Last week, the Federal Trade Commission released an official statement regarding reports of a new phone scam telling targets their Social Security number has been “suspended.”

The caller, impersonating a government official, attempts to trick call recipients into giving up personal information, saying due to some kind of fraud their SSN will need to be reactivated.

In order to reactivate, the caller will press their victim into the classic account “verification” process with which we’ve become so familiar: asking for a ton of sensitive personal details the scammer can use later to steal their victim’s identity.

The key to avoiding this scam is understanding there’s no such thing as Social Security number suspension.  Neither the Social Security Administration, the Internal Revenue Service, nor any other federal entity with which a scammer might claim to be associated will EVER suspend a Social Security number.  That’s just not how SSNs work.

No matter what a caller might say to you to intimidate you, if you hear that your SSN is suspended, the scam should be dead in the water. 

This one is absolute baloney.

As with any sketchy phone call asking you for personal information like your name, address, bank information, Social Security information, or the names of those close to you, hang up the phone immediately.

Don’t attempt to speak to, argue with, or insult the caller (not only are you giving them more opportunity to manipulate you, but also some phone scammers are known to record your voice so they can use it to authorize charges and changes to your accounts). Just hang up.

In 2010, small town Kentucky lawyer Eric Conn was the third-highest-earning disability lawyer in the United States, winning $3.9 million for his clients in their disability claims against the Social Security Administration.

By all appearances, Conn was a virtuoso. He boasted a 99% success rate in getting his clients their disability payments–collecting as much as $6,000 for himself per win. In his advertisements, Conn used the moniker “Mr. Social Security.”

But those were just appearances. While it’s true Conn successfully argued most of his cases, it had nothing to do with skill.

Well, not litigation skills, anyway.

Unbeknownst to his clients, the Social Security Administration, and just about everyone who knew his reputation, Conn was committing the single largest Social Security fraud in history.

His high win rate was purchased from a corrupt Social Security judge willing to approve anything Conn put across his desk in exchange for over a half million dollars in bribes.

For the next seven years, law enforcement built their case against Conn and his accomplice, Judge David Daughtery. While Daughtery plead guilty to multiple felonies regarding his role in the fraud, Conn fled the country to escape imprisonment.

Meanwhile, as many as 1,700 innocent people suddenly lost their Social Security disability payments, which they came to know in time were obtained illegally.

CNBC reports on the mind-boggling scheme, its impact on Conn’s victims, and how those seeking assistance with their own Social Security cases can guard themselves against unscrupulous third party claim representatives.

How a small town lawyer pulled off the biggest Social Security scam in U.S. history and why it could happen again from CNBC.

 

Pro-tip to all would-be criminals out there: the best way to avoid being caught for financial fraud is not assisting in your own investigation.

Charlotte Social Security representative Oliver Montgomery’s job was to help Social Security beneficiaries receive their benefit payments.

Instead, he helped himself to their “missing” money.

Over the course of one year, federal investigators estimate Montgomery stole as much as $37,000 of Social Security money from his clients— all while on the Social Security Administration clock and the taxpayer dime.

Social Security fraud is a lucrative business, but we tend to focus on false claims, identity theft, and family members or caretakers fraudulently collecting the benefits of a sick or deceased family member. We rarely consider Social Security fraud is a crime that can be committed from within just as easily as on the outside.

No one can say how long Montgomery could have abused his position and maintained this theft, but luckily for us, one incredibly stupid decision cut his 12-month side job short.

In an argument over a debt owed to his ex-girlfriend, Montgomery apparently decided it would be a good idea to rub his wealth in her face while refusing to pay the debt.

After she threatened to collect the money in court, he took a picture of himself at his Social Security office desk with a large amount of cash and the text message, “show them that stack on my desk.”

Well. She did.

Montgomery’s ex-girlfriend contacted federal officials and reported the text. Investigators then concluded Montgomery had been changing his clients’ bank information and redirecting back Social Security payments into his own account.

In another case, he’d altered the release details of a prison inmate to make him eligible for back payments that Montgomery would then redirect to himself.

…And he might have gotten away with it if it wasn’t for that pesky selfie…

You know what they say about karma.

