Beware - Social Security Benefits Can Be Hacked!
We all know that identity theft and hacking is a serious problem and can lead to major financial loss. Much has been written about that. But did you know that even your social security accounts are at risk to be hacked and benefits stolen?
Sadly, that is exactly what happened in a situation that recently came to my attention. In this case, the victim received an unexpected letter from the Social Security Administration (SSA) expressing congratulations for initiating Social Security benefits. The problem is, this person did not do so.
Imagine the surprise, made worse by the fact that their plan was to wait until age 70, still years away, to fully maximize benefits! Not to mention that the identity thief had pilfered almost $20,000 of the victimís benefits already.
This raises all sorts of questions. Letís tackle some of those below.
So how did this happen?
Recall that not all that long ago, 143 million of us had personal information compromised in the Equifax data breach. This very well could be the source of much of this SSA hacking activity, at least in obtaining core information on a mass scale that could be used to attempt a hack.
Once hacked and the false application made, a sophisticated thief may be able to successfully open a fake account into which the SSA deposits the benefits, after which the accounts are drained, often using prepaid debit cards that are difficult, if not virtually impossible, to trace.
Is the SSA culpable in any way?
Unfortunately, from what I have seen, there is a flaw in the controls on the SSA website that may contribute to this situation.
While it is possible to set up a secure ìmy Social Securityî account on SSA.gov allowing you to do all kinds of things related to your SSA benefits, apparently to apply for benefits, you do so via an unsecured website, ìApply Online for Retirement/Medicare Benefitsî.
On this unsecure website, a thief can enter a false phone number, fake email address, set up direct deposit information for the prepaid debit card referred to earlier, and apply for benefits. And even if you have a ìmy Social Securityî account and the personal information entered by the crook does not match that information, it does not get flagged nor will you receive notification of these changes or the fact that an application for benefits has been made.
Just who is at risk?
If you are an individual age 62 to 70 and have not yet applied for benefits, you could be at risk. This is particularly true if your personal information was exposed in the recent Equifax breach.
For those over age 66 1/2, the risk may be even greater. In the situation I heard about, the false application was made just after the victim reached age 67. This timing is likely not a coincidence. On the contrary, the identity thief likely has a strong understanding of the system. I say that because folks who have reached full retirement age and have not applied for benefits qualify to receive a retroactive payment from SSA of up to six monthsí worth of benefits. So, beginning at age 66 Ω, for those born between 1943 and 1954, hackers can access the maximum amount of back benefits!
What does one do?
Taking precautionary security measures now to protect oneís self from a diversion of benefits is critically important. The SSA has some recommendations as to how to secure your information online. Unfortunately, because the benefit application website is not secure and due to the lack of cross notification as previously discussed, taking these measures does not ensure that you will not become a victim.
However, if you have not already, you may can somewhat minimize the risk by creating a ìmy Social Securityî account and then be sure to log in at least annually to verify your information and benefit status. If over age 62, you should consider checking this even more frequently.
If you discover that you have become a victim of a Social Security breach, make an appointment at your local SSA office as soon as possible to inform them of the breach. They should be able to freeze further payments on your account.
Be sure to maintain digital and hard copies of everything you receive. Furthermore, consider filing a police report and have electronic access to your account blocked.
Ultimately, you will most likely receive a Form SSA-1099 reporting to you for tax purposes the amount of benefits that were stolen. You now, unfortunately, may have a battle on your hands with both the IRS and the SSA; the IRS over paying taxes on income you did not really receive; the SSA, over qualifying for maximum benefits at age 70 and Medicare means testing for Parts B and D premiums since the ìadditional incomeî might push you over the threshold.
Needless to say (but Iím going to anyway), any actions you can take today to prevent this from happening to you will be well worth the effort.