Social Security accounts get hacked

Setting up an online account is a first step in preventing fraud, but it's not foolproof.

By Mary Beth Franklin

Feb 9, 2018 @ 5:46 pm EST

Photographer: Andrey Rudakov/Blo

A disturbing trend has come to my attention thanks to a loyal InvestmentNews reader: Americans who have dutifully set up personal online Social Security accounts are still vulnerable to having their benefits stolen out from under them.

Robert Wall, a financial adviser with Everence Financial Advisors in North Newton, Kan., contacted me last month about two of his retired clients who were not yet receiving Social Security benefits but discovered—inadvertently — that someone was claiming benefits on their earnings record.

"Calls to Social Security have apparently straightened out the problem, but the clients are frightened," Mr. Wall wrote to me via email. "They are wondering if they should file soon just to keep the fraudsters from preempting them again. Are there ways to guard against it, other than constantly logging on to your account or claiming early?"

Allan and Beth Tanner of Wichita, Kan., first noticed a problem last fall when Allan went to the doctor for a flu shot and the doctor's office had a problem processing his Medicare payment. Allan had not yet filed for Social Security benefits, but the letter code on his Medicare card suggested he had. That raised a red flag.

After contacting their local Social Security office, the Tanners discovered that someone began claiming benefits on Allan's earnings in January 2017, including a lump-sum payout of six months' worth of back benefits sent directly to the identify thief's bank account. The thief also changed the Tanners' mailing address, meaning they probably never would have received notification of the fraudulent application for benefits if it not been for the Medicare card coding glitch.

In January, Allan received a 1099 tax form from the Social Security Administration listing more than $19,000 in Social Security benefits — that he never received. SSA told the Tanners to ignore the erroneous tax form, but Beth Tanner, a retired accountant, said she wants a letter from SSA to prove, for tax purposes, that Allan never received any Social Security payments.

"It makes me wonder how widespread this problem is," Beth said during a joint telephone interview.

Another of Mr. Wall's clients, who asked to remain anonymous, said he had set up a personal Social Security account when they first became available in 2012, but hadn't checked it in a few years. In December, he logged on to get his latest benefit estimate only to discover a notice that this application for benefits was pending. But the man, who reached full retirement age in February 2017, had never applied for benefits.

He contacted his local Social Security office which launched an investigation and told him they would "zero out the claim." No fraudulent benefits were paid out in his case, but his online account shows that the application for benefits is still pending.

Asked if he had advice to others, he said he did: "If you have an online Social Security account, check it often."

(More: Someone tried to hack my Social Security account)

Acting Social Security press officer Mark Hinkle said the agency "employs a multifaceted approach toward information security and fraud prevention and regularly performs data analytics against online applications to identify anomalous activity and take action." But, Mr. Hinkle added, "Social Security does not keep data regarding the prevalence of identity theft."

But the agency's Office of the Inspector General, suspicious of fraudulent activity, conducted a review of unauthorized direct deposit changes in 2015. The OIG investigation concluded that about $20 million in benefits payments to approximately 12,200 beneficiaries were misdirected in 2013 — representing less than 2% of online transaction that year.

In addition, the OIG estimated that SSA prevented about $6 million in benefits from being misrouted for about 5,300 beneficiaries whose direct deposit bank account was changed without authorization. The agency replaced payments that went to the wrong bank account, but misdirected funds were not always recovered.

"SSA has taken steps to reduce fraud related to my Social Security and prevent additional fraud," the OIG report concluded. "However, although it represents a relatively small part of overall direct deposit changes, every missing payment represents a beneficiary who faced a delay in receiving his or her benefit."

The takeaway for financial advisers: Encourage your clients to set up online Social Security accounts and monitor them on a regular basis.

Pay particular attention to clients who have reached full retirement age but have not yet claimed benefits. They are the only ones eligible for a lump-sum payout of up to six months of retroactive benefits — apparently an irresistible temptation for identity thieves.

(More: New resolution: Create and review your Social Security statement online)

Join the Discussion

Most Popular

Affluence Influencers