In a report Thursday from the Napa Valley Register, Napa County District Attorney Allison Haley confirms multiple Napa County residents reported receiving letters from the Social Security Administration confirming a Social Security benefit claim has been made under their Social Security number.

The problem is none of these residents filed any claims for their benefits yet.

According to Haley, the letters coming from the Administration are unfortunately legitimate–meaning someone somewhere has obtained the personal information necessary to file a claim in these individuals’ names in an attempt to rob them of their benefit payments:

“If you received a letter in the mail from the Social Security Administration (SSA) stating that you filed a claim for Social Security benefits, and you have not filed a claim for benefits, then someone is using your personal identifying information to file a fraudulent claim.”

How this information was obtained isn’t made clear in the report, but as we’ve written numerous times, the ways a would-be Social Security thief could get this information from a victim are practically endless. And sometimes incredibly easy.

Haley warns Napa, California residents to be on the look-out if they receive any communication from the SSA regarding benefit filing if they haven’t yet filed. It may mean their identities have been stolen or sold, as well.

The DA recommends if you see something like this in your mailbox, contact the police, file an identity theft report, and report the suspect theft to the major credit bureaus to prevent further damage to your identity.

You should also contact the Office of the Inspector General at the Social Security Administration right away.

Reporters have spilled gallons of ink writing about the likelihood that people like you and me will have to deal with the damaging effects of identity theft related to the Equifax breach.

Even more has been said about what that damage might look like: how thieves will obtain our SSNs, what they might use our identities to open up or steal, and how these activities might follow us into the future and erode our financial health.

Now that we’ve been blindsided with the news that our SSNs are exposed–and had been for MONTHS before we were made aware–the big question is how and to what extent can we protect ourselves?

Assume you are part of the breach–because you probably are.

Original estimates put the amount of people affected at 143 million, but just days ago, Equifax revealed another 2.5 million people may have also been compromised.

With this kind of volume, it’s a mistake to think your information wasn’t part of the compromise. Around half of the people in the United States are affected–whether or not you should be prepared for credit fraud ultimately boils down to a coin toss.

What isn’t a question is protecting yourself now–before something happens–is far more effective and easier than waiting until after you’ve discovered fraudulent activity.

So, assume you’ve been compromised. Take steps right now to shield yourself and you’ll hopefully spare yourself a ton of frustration and anxiety later.

What you can do before your identity is stolen.

Get credit monitoring.  Usually for a small monthly fee, there are several credit monitoring services available to consumers. These agencies will routinely review your credit report with an eye toward unusual changes or inconsistencies that may be flags for fraudulent activity. You will be notified about new accounts opened in your name, changes to existing account information, and any hard credit checks that might indicate someone attempting to get a loan, a credit card, or some other kind of service.

Keep in mind credit monitoring will not protect you from actual theft. It simply helps to keep you abreast of activity on report so you can act quickly if something isn’t right. The sooner you act, the better your ability to reverse and prevent further damage.

To make amends for the breach, Equifax is currently offering 12 months of free credit monitoring.

Freeze your credit.  For around $10, you can contact each of the Big Three credit reporting bureaus (Equifax, TransUnion, Experian) and request a credit freeze. Also called a security freeze, this makes things substantially harder for an identity thief and is one of the best tools in your arsenal to prevent theft.

A credit freeze locks access to your credit report. Under a freeze, lenders and other companies that need to perform credit checks before offering services are blocked from pulling your report, and therefore unable to issue credit in many cases. This could block a thief from obtaining a loan or credit card in your name.

But credit freezes aren’t totally perfect. They won’t stop a thief from editing existing or using existing accounts. And they don’t block everyone from accessing your report (if you’ve already worked with an institution, they may be excluded from the freeze).

If you’re planning on applying for a new utility service, a mortgage, a car loan, a new apartment, or new job, a credit freeze can also block people you want to access your report. So unless you have no plans to make life moves that involve credit checks, a credit freeze may not be an option.

If you do need to lift a credit freeze, be aware that thawing your credit can sometimes be a lengthy process. In the event of an emergency purchase for which you may need credit quickly, a credit thaw could do as much harm as good.

Credit freezes do not negatively affect your credit score.

