How A Phishing Expedition Works

      If you’ve wondered exactly how phishing campaigns involving Social Security Administration impersonation work, The Hacker News has you covered. If these crooks put as much effort and ingenuity into legitimate work they’d probably make more money.

The Schemers Never Stop

      From a press release by Social Security’s Office of Inspector General:

Federal law enforcement agencies are warning the public about a surge in government imposter scams involving the misuse of real Social Security Administration (SSA) and Office of the Inspector General (OIG) employee names, fabricated badge images, and fraudulent social media profiles.

Recent reports show scammers are:

• Using the name of a real SSA employee along with a fake badge or credential to appear legitimate.  
• Using information from social media profiles to impersonate a real SSA OIG employee to initiate contact and build trust with potential victims.

These tactics mirror a broader trend in which criminals attempt to legitimize their schemes by sending doctored images of credentials, spoofing phone numbers, or posing as government officials online. …

89 Year Old Man Goes On Shooting Spree At Social Security Offices In Greece

      From the Jerusalem Post:

A gunman opened fire at a social security office and a courthouse in central Athens, wounding several people, Greek authorities said on Tuesday.

Police have launched an operation to locate the shooter, who Greek media reports say is 89 years old. 

Police said the suspect, who was armed with a shotgun, first opened fire at a social security office in central Athens, wounding an employee. …

The gunman then opened fire on the ground floor of a city courthouse, wounding several more people. …

Man Arrested For Threatening Social Security Employees

      From WWNY:

A Watertown [NY] man is accused of threatening to shoot employees at the Social Security Administration.

City police charged Charles Brown, 26, with a misdemeanor count of making a threat of mass harm. 

According to police, Brown called the Social Security Administration on Bellew Avenue in Watertown on Tuesday and became upset with the service he received.

He allegedly told the employee on the phone that he planned to shoot the worker in the head and then shoot the rest of the staff at the office. …

They Say He Stole From Poor Mentally Ill People

      From Fox News:

… The U.S. Attorney’s Office for the District of Maryland announced today that a federal grand jury indicted Najee Alexander Corbett, 37, of Baltimore, in connection with a Social Security disability theft scheme. …

As part of the alleged scheme, prosecutors said Corbett targeted SSI claimants diagnosed with mental health disorders and altered claimant records in the SSA database to include bank accounts he controlled and his residential mailing address so he could receive their benefit funds.

Prosecutors also said Corbett changed the date of benefit eligibility payments for selected claimants in the database, generating back payments in the claimants’ names. Authorities said he then caused SSI benefit payments to be transmitted to bank accounts he controlled and mailed to his home.

Federal prosecutors said Corbett received $116,537.62 in SSI disability payments through the scheme and retained $71,304.62. …

Warning Issued

      From WAVY:

The Social Security Administration Office of the Inspector General is warning people of a scam targeting retirees.

The OIS reports a sharp increase in scam activity, where bad actors are contacting people via email, claiming to have a social security statement ready to download.

Officials warns that clicking any link from a scam could lead to monetary loss, identity theft, or having your data compromised.

“We are seeing a sharp increase in fraudulent emails designed to look like official Social Security Administration communications,” said Michelle L. Anderson, Assistant Inspector General for Audit as First Assistant. “These messages are not from Social Security. Anyone who receives one should delete it immediately and report it.” …

Social Security Employees Are Afraid

 

Do You Trust The “Investigation”?

       From the Washington Post:

The Social Security Administration’s internal watchdog is investigating a complaint that alleges a former U.S. DOGE Service employee claimed he had access to two highly sensitive agency databases and planned to share the information with his private employer — a claim that, if true, would constitute an unprecedented breach of security protocols at an agency that serves more than 70 million Americans.
 …

According to the disclosure, the former DOGE software engineer, who worked at the Social Security Administration last year before starting a job at a government contractor in October, allegedly told several co-workers that he possessed two tightly restricted databases of U.S. citizens’ information, and had at least one on a thumb drive. The databases, called “Numident” and the “Master Death File,” include records for more than 500 million living and dead Americans, including Social Security numbers, places and dates of birth, citizenship, race and ethnicity, and parents’ names. The complaint does not include specific dates of when he is said to have told colleagues this information, but at least one of the alleged events unfolded around early January, according to the complaint. While working at DOGE, the engineer had approved access to Social Security data.

According to the complaint, he allegedly told the whistleblower that he needed help transferring data from a thumb drive “to his personal computer so that he could ‘sanitize’ the data before using it at [the company.]” The engineer told colleagues that once he had removed personal details from the data, he wanted to upload it into the company’s systems. He told another colleague, who refused to help him upload the data because of legal concerns, that he expected to receive a presidential pardon if his actions were deemed to be illegal, according to the complaint. ….

The whistleblower filed the complaint with the inspector general in January. When The Post contacted the agency and the company in January, both said they had not heard of the complaint. Both said they subsequently looked into the allegations and did not find evidence to confirm the claims. The company said it had conducted a “thorough” two-day internal investigation and concluded the assertions were unsubstantiated. Reached this week, both declined further comment. … 

Scam Call Center Shut Down

   

  From Yahoo! Finance:

A collaborative effort by the FBI, local police and Indian authorities has shut down a huge scam call center operation in India that saw Americans lose nearly $50 million. …

The FBI says that about 660 people in the U.S. reported falling victim to government impersonation and tech support scams since 2022 that were connected to the call centers, with losses totaling a staggering $48,778,230. In Maryland alone, nearly two dozen victims reported losing a total of $6,257,869. …

Over 1 Billion SSNs Exposed

      From PC Mag:

In a disturbing find, a cybersecurity vendor discovered an exposed online database that may have been storing as many as 1 billion Social Security numbers (SSNs). 

A database indexed using Elasticsearch was left open on the internet, according to security provider UpGuard. The stockpile contained 3 billion records, including email addresses and passwords, along with another dataset of 2.7 billion records, including SSNs.

Specifically, the SSNs consisted of two datasets spanning 353.3GB and 76.7GB, for a total of 430GB, UpGuard told PCMag. The company suspects a hacker or “amateurish threat intelligence vendor” is behind the database.  …

A New Cyberattack

      From Hackread:

A new wave of cyberattacks is stalking organisations across the UK, US, Canada, and Northern Ireland. According to the latest research from Forcepoint X-labs, attackers are impersonating the US Social Security Administration (SSA) to bypass security and take total control of private computers. ...  

It starts with an email that looks official but is riddled with red flags, like the fake domain SSA.COM and the misspelling of Statement as “eStatemet.” If a user falls for the bait and opens the attached .cmd script, the computer quietly begins to sabotage its own defences. The X-labs team’s report noted that the script’s first job is to check for administrator powers using a technique called PowerShell auto-elevation. Once it has control, it kills Windows SmartScreen (the system that usually blocks suspicious apps from running) by modifying the computer’s registry. It also strips away the Mark-of-the-Web, a hidden digital tag Windows uses to identify files from the internet. ...  

Once the guards are down, the script performs a silent installation of ConnectWise ScreenConnect. In a normal office, this is a legitimate tool for IT support. However, here, hackers are weaponising it as a Remote Access Trojan (RAT) to maintain a permanent “backdoor” into the network. Researchers noted that the software is hardcoded via a System.config file to call back to a specific server: ...

Seven Year Sentence For Former Social Security Employee

      From Texas Border Business:

HOUSTON – A former Social Security employee has been ordered to federal prison for aggravated identity theft and conspiracy to steal government funds.

David Lam, 46, Pearland, pleaded guilty June 5, 2025.

U.S. District Judge Sim Lake has now ordered Lam to serve 84 months in federal prison to be immediately followed by three years of supervised release. At the hearing, the court heard about the complex nature of Lam’s scheme and how it involved dozens of fraudulent applications. Lam also used his access to personal data, which was necessary for his actual job duties, to facilitate his embezzlement and theft. Lam was further ordered to pay $3,346,280 in restitution.

Lam was an operations supervisor and claims specialist for the Social Security Administration office in Houston. …

He Only Got Probation

      From MyNewsLA.com:

A former employee of the Social Security Administration district office in the Antelope Valley who admitted stealing over $25,000 from beneficiaries was sentenced Thursday in federal court to probation and restitution.

Dion Bright Jr., 34, of Lancaster, was sentenced by U.S. District Judge Fernando Olguin, who ordered restitution in the amount of the theft along with a year’s probation.

