Your Social Security number is an important key for an identity thief. Scammers want it, and they think of all sorts of ways to trick you into giving it away.
Here at the Federal Trade Commission, we’re getting reports about calls from scammers claiming to be from the Social Security Administration. They say there’s been a computer problem, and they need to confirm your Social Security number.
Other people have told us that they have come across spoof websites that look like the place where you would apply for a new Social Security card – but these websites are actually a setup to steal your personal information.
If you get a phone call or are directed to a website other than ssa.gov that is claiming to be associated with the Social Security Administration, don’t respond. It’s most likely a scam.
Here’s some tips to deal with these government imposters:
- Don’t give the caller your information. Never give out or confirm sensitive information – like your bank account, credit card, or Social Security number – unless you know who you’re dealing with. If someone has contacted you, you can’t be sure who they are.
- Don’t trust a name or number. Con artists use official-sounding names to make you trust them. To make their call seem legitimate, scammers use internet technology to spoof their area code – so although it may seem they are calling from Washington, DC, they could be calling from anywhere in the world.
- Check with the Social Security Administration. The SSA has a warning about these scams and suggests you contact them directly at 1-800-772-1213 to verify the reason for the contact and the person’s identity prior to providing any information to the caller.
- If you come across one of these scams, please report it to the Social Security Administration’s Fraud Hotline at 1-800-269-0271 and then tell the FTC about it. https://www.ftccomplaintassistant.gov/
The Social Security number has become a national identification number in the United States, and as a result of this it has also become the key to identity theft. Many people assume that they are required to give their SSN whenever and by whoever asked. That is simply not true. Federal law does not prohibit a merchant or other business from requesting your SSN. However, there is no state or federal law that requires you to provide your SSN to any entity not authorized by law to require it.
Agencies that may require your SSN:
- Government tax and welfare agencies, including the IRS, other federal agencies (for health benefits and other entitlements), state/local tax or revenue agencies.
- State professional/occupational/recreational licensing agencies.
- Other governmental agencies -- under federal law, they must tell you why your SSN is needed, whether giving your SSN is mandatory or voluntary, and how your SSN is to be used.
- Employer – You employer can require it for wage/tax purposes, but NOT from a job applicant.
- Banks and securities brokerages -- under the USA Patriot Act, 31 U.S.C. § 5318, financial institutions are required to establish minimum standards for properly identifying their customers opening new accounts (include checking, savings, loans, safe deposit boxes, and/or investments). Under federal regulations adopted in May 2003, banks, savings associations, credit unions, securities broker-dealers, futures commissions merchants, and mutual funds were required to have Customer Identification Programs (“CIPs”) in place by October 1, 2003. Information required to identify customers under a CIP includes name, date of birth, address, and a social security or federal tax identification number.
- State motor vehicle departments – the may collect your SSN but some state laws prohibit the recording of your SSN on your driver’s license or state identification card.
According to the Social Security Administration: Organizations should avoid using Social Security numbers (SSNs) as identifiers for any type of transaction.
In an effort to curtail identity theft, the Social Security Administration (SSA) is initiating a public information program to encourage the use of alternate identifiers in place of the Social Security Number (SSN.) Many organizations including businesses, government agencies, medical facilities and educational institutions continue to use the SSN as the primary identifier for their record keeping systems. [The Social Security Administration is] seeking your support, as well as the support of the general public, in helping to ensure the integrity of individual SSNs.
Identity theft is one of the fastest growing crimes in American society. The routine and often indiscriminate use of SSNs as identifiers creates opportunities for individuals to inappropriately obtain personal information. Repetitive use and disclosure of SSNs in organizational record keeping systems, multiplies the susceptibility of persons to potential identity theft. Through misuse of SSNs, individuals are subject to the danger of identity theft and its repercussions. Access to an individual’s SSN can enable an identity thief to obtain information that can result in significant financial difficulties for the victim. While this can be disruptive for the individual, it can also lead to civil liability for the organization and its individual employees if someone is harmed by information that has been made available to others.
An organization’s collection and use of SSNs can increase the risk of identity theft and fraud. Each time an individual divulges his or her SSN, the potential for a thief to illegitimately gain access to bank accounts, credit cards, driving records, tax and employment histories and other private information increases. Because many organizations still use SSNs as the primary identifier, exposure to identity theft and fraud remains.
- Never list an SSN when posting a paper record on a public bulletin board
- Never send SSNs via an electronic format
- Never have a computer log-in system where a person has to use their SSN
- Never use SSNs on ID cards
- Never send SSNs on postcards
- Never store SSNs on unprotected computer systems
- Never carry a Social Security Number card on your person
Guard Your Last Four. Although most widely used and shared, the last four digits of your SSN are in fact the most important to protect. These are truly random and unique; the first five numbers represent when and where your Social Security card was issued (prior to 2011). So don’t use the last four of your SSN as a PIN, or as a way to confirm your identity over the telephone. Ask companies to use an alternative identifier.
The ACLU recommends that you "Use caution when giving out your SSN to a government agency. They are required by the Privacy Act of 1974 to tell you why your SSN is necessary, whether giving your SSN is mandatory or voluntary, and how your SSN will be used. [Always get a written copy of the Privacy Act requirements when a government agency asks for your personal information.] And stop giving your SSN to private organizations. Suggest they use an alternative identifying number. If they refuse, think about taking your business elsewhere."
The Electronic Privacy Information Center (EPIC) has stated "The widespread use of the SSN as an identifier and authenticator has lead to an increase in identity theft. According to the Privacy Rights Clearinghouse, identity theft now affects between 500,000 and 700,000 people annually... Identity theft litigation also shows that the SSN is central to committing fraud. In fact, the SSN plays such a central role in identification that there are numerous cases where impostors were able to obtain credit with their own name but a victim's SSN, and as a result, only the victim's credit was affected."
The bottom line is that use of your SSN to identify you across multiple records and systems of records puts you at risk. Whenever a business or government agency asks for your SSN that risk is increased. Always understand what use will be made of your SSN if you provide it. For government agencies, always obtain a written copy of the Privacy Act provisions related to their request for your SSN. For private businesses, always ask that they not include your SSN in their records and that they use an alternate identifier. For businesses that insist on having your SSN, consider filing complaints with the Better Business Bureau and your state consumer protection agency. As a general rule whenever you are asked to provide your SSN (or even your last 4) - Just Say No!