Threat Alert: Social Security Themed Lures Distribute Remote Management Software

• A series of phishing attacks are impersonating the U.S. Social Security Administration.
• While the lures list the sender as “SSA E- Notification,” the email’s actual sending domain is not an expected US government domain.
• The lures claim to offer a streamlined way of accessing the recipient’s Social Security statement through an attached PDF.
• The PDF contains an embedded Dropbox URL, which, if clicked, downloads and executes remote monitoring and management (RMM) software.
• RMM software could allow an attacker to take control of a recipient’s computer.

Key Action: Report Suspicious Emails 

• Remain alert to phishing indicators. Mismatches between sending addresses and an organization’s name are always warning signs
• Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well- known organizations.
• Report ANY suspicious emails using the Phish Alarm button.