Place an initial fraud alert on your account.  Like a credit freeze, placing a fraud alert on your account can be done with any of the Big Three credit bureaus. The Fair Credit Reporting Act allows consumers to put a fraud alert on their account for free.

A fraud alert doesn’t lock access to your report, but rather flags it as at risk for fraudulent activity for any creditors pulling your report. These creditors will handle that report with increased scrutiny, taking extra measures to verify your identity.

While it doesn’t prevent someone from opening an account in your name, it does put your report under a magnifying glass should someone try. A thief is much more likely to be caught when your report is flagged in this way.

There are three kinds of fraud alerts. If you are thinking of requesting a fraud alert before you’ve been victimized–an “initial” fraud alert–the duration is 90 days.

Seniors are particularly at risk.

We’ve talked a little bit about what can happen if an identity thief decides to try and collect your Social Security benefits–not only is it very possible, but it’s incredibly easy to do with just a few pieces of basic information and your SSN.

But any attempt on the identity and financial information of seniors deals double damage. Not only do seniors have to deal with all of the same repercussions as younger Americans, but in many cases, they also won’t have the means or ability to repair or protect their credit.

An adult on a fixed, small income has to make a big sacrifice to pay for the services required to fix the damage or prevent the theft in the first place. And once the damage is done, the aftermath can hit a senior much harder–they may have no way to keep themselves afloat or walk back what was done.

And sadly, identity thieves are fond of targeting seniors.  Retirees offer more opportunities to cash in: thieves can take advantage of Social Security payments, retirement savings accounts flush with cash, and the fact that many seniors aren’t making big financial decisions that would prompt them to check their credit reports regularly.

Be very vigilant. At the very least, take advantage of your free credit report per year to keep track of your data on your own. And be prepared to act quickly if you see something you shouldn’t.

According to White House cybersecurity coordinator Rob Joyce, the government may already be considering a departure from the use of Social Security numbers as identification.

Speaking at the 2017 Washington Post Cybersecurity Summit yesterday, Joyce confirmed the Trump Administration has asked federal officials to put their heads together and come up with a plan to significantly change the way we identify citizens–namely by dropping the SSN completely.

These revelations come in the continuing chaos that is the Equifax breach fallout. The breach–one of the worst in history–has exposed the SSNs and associated personal data of 143 million Americans to identity thieves.

Chances are good if you’ve worked or are currently working in the U.S., those nine little digits that control your entire work, financial, and credit history are currently up for grabs somewhere on the dark web.

With your SSN and a few key pieces of identifying information, thieves have all they need to drain your bank account, take out credit cards and loans in your name, open utility accounts, obtain pricey medical treatments, and even file for your tax refund.

For soon-to-be Social Security beneficiaries, identity theft can be particularly nasty. Imagine filing for your retirement benefits only to find that “you” have already been receiving Social Security payments for several years.

Or you file for disability or supplemental Social Security benefits and your claim is denied outright due to someone claiming earnings under your SSN (these earnings may exceed what is allowed by supplemental, and to claim disability, one cannot have claimed significant earnings since the onset of the disability).

These realities are painful for victims who had absolutely no say in the matter. We didn’t leave our doors unlocked or carelessly hand our information to strangers–and when it comes to credit reporting, the Big Three credit bureaus have our SSNs and identifying information whether we like it or not.

Even Richard Smith, former Equifax CEO, wonders whether it isn’t time for a big change in the way we use SSNs:

“The concept of a Social Security number in this environment being private and secure–I think it’s time as a country to think beyond that. What is a better way to identify consumers in our country in a very secure way? I think that way is something different than an SSN, a date of birth, and a name.”

Smith, who was at the helm of Equifax for the past 12 years, stepped down following the breach.

Joyce, too, thinks it’s high time we ditch the SSN to protect the privacy and financial security of our country’s citizens–especially considering that once issued, a SSN is permanent:

“I feel very strongly that the Social Security number has outlived its usefulness. It’s a flawed system.  If you think about it, every time we use the Social Security number, you put it at risk… It’s a flawed system that we can’t roll back…after we know we had a compromise.”

Joyce and others in the government are currently floating a variety of alternatives to phase out the SSN. For himself, Joyce is in favor of a modern cryptographic public-private key system that would prevent thieves from ever converting your complex key back into your actual identifier.