Safe + Secure
PC Matic Complete Security
Products
Antivirus
PC Matic VPN
Identity Protection
PC Matic Privacy
Support Unlimited
Threat Awareness
How PC Matic Protects You
SuperShield Allowlist
Business Protection
PC Matic Pro
PC Matic for SMB
Solutions
Allowlisting
Script Enforcement
Device Control
Patch Management
Remote Tools
Integrations
Server Security
Learn More
Resellers
Affiliates
Resources
Case Studies
For Federal
Partner Programs
Managed Service Providers
Channel Partners
Affiliate Partners
Resource Center
All Resources
Case Studies
Data Sheets
User Guides
White Papers
Blog Resources
PC Matic Blog
Business Security
Home Security
Cyber News
Scam Alerts
Customer Service
Home Support
Business Support
Learn More
Getting Started
Knowledgebase
Tech Support Scams
Fake Virus Scams
The Cyber Scam Report
Town Hall Sessions
Tools & More
Password Generator
Internet Speed Test
What Is My IP?
PC Matic
About
Careers
Learn More
Industry Recognition
Leadership
Commercials
Stay Up-to-Date
Newsroom
Blog
Events
TechTalk Podcast
Home Customers
My Account
PC Matic App
Add a Device
Renew Subscription
Business Customers
Business Login
Business Support
Search

Beware of Social Security Fraud: New Phishing Scam Uses Fake SSA Emails and Remote Access Tools

In today’s digital age, fraudsters find increasingly sophisticated ways to deceive people and exploit their trust in government institutions. One of the most alarming trends is a growing wave of social security fraud. This scheme targets Americans by impersonating the Social Security Administration (SSA) to steal personal and financial information.

Recently, a particularly dangerous phishing campaign involving fake emails that appear to come from the SSA has been launched. These messages are not just your average scam—they aim to trick victims into installing ScreenConnect, a powerful remote access tool that, when abused, gives cybercriminals complete control over the victim’s device.

What’s Happening?

The scam begins with a phishing email disguised as an official message from the SSA. These emails are well-crafted, mimicking the tone and formatting of legitimate federal government communications. They might claim to contain information about your social security benefits or request urgent action related to your social security number.

However, clicking the link in the email downloads a file with misleading names like SSAstatment11April.exe or ReceiptApril2025Pdfc.exe. These files are ScreenConnect clients, which allow remote users to connect to and control the infected device.

Once installed, the cybercriminals, identified by security researchers as a phishing group called Molatori, gain full access to the victim’s computer. From there, they steal sensitive data such as:

  • Bank account login information
  • Direct deposit details
  • Personally identifiable information
  • Files containing financial or legal records

This can quickly escalate into identity theft, financial fraud, or unauthorized changes to your direct deposit settings, redirecting social security benefits to the scammers’ accounts.

Why This Scam Is Hard to Detect

This campaign is especially tricky for several reasons:

  • Legitimate-looking domains: The phishing emails are sent from compromised WordPress sites, so the email addresses and links appear trustworthy.
  • Image-based content: The text of the email is often embedded as an image, making it harder for traditional email filters to recognize and block it.
  • Abuse of legitimate software: ScreenConnect (formerly ConnectWise Control) is a trusted tool used by many businesses for IT support. Because it’s not inherently malicious, its presence doesn’t always raise red flags with antivirus software.

What You Can Do

It’s essential to remain vigilant and take proactive steps to protect yourself and your family from SSA-related scams. Here’s how:

  1. Be skeptical of unsolicited emails
    If you receive an unexpected message claiming to be from the SSA, don’t click any links or download attachments. Instead, go directly to the official Social Security official website or call their verified phone number.
  2. Verify the sender
    Look for signs of impersonation. Government employees won’t email you asking for sensitive details or require you to install software to access information.
  3. Use search engines
    Copy suspicious phrases or file names from the message and search them online. Many phishing scams leave digital breadcrumbs that can confirm your suspicions.
  4. Report the fraud
    Report fraud immediately if you believe you’ve received or fallen victim to a scam. You can contact the Social Security Fraud Hotline, the Federal Trade Commission (FTC), or local law enforcement. Taking quick action can help stop the spread and protect others.
  5. Protect your devices with PC Matic
    One of the best ways to defend against scams like this is with a comprehensive cybersecurity solution like PC Matic.

How PC Matic Protects You

PC Matic is uniquely positioned to help users combat threats like social security fraud and phishing emails. Here’s how it makes a difference:

  • Application Allowlisting
    PC Matic uses a proactive security model called Application Allowlisting, which only allows trusted programs to run. If a scam email tries to download and install ScreenConnect or any other unauthorized software, PC Matic blocks it automatically.
  • Real-Time Malware Detection
    Even if a scammer tries to sneak malware onto your device using misleading file names, PC Matic scans and stops these threats before they can do damage.
  • RDP and Remote Access Protection
    PC Matic also protects against Remote Desktop Protocol (RDP) attacks, making it harder for cybercriminals to remotely control your device, even if you accidentally install something dangerous.
  • Web Filtering and Email Security
    By identifying risky websites and malicious links, PC Matic helps prevent users from accidentally clicking into danger.

With these layers of protection, PC Matic empowers users to stop cyber threats before they start.

Don’t Fall for Caller ID or Text Message Tricks

In addition to phishing emails, scammers often try to reach targets through phone calls or text messages. They may spoof a legitimate caller ID to make it look like the call is coming from the Social Security office, or send links via SMS pretending to confirm social security benefits or verify your bank account.

No matter the method, remember: the federal government will never ask you to verify your social security number or bank information over the phone, via email, or through social media. If someone contacts you claiming to be from the SSA and pressures you to act quickly, hang up and call the SSA directly using their official contact information.

Final Thoughts

Social security fraud is not just a technical issue—it’s a personal one. It involves criminals exploiting trust, targeting your identity, and putting your financial well-being at risk. These attacks are growing more deceptive, blending impersonation, remote access tools, and legitimate-looking digital footprints.

You can stay one step ahead of scammers by staying informed, verifying sources, and using robust tools like PC Matic.

If you suspect a scam, don’t wait—report fraud. Alert the SSA, the FTC, and your local law enforcement. Share your experience with others, so they don’t fall victim to the same tricks.

Your digital security starts with awareness, and the right protection can make all the difference.

Resources:

Stop Responding to Threats.
Prevent Them.

Get Protected

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles