Telecommunications scam targeting United States citizens
An SSA impersonation scam, or SSA scam, is a class of telecommunications scam targeting citizens of the United States by impersonating Social Security Administration employees. SSA scams are typically initiated through pre-recorded messages, or robocalls, that use social engineering to make victims panic and ensure they follow instructions given to them. In 2018, over 35,000 instances of SSA scam robocalls were reported to the Better Business Bureau with over $10 million lost by victims.[1] Approximately 47% of Americans were subject to an SSA scam robocall during a three-month period between mid- to late 2020, and 21% of seniors were subject to at least three robocalls during the same time period.[2][3]
The majority of SSA scams begin by sending out robocalls in large quantities to potential victims, though some use email and text messaging.[4]Social engineering in used to panic recipients so a greater number will respond to the scammer.[5] The calls purport to originate from the Social Security Administration and claim that the victim's Social Security number (SSN) has been or will shortly be suspended for reasons including money laundering, drug dealing and fraud linked to the SSN.[6] Some variations threaten monetary or legal consequences for failing to comply with the call's instructions, such as freezing or seizure of money from bank accounts, the cancellation of state benefits, and arrest.[3] The call subsequently demands the recipient call a "helpline" to prevent these actions. Caller ID spoofing is often employed, which makes the call appear to come from legitimate SSA phone numbers thus boosting its credibility.[7][8][9][10]
Once a potential victim calls the "helpline", scammers attempt to persuade them of the legitimacy of the call with help from a pre–written script.[11] The scammers sometimes identify themselves using the real names and badge numbers of SSA employees, and spoof their phone numbers so the victim believes they are talking to a legitimate official.[4][12] It has been suggested that scammers take advantage of data breaches in order to persuade the victim that they are speaking to government employees by relaying information gained from data breaches back to the victim.[13] During this phase scammers also aim to gain as much personal information as possible, including the victim's name name, a partial or full SSN, and their date of birth, under the guise of "verifying the caller's identity."[14] Victims may also be added to a sucker list if the scam is successful so they can be targeted with other scams.[15] The scammer will eventually ask the victim to pay to correct issues and prevent the consequences threatened in the original robocall.[16]
SSA scammers request payment from victims through untraceable routes, such as through gift cards, pre-paid debit cards, wire transfers, cryptocurrency, and sending packages of cash through a postal service.[17][18][19] The payment will undergo money laundering before it is claimed by the scammers. In response to the increased usage of gift cards as a means of payment to scammers, multiple companies have posted advisories warning about the cards' potential fraudulent uses,[20] however victims who have been successfully convinced by scammers often overlook warning signs and proceed to purchase them regardless.[21]
Since 2017, there has been a rapid increase in the number of SSA impersonation scam robocalls reported to the Federal Trade Commission. In 2017, 3,200 incidents of SSA scam robocalls were reported to the FTC. In comparison, in 2018 over 35,000 instances were reported.[1] In the first three months of 2019, over 65,000 instances of attempted SSA scams were reported.[22]
According to the FTC, over $10 million was lost to SSA scammers in 2018 with an average loss of $1,500 per victim.[24] A citizen in Ohio reportedly lost over $4,000 after falling for an SSA impersonation scam.[25] A retired professor in San Francisco fell victim to the scam and sent $4,000 in gift cards to the scammers, before posting a package consisting of $20,000 via delivery courier FedEx to a money mule working for the same group of scammers. The package, along with another sent by a victim living in Boston, has since been seized by authorities in Fairfax County, Virginia, and returned to their owners.[26] In 2019, $153 million was lost to scams impersonating government agencies, and according to the Federal Trade Commission, $37 million of that was attributed to Social Security scams.[27]