the world. To avoid SSN fraud, It’s important to minimize how exposed this personal information is. This requires removing your unauthorized profile from people-search sites. This “opt-out” process can be completed manually, which involves requesting opt out of every site that shares your profile, or automatically with OneRep’s privacy protection tool.
- Think Twice Before Revealing Your SSN
There are very few circumstances that require revealing your full SSN. No government agency will call you and ask for it, and no business will ask for it via email or in a credential entry page accessed through an email or message link. If a business or organization doesn’t need to file anything in your name to the IRS (such as your bank or websites for welfare, worker’s compensation, and similar programs), it’s very unlikely that they need your SSN.
If you have any suspicions, understand that you have the right to ask why your SSN is needed, who it will be shared with, and what other options are at your disposal to prove your identity. That said, you should only consider giving your SSN out to reputable entities, and you should ensure that you are typing your information into a valid website. Key things to look for here are padlock icons in the URL bar and official “.gov” or “.org” designation.
- Beware New Threats
The cybersecurity landscape is always changing. One new threat that OIG brings up is a new phishing scheme that’s currently circulating. This phishing email encourages you to create a mySocialSecurity account, and then captures the login credentials and personal information that you provide to steal your identity. Some of these emails also include attachments with malicious programs in them. No matter what, do not respond to these emails (even with an angry reply), and do not interact with any of the elements within the email contents.
How can you spot if an emailer is pretending to be the SSA or another government entity?
- Check the email address. It should include “.gov” and point to a real .gov website. Although, recognize that savvy scammers can create URLs such as “https://www.socialsecurity.gov.gmx.de/” to trick you into thinking it’s a government website. An official site would have a forward slash after .gov, such as “ https://www.ssa.gov/myaccount/”.
- The website these emails point to or link to within their contents should be official URLs with “https.” Look for a padlock icon in the URL, and scroll around the site to ensure that it looks official.
- You should also see official pictures and design elements in the contents of the email and on the website that they point to. Although, keep in mind that these too can be falsified.
- Finally, even knowing these pointers, through social engineering, a scammer could coerce you to give up information even if you feel uncomfortable about it. No representative of any official entity will press you for your sensitive information or try to “talk you into” it.
FAQ About Identity Theft
Does the Social Security office call you?
No. Even if the person speaking to you seems convincing, understand that the Social Security Administration will never call and ask for your SSN. If you receive such a call, it is malicious activity. Do not give them any information, and block their number.
Can you get a new Social Security number after identity theft?
Yes. If you’ve done everything in your power to fix the misuse of your SSN and problems still persist, the Social Security Administration may assign you a new SSN. However, you are not eligible for a new SSN if there’s no evidence that your SSN is being misused by someone else, to avoid consequences of filing for bankruptcy, or to otherwise avoid legal responsibilities. Because most government agencies will still have the old number on file, a new SSN will not solve all of your problems.
How can you report Social Security fraud?
If you suspect that someone is committing Social Security fraud or any other illegal activities concerning Social Security, you can contact the Office of Inspector General’s Social Security fraud hotline. This number is 1-800-269-0271. You can also submit a Social Security fraud report digitally on this website.
How do you put an alert on your Social Security number?
If your Social Security number has been stolen, you can place an alert on your credit file. This will not guarantee that further misuse of your SSN will occur, but it will alert government agencies and the three major credit agencies. You can also freeze your credit for free, but you will need to contact Equifax, TransUnion, and Experian to do so.
How do you prevent Social Security number identity theft?
Understand the many ways that this information can be stolen from you, and take steps toward preventing it. No government agency will ever ask for your Social Security number over the phone, and no credible website will ask for your Social Security number under suspicious conditions. Always play it safe. There is never a reason to give it out freely without first getting an explanation and validating its necessity with another credible source.
There is no shortage of SSN scams that identity thieves use to commit fraud, and they seem to be getting more and more sophisticated. That’s why it’s so important to understand why irresponsibly handing out your SSN is dangerous — and that just being careful isn’t always enough. Sensitive information on the internet could still lead to your SSN being stolen. Could you take more steps to secure your SSN? The OneRep team is positive you can. The time to safeguard your information is now.
OneRep privacy specialist