For the past 20 years, Liz Birenbaum's 88-year-old mother, Marge, has received her Social Security check on the second Wednesday of every month. It's her only source of income, paying for her room at the long-term care center she moved to last October after she suffered a stroke.
When the money didn't arrive in January, they logged into Marge's Social Security account and discovered some surprising clues. It was the last four digits of her account number at a bank she didn't recognize. .
“Someone broke in,” said Birenbaum, of Chappaqua, New York. “And I hit the panic button.”
It quickly became apparent that the scammer had redirected the $2,452 benefit to an unknown Citibank account. Marge, who lives in Minnesota, had never used a bank in Minnesota. (Ms. Birenbaum requested that her mother be called by her first name only to protect her mother from future fraud.)
Birenbaum immediately began making phone calls to rectify the situation. When she finally got in touch with a Social Security representative at the local office in Bloomington, Minn., the representative casually told her that things like this happen “all the time.”
“I was surprised,” Birenbaum said.
Social Security fraud is rampant across the board. Scammers pose as employees and attempt to extract both money and valuable personal information from people in a variety of evolving schemes. But this particular scam, in which criminals use stolen personal information to break into online Social Security accounts, create new accounts, and divert benefits elsewhere, has been around for more than a decade. It has troubled people for a long time.
Once scammers gain access to a person's online Social Security account, they may be able to change the beneficiary's address or direct deposit information, or request a card replacement.
Almost anyone can be a target. The Social Security Administration sends checks to more than 70 million beneficiaries, including retirees and people with disabilities, totaling nearly $120 billion each month. An estimated 2,000 beneficiaries received direct deposit transfers last year, according to Social Security Administration fraud prevention officials.
It can be a lucrative scam, but the gains can be devastating if you lose. An estimated $33.5 million in benefits (to about 21,000 beneficiaries) were transferred over the five-year period ending in May 2018, according to the latest audit by the Office of the Inspector General. and an independent organization responsible for audit oversight. agency. Additionally, he stopped $23.9 million in unauthorized redirects before they occurred during the same period.
“Scammers are trying to convince the Social Security Administration that they are the real beneficiary,” said Jeffrey Brown, deputy assistant inspector general for the Office of Inspector General, who analyzed the issue in 2019. We were able to obtain sufficient information.” They could walk in the door and change their direct deposit. ”
OIG officials say Social Security fraud has skyrocketed since Social Security offices were closed to the public during the pandemic, forcing people to rely on the agency's online services.
The Federal Trade Commission, which collects self-reported complaints from consumers, said activity increased last year, with more than 7,600 people reporting benefit diversion from 2019 to the end of 2023. .
“Many consumers have reported to us that they learned their direct deposits were redirected to other or fraudulent accounts,” said Maria Mayo, associate director of the FTC's Consumer Relations and Operations Division. I am sending it to.'' “In many cases, they say a scammer called them and provided them with information, which they believe was used to direct their profits.”
In yet another development, there were approximately 6,100 fraudulent claims last year, representing 0.3% of all retirement claims initiated on the web. This involved criminals filing benefit claims based on the earnings records of Americans who had reached retirement age but had not yet claimed benefits. This was announced by fraud prevention officials at the Social Security Administration.
Criminals use a variety of methods to collect necessary personal identifying information, which they later use to break into government accounts or create fraudulent accounts. A Social Security number is required to establish an online account with a government agency, but he doesn't need all nine digits to crack an existing account.
Amy Nofziger, director of fraud victim support for the AARP Fraud Watch Network, recently reviewed her case database and found several victims who had their Social Security numbers stolen by a third party in the past six months. discovered. One unsuspecting person gave it to a scammer who promised an insurance subsidy. Another criminal posed as a representative of the victim's bank. In yet another case, the scammer pretended to be calling from a credit reporting agency to verify the victim's Social Security number.
