A new scam is currently targeting thousands of people across the United States, using the name of the Social Security Administration to trick unsuspecting users. This campaign, which was first identified by the security firm LifeLock, arrives just in time for the busy tax season.
As per LifeLock’s tweet, the scam works by sending emails that look like official government notifications. As we have generally noticed, scammers rely on this sense of urgency to make people act without thinking. In this case, the same thing happens.
These messages use urgent language such as “Important Disclosures” or “Important Regulatory Information” to grab a person’s attention. And, while the sender’s name might say Social Security Administration, investigation revealed that the emails do not actually come from a legitimate government domain ending in .gov.
How the trap works
The emails typically include a link or a file that looks like a standard PDF statement. It might have a name like “Social_security_statements_2025.pdf.” However, researchers noted that this is not a normal document, and the file uses a tool called Datto RMM.
Normally, RMM (Remote Monitoring and Management) is a helpful tool used by IT experts to fix computers from a distance. But here, it has been turned into a weapon. If a user clicks the link to view the document, it can install a RAT (Remote Access Trojan (RAT).
Further probing revealed that this allows attackers to take full control of a person’s device. Once they have access, they can watch what the user is doing and steal private data.
Spotting the red flags
The fake emails often tell the reader that a new document is ready for review and will only be available for a short time. This is a major red flag, as the goal is to make you click a button labelled “VIEW DOCUMENT” as quickly as possible.
To stay safe, experts suggest always checking the sender’s email address and avoiding any links that ask you to download software just to view a simple statement.
Deeba Ahmed
