"Vishing Campaign Targets Social Security Administration"
Security experts at Armorblox have warned of a new hybrid phishing campaign impersonating the Social Security Administration (SSA), which tries to trick recipients into calling a criminal call center. Armorblox claimed that it blocked the scam emails for at least 160,000 customers. The researchers noted that the malicious messages are timed to coincide with tax season. The email subject line, "Due to erroneous and suspicious activities," is designed to create enough anxiety and urgency for the recipient to open the message. The researchers stated that other social engineering techniques include using the recipient's legitimate email address at the start of the message in order to personalize it and adding a customized sender name: "Social Security Administration-2521." The researchers noted that the email itself informs the user their Social Security Number account has been suspended due to suspicious activity. Those who open the attached PDF are presented with a letter confirming the same information, spoofed to appear as if written on SSA letterhead. The researchers explained that with a Social Security Administration logo within the upper-left corner as well as used at the watermark, the letter of suspension provides little to no explanation of the reason behind the decision to terminate the SSN account. The bluntness of the letter includes a "wish you the best in your future endeavors" sign-off and a telephone number for any questions recipients wished to be addressed. The letter includes a case number, signature of the acting commissioner, email reference ID, customer service contact number, and the physical address of the SSA to add further legitimacy to the scam. The researchers stated that the main action the bad actor aimed to facilitate through this email attack was for recipients to call the customer service number included. Although Armorblox didn't call the number in question, it's likely that malicious call center operatives would be waiting to harvest more personal and financial information from victims to use in identity fraud and other scams.
Infosecurity report: "Vishing Campaign Targets Social Security Administration"