Emails claiming to be from Social Security are making the rounds right now.
They look official. They sound official. And they’re designed to get you to click before you think twice.
The Social Security Administration’s Office of Inspector General is warning about a spike in messages that claim your Social Security statement is ready to download. The goal is simple. Get you to click a link or open an attachment.
From there, things can go sideways fast.
Before interacting with anything like this, it’s worth pausing and running it through a tool like McAfee’s Scam Detector. This is exactly the kind of message it’s built to flag. Something that looks legitimate, but feels just slightly off.
How The Scam Works
The email mimics official government communication, using logos, formatting, and language that feels familiar. It might say your statement is ready, your account needs attention, or you need to review a document.
Once you click:
- You may be sent to a fake website designed to capture your personal information
- You may download malware without realizing it
- Or you may be prompted to enter sensitive financial details
- Either way, the goal is the same: get access to your identity.
The Red Flags In These Emails
- Messages claiming your social security statement is ready to download
- Links or attachments labeled as official documents
- Urgency pushing you to act quickly
- Sender addresses that do not end in “.Gov”
The biggest tell: Social Security does not send emails like this asking you to download statements or provide sensitive information.
What To Do If You Get One
- Do not click links or download attachments
- Delete the email immediately
- Access your account by going directly to the official SSA website
- Report the message to the SSA Office of Inspector General
If you already clicked:
- Stop communication immediately
- Contact your financial institutions
- Monitor your accounts closely
- Report the incident to the FTC or the FBI’s IC3
And that, my friends, is scam number one in this week’s This Week in Scams.
Let’s get into what else is on our radar.
A Healthcare Data Breach That Could Lead to Follow-Up Scams
Healthcare data breaches don’t always make headlines the same way big tech breaches do, but they can be just as serious.
According to reporting from Fox News, CareCloud, a company that supports electronic health records for tens of thousands of providers, recently confirmed a security incident involving unauthorized access to one of its systems.
The access lasted several hours. And while it’s still unclear whether any data was taken, that uncertainty is exactly what makes situations like this risky.
Because even if you’ve never heard of the company, your doctor might use it.
Why This Matters
Healthcare data is incredibly valuable. It can include:
- Names and social security numbers
- Insurance details
- Medical history
- Billing information
Unlike a credit card, you can’t just cancel your medical history.
And when that kind of data is exposed or even potentially exposed, scammers often follow up with messages that feel highly specific and personal.
What To Watch For Next
After incidents like this, scammers often move quickly:
- Emails or texts pretending to be your provider
- Messages about billing issues or medical records
- Requests to “verify” your information
- Links to log in or update your account
These scams work because they’re timed perfectly and feel relevant.
This is another moment where Scam Detector can help flag suspicious links or messages before you engage, even when they reference real healthcare providers.
How To Protect Yourself
- Review medical bills and insurance statements for unfamiliar activity
- Enable two-factor authentication on patient portals
- Use strong, unique passwords
- Avoid clicking links in unexpected healthcare-related messages
- Consider identity monitoring to catch misuse early
Where McAfee Steps In (So You Don’t Have to Guess)
Scams today are layered.
A fake email leads to stolen credentials. A breach leads to targeted phishing. And those follow-ups are getting harder to spot.
McAfee+ Advanced gives you multiple layers working together so you are not left figuring it out after the damage is done:
- Identity Monitoring alerts you if your personal info shows up where it should not, so you can act fast
- Personal Data Cleanup helps remove your information from data broker sites, making you harder to target in the first place
- Scam Detector flags suspicious texts, emails, links, and even deepfake videos before you engage
- Safe Browsing helps block risky sites if you do click
- Device Security helps detect malicious apps or downloads
- Secure VPN keeps your data private, especially on public Wi-Fi
Safety Tips To Carry Into Next Week
- Be cautious of emails that look official but create urgency
- Never trust unsolicited messages asking for personal or financial information
- Go directly to official websites instead of clicking links
- Stay alert after any breach or security incident makes headlines
- Use tools like McAfee that help you verify what’s real before you act
Because the reality is, scams are designed to look legitimate. You shouldn’t have to figure it out on your own. We’re safer together.
We’ll be back next week with more scams making headlines.
Stay Updated
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.