Bright pleaded guilty in July 2025 in downtown Los Angeles to a misdemeanor count of theft of government property.

As part of his job duties at the SSA field office in Lancaster, Bright would use a database to access claimants’ records to process claims for the aged, blind or disabled, and for workers who lost income due to physical or mental impairment.

During the scheme, from September 2022 to June 2023, Bright accessed beneficiaries’ SSA records, changed their mailing addresses so that they would not receive notices that their account information had been revised, and rerouted their benefits to a U.S. Bank account he controlled, according to the U.S. Attorney’s Office. …

Office Closures Today Due To Security Threat

      I am hearing that many Social Security offices around the country were ordered evacuated today due to some unspecified security threat. I don’t recall ever hearing about anything as widespread as this.

     Does anyone know details on this?

Charming Fellow

      From USA Today:

A man caught on video verbally berating a security guard and yelling racial slurs outside a Social Security office in an Atlanta suburb has been arrested, police say. …

Robert Burke, 65, was identified as the man at the center of a viral video showing him being escorted from the Social Security office as he threatened to physically harm the security guard. …

Burke is heard telling the security guard to "take a shot (expletive)" and saying he would "beat the (expletive)" out of him.

"I'm a (expletive) citizen," Burke continues, and then he refers to the security guard, who is Black, using a racial slur repeatedly.

As he walks into the parking lot, he yells back to the guard "What are you going to do, it's free speech" before continuing to use expletives and slurs. …

While this may have been the most explosive encounter, employees of the Social Security office told police Burke had been a problem before and had caused previous disturbances at that location. …

Scams Way Down Since 2020

      Social Security’s Office of Inspector General (OIG) has issued a Quarterly Scam Update. It says it’s the 18th such update but it’s the first time I’ve seen it. 

     The report shows that Social Security scams reached a peak in 2020 but went way down in 2022 and have stayed much lower. Maybe the Trump Administration will claim credit for the reduction.Surprisingly, at least to me, those under the age of 50 were the most likely to be scammed but older people showed larger losses.

Threats In Tupelo

      From the Daily Journal:

A Corinth [MS] man with a history of threatening federal employees has been charged with threatening to shoot workers at the Tupelo Social Security office.

James C. Curry Jr., 51, of Corinth, is accused of threatening employees at the Tupelo Social Security Administration office Tuesday, Dec. 16. He was arrested Monday in Lee County and taken into federal custody. He is currently incarcerated at the Lafayette County Detention Center, awaiting preliminary hearing Monday afternoon in U.S. District Court. …

$1.3 Million Dollar Scam

      From WGAL:

A social security imposter scammed two Lancaster County residents out of $1.3 million, according to Pennsylvania State Police. 

Troopers said two 78-year-olds from Providence Township fell victim to a person who posed as a Social Security Administration employee.   

The unknown suspect told the victims that one of their Social Security numbers was compromised and they needed a new one, according to police. 

Investigators said the imposter gave the victims detailed instructions to liquidate their retirement assets, stealing a total of $1,328,652. 

The suspect used the money to purchase gold that was collected by unknown individuals as payment under the guise of purchasing a new Social Security number, according to police. …

Man Charged With Threatening To Blow Up Field Office

     From WWNY TV: 

A Watertown [NY] man is accused of threatening to blow up a government office in the city.

City police charged 32-year-old Edmanuel Rivero-Vazquez with making a threat of mass harm.

During a meeting with staff at the Social Security Administration office on Bellew Avenue on Wednesday, Rivero-Vazquez allegedly threatened to blow up the building. ...

Where’s The $1 Trillion In Savings Musk Promised?

      From Brett Arends writing for Morningstar:

… I'm not surprised that President Donald Trump and the Social Security Administration put out the latest inspector-general report the day before Thanksgiving, when nobody is paying attention. 

It's yet another embarrassment. 

The latest 57-page report to Congress details a variety of Social Security frauds that took place under Trump's first administration, only to be caught, stopped and prosecuted ... er ... under Joe Biden. 

And it confirms what has long been suspected, and which will come as no surprise to MarketWatch readers: namely that Elon Musk and Trump were talking total nonsense for the first six months of this year, when they were claiming that there was a "huge" amount of fraud in Social Security, including hundreds of thousands of dead people claiming benefits. …