The dangers presented by the Equifax data breach cannot be overestimated. One very real danger involves people receiving Social Security benefits. The Social Security Administration (SSA) has a helpful online service called My Social Security Account which allows you to set up a personal online account with the SSA that enables you to view your earnings history and estimates of benefits as well as manage your benefits online including changing your address or starting or changing direct electronic deposits of your check into a bank account you may designate.
This is a tremendously convenient service, but it also provides a great opportunity for scammers who have been setting up My Social Security Accounts on behalf of seniors who have not already set up such accounts for themselves. The scammers then make changes to the victim’s account by directing their benefits checks to be sent to bank accounts controlled by the scammers. Even though the Social Security Administration requires verification of personal information by asking questions that only the Social Security recipient should know as part of the process for opening a My Social Security Account, too often this information is available to a determined identity thief who is thereby able to fraudulently open an account in the name of their intended victim. The Equifax data breach provides much of the information needed for a scammer to set up such an account in your name.
In order to improve the security of the accounts, the SSA is now requiring people to use dual factor authentication to access their accounts once they have been set up. However, this does little to protect you from a scammer who initially sets up an account in the name of an identity theft victim.
The dual factor authentication is done at the option of the individual by the SSA sending a one time code either to the user’s email or cell phone. Using an email address for dual factor authentication may also prove to be problematic because it is not particularly difficult for a sophisticated hacker to gain access to someone’s email account.
Just as the best defense against income tax identity theft is to file your income tax return before an identity thief attempts does so in your name, so the best defense against the fraudulent setting up of a My Social Security Account in your name is for you to set one up first and protect its safety with a strong username and password. For information about signing up for a My Social Security Account go to https://ssa.gov/myaccount/
Most importantly, you can also require that any changes to the bank account into which your check is electronically deposited only be done at a Social Security branch office and not on your online account.