How Fraudsters Break Into Social Security Accounts and Steal Benefits

0
186
How Fraudsters Break Into Social Security Accounts and Steal Benefits

For two decades, Liz Birenbaum's 88-year-old mother, Marge, has received her Social Security check on the second Wednesday of every month. It's her only source of income, which she uses to pay for her room at a long-term care center, where she ended up last October after a stroke.

When the deposit didn't arrive in January, they logged into Marge's Social Security account and found startling clues: the last four digits of a bank account number that didn't match their own, at a bank they didn't recognize.

“Someone had gotten in,” said Ms. Birenbaum, of Chappaqua, N.Y. “Then I hit the panic button.”

It quickly became apparent that a fraudster had diverted the $2,452 benefit to an unknown Citibank account. Marge, who lives in Minnesota, had never banked there. (Mrs. Birenbaum asked that her mother be called by her first name only to protect her from future fraud.)

Ms. Birenbaum immediately began making calls to remedy the situation. When she finally contacted a Social Security representative at a local office in Bloomington, Minnesota, he casually mentioned that this happened “all the time.”

“I was stunned,” Ms. Birenbaum said.

Overall, Social Security scams are ubiquitous – fraudsters pose as employees and attempt to extort both money and valuable identification information from people in a variety of evolving schemes. But this particular scam — in which criminals use stolen personal information to break into online Social Security accounts or create new ones and divert benefits elsewhere — has plagued people for more than a decade.

Once fraudsters gain access to a person's online Social Security account, they can change a beneficiary's address and direct deposit information or request replacement cards.

Almost everyone is a potential target. The Social Security Administration sends checks totaling nearly $120 billion each month to more than 70 million beneficiaries, including retirees and the disabled. An estimated 2,000 beneficiaries had their direct deposits diverted last year, according to Social Security Administration fraud officials.

It can be a lucrative scam and a devastating advantage to lose. An estimated $33.5 million in benefits – intended for nearly 21,000 beneficiaries – were diverted over a five-year period ending in May 2018, according to the latest audit by the Office of the Inspector General, an independent group. the agency responsible for monitoring investigations and audits. During the same period, another $23.9 million worth of fraudulent redirects were prevented before they even happened.

“Fraudsters were able to obtain sufficient information about a real beneficiary to convince the Social Security Administration that they were that beneficiary,” said Jeffrey Brown, deputy assistant inspector general in the Office of Inspector General, who analyzed the problem in 2019. Once they got to the front door, they were able to change their direct deposits.”

OIG officials said Social Security scams increased during the pandemic as Social Security offices closed to the public and people were forced to rely on the agency's online services.

The Federal Trade Commission, which collects self-reported complaints from consumers, said more than 7,600 people reported their benefits were diverted from 2019 through the end of 2023, with activity increasing last year.

“Many consumers are telling us that they have discovered that their direct deposit was redirected to another account or a fraudulent account,” said Maria Mayo, deputy director of the FTC’s Division of Consumer Response and Operations. “Often they say they received a scam call and shared their information, and they believe that information was used in this way to divert the benefit.”

In another twist, there were about 6,100 fraudulent claims last year, or 0.3 percent of all Internet-initiated pension claims, involving criminals claiming benefits based on the earnings records of Americans who had reached retirement age but had not yet reached retirement age had applied for benefits. Social Security fraud officials said.

Criminals use a variety of methods to collect the personal identification information they need, which they later use to break into government accounts or create fraudulent accounts. You'll need a Social Security number to set up an online account with the agency, but you don't need the full nine digits to open an existing account.

Amy Nofziger, director of fraud victim assistance at the AARP Fraud Watch Network, recently searched their case database and found a handful of victims whose Social Security numbers had been obtained by third parties within the last six months. An unsuspecting person gave it to a scammer and promised him insurance benefits. Another criminal posed as a representative of the victim's bank. In another case, the scammer pretended to be calling from a credit reporting agency to verify the victim's Social Security number.

