Stanford warns of Social Security benefits fraud

Stanford has been alerted to a new scam targeting the Social Security benefits of those who have reached the early retirement age of 62. In most cases, victims become aware of this when the Social Security Administration (SSA) notifies them that claims have been made on their benefits.

Michael Duff

Michael Duff (Image credit: Courtesy University IT)

In recent weeks, Stanford has received reports from several employees who have been affected  by this scam.  Understanding that this has been surprising and frustrating for the employees involved, Michael Duff, assistant vice president and chief information security officer, answers questions raised by the issue.

How does a scam like this happen?

The scam begins with the criminal submitting a fraudulent Social Security benefits application online using your personal information. In order to do this, he needs your name, Social Security number, date of birth and mother’s maiden name, plus supplementary identification questions regarding information from your credit report (e.g., current or past loans, accounts, and mailing addresses). It is common for criminals to collect this information from various online services or by contacting you directly by email, phone, text message or U.S. mail and posing as SSA representatives. If you receive any such communication, do not reply. Instead, contact the SSA directly at (800) 772-1213.

For those already collecting Social Security benefits, another variant on the scam is to phish your “my Social Security” account login credentials. Then they log in and modify your bank account information so that future benefit payouts are deposited into the criminal’s account instead of yours.

Is this connected to the W-2 incident last year?

We cannot say conclusively, but it does not appear to be directly connected. Following the W-2 incident last year, we conducted an in-depth investigation to determine the source of the employee Social Security numbers that were used.  We did not find any evidence that the numbers were leaked from Stanford systems. Nationwide, there have been numerous large-scale breaches of personally identifiable information that have exposed much of the population to identity theft. The Social Security benefits fraud requires additional personal information that does not appear on W-2 forms, so we believe additional sources of personal information – gathered either via phishing or from other online services –were employed to perpetrate this fraud.

Once personal information has been compromised, unfortunately, it remains in that state, subject to further illegal use in the future. We urge everyone to be vigilant of fraudulent activity and to take steps to protect financial accounts.

What is the best way to protect Social Security benefits?

Never provide personal information in response to an unsolicited email, phone, text message or letter. If unsure, contact the purported senders using information from their official website, as opposed to information provided in the unsolicited communication.

Enable two-step authentication for your “my Social Security” account. This is a new security option that the SSA began offering in May 2017. To get started, visit the SSA website.

Take advantage of the identity theft protection service that Stanford offers to all benefits-eligible employees free of charge. To get started, visit the identity-theft-protection website.

What should people do if they become victims?

If your Social Security benefits are defrauded, the first step is to report the incident to the SSA. The SSA is familiar with fraud incidents and will help restore benefits.  To resolve the incident, you will most likely be asked to provide identification documents in person at a local SSA office.