Identity thieves may claim to be calling from your doctor's office, but in some cases, they may try to hack into your device and collect valuable information such as passwords and other stored personal information. can do.
Scammers may also turn to marketplaces on the dark web to collect various pieces of personal identity information. A lot of personally identifying information (often stolen through security breaches) is sold there.
Pam Dixon, executive director of the World Privacy Forum, a research group focused on data governance and protection, said people living in medical facilities and nursing homes are also often vulnerable to such crimes. “This is one of the ugliest forms of identity theft,” she added.
Just months before Marge's benefits were transferred, the OIG released a report finding that the government portal site my Social Security did not fully meet federal requirements for identity verification. It said there was insufficient verification and verification of new registrants. In all cases, identity. And once an account is established through one of his two identity verification portals required to access a Social Security account, the government agency requires the user to provide sufficient evidence (such as a driver's license). ) to re-verify your identity. , Self).
This is not the first time independent investigators have found deficiencies, dating back to the introduction of the “my Social Security” portal in 2012. The Office of Inspector General recommended strengthening the digital identity verification process in 2016, and the agency has previously recommended strengthening the digital identity verification process. OIG officials said they were not yet fully compliant when they released their latest audit in 2023.
The Social Security Administration said it has implemented several of the agency's recommendations since the portal's introduction, including adding a fraud analysis team for investigations. The agency also said it has updated its identity verification process to address new threats and has further updates planned.
“Our office conducts ongoing analysis of online transactions, looking for anomalous behavior. If we find new characteristics, we flag them and stop potentially fraudulent behavior. We are introducing additional controls to ensure that the Examination and supervision in social security.
“The environment is constantly evolving and we will modify the model as necessary,” he added.
According to OIG officials, the Social Security Administration is sending notices by mail to beneficiaries asking them to contact the agency if they have not approved recent changes to their direct deposit information, which could result in millions of dollars in benefits being lost. It is said that the money is being prevented from being diverted or lost. You can also block changes to your account.
It would have been impossible for someone like Marge to solve this problem on her own. It was difficult enough for Birenbaum and his brother, a marketing consultant based near their mother in suburban Minneapolis, who worked together to collect benefits and secure Marge's account. .
Birenbaum, who reported the crime to the OIG and FBI and alerted state and federal representatives, was once held on hold at the Social Security Administration for two and a half hours before being connected to a local caseworker. Officials were able to confirm that her mother's direct deposit information had changed in early December, the month before the benefits were lost.
Birenbaum's brother visited their mother's local Social Security office and became Marge's “payee agent” so he could handle Birenbaum's affairs (the Social Security Administration does not accept powers of attorney). ). They had to find a way to make the correction without bringing Marge into the office, which Birenbaum said would have been “a tough job.”
Marge received the missing money on March 1, about a month and a half after discovering the problem.
“It ended on a happy note for her,” Birenbaum said. “But for many people who don't have an advocate pushing every day, the cybercriminals will win.”
How to protect yourself from Social Security fraud
Consider locking down your account. Create a Social Security account, but then add an electronic services block. This is a feature that prevents anyone, including you, from viewing or changing your personal information online. You will need to contact your local office for removal.
Another feature, Direct Debit Fraud Blocking, prevents someone from signing up for direct debit or changing their address or direct debit information through their online account or financial institution. You must contact your local office to make changes or remove blocks.
Don't just trust, verify. If your cell phone's caller ID shows “Social Security Administration,” don't trust it. The number may be spoofed, and the Social Security Administration will only call beneficiaries in limited circumstances. Please call our agent back through our main line at 1-800-772-1213 or use our office locator to call your local site.
report If you suspect fraud or fraud, please contact the Office of Inspector General's website or call 1-800-269-0271.
contact If you suspect that someone has used your personal information, please contact the Federal Trade Commission through its website or by calling 1-877-IDTHEFT (1-877-438-4338).
review Social Security Administration resource page on how to spot a scam.