Sometimes identity thieves claim that they are calling from a doctor's office, and in other cases they can tamper with a person's device and collect valuable information such as passwords or other stored personal data.

In collecting various pieces of a person's identity, fraudsters may also turn to marketplaces on the dark web, where a lot of personal identifying information – often stolen through security breaches – is offered for sale.

Pam Dixon, executive director of the World Privacy Forum, a research group that focuses on data management and protection, said people living in medical or assisted living facilities are also often victims of these crimes. “It is one of the worst forms of identity theft,” she added.

Just months before Marge's benefits were redirected, the OIG released a report that said the administration's portal called My Social Security did not fully comply with federal identity verification requirements: It did not go far enough to allow new enrollees verify and validate 'identities, in all cases. And once an account is created through one of two identity verification portals required to access the My Social Security account, the agency does not require users to reverify their identity through sufficiently strong evidence (e.g., through Presentation of a driving license). , a selfie).

This was not the first time that the independent investigators found deficiencies dating back to the launch of the my social security portal in 2012. The Office of Inspector General recommended strengthening its digital identity verification process in 2016, and the agency has since done so. Although there were several improvements, OIG officials said it was still not fully compliant when it released its last audit in 2023 .

The Social Security Administration said it has implemented several of the agency's recommendations since launching the portal, including establishing a fraud analysis team to investigate. The agency also updated its identity verification process to respond to new threats and is planning further updates.

“Our office conducts ongoing analysis of online transactions and looks for anomalous behavior. When we identify new characteristics, we flag them and implement additional controls to stop potentially fraudulent behavior,” said Joe Lopez, deputy assistant commissioner for analytics. Verification and supervision of social security.

“The environment is constantly evolving,” he added, “and we modify our models as needed.”

The Social Security Administration is sending notices in the mail to beneficiaries encouraging them to contact the agency if they did not approve a recent change to their direct deposit information, which prevented millions of dollars in benefits from being diverted and lost, OIG officials said . There is also the option to block changes to the accounts.

It would have been impossible for someone like Marge to solve the problem alone. It was challenging enough for Ms. Birenbaum, a marketing consultant, and her brother, who live near their mother in a Minneapolis suburb. They worked together to reclaim the benefits and secure Marge's account.

Ms. Birenbaum — who reported the crime to the OIG and the FBI and alerted her state and federal representatives — once spent two and a half hours on hold at the Social Security Administration before contacting a regional caseworker. The representative was able to see that her mother's direct deposit information had been changed in early December, a month before benefits were lost.

Ms. Birenbaum's brother visited her mother's local Social Security office and became Marge's “representative payee,” allowing him to manage her affairs (Social Security does not accept powers of attorney). They had to find ways to make the correction without bringing Marge into the office, which Ms. Birenbaum said would have been a “Herculean task.”

Marge received the missing money on March 1, about a month and a half after they discovered the problem.

“It ended happily for them,” Ms. Birenbaum said, “but for many who don’t have advocates every day, the cybercriminals win.”

Consider suspending your accounts. Create a My Social Security account, but then add an E-Services Lock, a feature that prevents anyone, including you, from seeing or changing your personal information online. You need to contact your local office to remove it.

Another feature, a direct deposit fraud prevention lock, prevents anyone from signing up for direct deposit or changing your address or direct deposit information through your online account or a financial institution. You must contact a local office to make changes or unsuspend.

Don't trust, but also check. If your phone's caller ID says “Social Security Administration,” don't trust it — the number may be spoofed and the agency will only call beneficiaries on limited occasions. Call the agency back at the main phone number 1-800-772-1213 or call a local location using the office locator.

report If you suspect fraud or fraud, please contact the Office of Inspector General website or call 1-800-269-0271.

Contact If you suspect that someone has used your personal information, contact the Federal Trade Commission, either through its website or by telephone at 1-877-IDTHEFT (1-877-438-4338).

review Visit the Social Security Administration's resource page to learn how to spot fraud.