The NJCCIC identified a phishing campaign impersonating the Social Security Administration. The email notifies the user that their “Social Security Statement” is available online and instructs them to click the included link to access the statement.

This link leads to a webpage, hxxp://getssafile[.]help/sxa/, that displays stolen Social Security Administration branding and instructs users to download an executable file to view instructions.

The executable attempts to download a remote monitoring and management tool, which cyber threat actors can use to gain unauthorized access and take control over systems to install additional malware, access sensitive information, deploy ransomware, and more. Known, trusted organizations are often impersonated by cyber threat actors in social engineering schemes to convince users to take actions that enable the threat actor’s ultimate goals.

Recommendations

• Verify communications before clicking links delivered in emails. Government communications will be sent from official email accounts, and the included links will direct users to government websites. 
• Log in to official account websites or apps to access documents or statements.
• Do not download files from unofficial or unverified sources.
• Run an updated, reputable anti-malware program on all devices.
• Report suspected phishing communications to the impersonated agency, the NJCCIC, and the FBI’s IC3.