We are committed to protecting your information and benefits and take this responsibility seriously. That’s why we ask you to verify your identity to create a personal my Social Security account. We work with external partners to securely verify your identity. We do this to protect your data while making our online services easy for you to use.
Ready to sign up? You can now create your new my Social Security account through our credential service provider (CSP), Login.gov, or you can access your information using your ID.me account if you have one.
- Login.gov is your one government account for simple, secure, and private access to participating U.S. government agencies.
- ID.me is a single sign-on provider that meets the U.S. government’s online identity proofing and authentication requirements.
Protecting Your Account
Internet scam artists use clever “phishing” schemes to defraud millions of people each year. Phishing is the practice of using social engineering techniques over email to trick a recipient into revealing personal information, clicking on a malicious link, or opening a malicious attachment.
How can I detect a phishing email pretending to be Social Security?
- Most emails from Social Security will come from a “.gov" email address. If an email address does not end in “.gov”, use caution before opening attachments or clicking on pictures or links in the email. Currently, Social Security sends emails from email@example.com, firstname.lastname@example.org, ThankYou@ssa.gov, DoNotReply@ssa.gov, and echosign.com.
- In a few instances, we use marketing firms to raise awareness of Social Security’s online services, and this includes creating a my Social Security account. We allow these firms to send email directly to individuals. Any links you find within these emails should always point to a “.gov/” web address.
- Links, logos, or pictures in the body of an official Social Security email will always direct you to an official Social Security website. Rather than relying on the way a link looks, please follow these steps to confirm a link’s authenticity:
- To verify the web address of a link or picture, hover over it with your mouse until a text box appears with the web address. This is the actual address you will be directed to and it should always include “.gov/”. A forward slash should always follow the “.gov” domain.
- Example - https://www.ssa.gov/myaccount/
- Links to the official Social Security website will always begin with https://www.ssa.gov/ or https://secure.ssa.gov/.
- Below are examples of fraudulent websites pretending to direct you to Social Security. Notice the location of the forward slash.
What should I do if I’ve received a phishing email pretending to be from Social Security?
- If you are not certain that an e-mail you received came from Social Security or one of our marketing firms, DO NOT respond to the email or click on any links contained in the email message.
- Report the incident by forwarding the suspicious email to the U.S. Computer Emergency Readiness Team (US-CERT) at email@example.com. (http://www.us-nocert.gov/nav/report_phishing.html).
What are other tips I can use for detecting phishing emails?
- Verify the sender. Exercise caution when receiving email from a sender you don’t know or haven’t heard from in a long time. Hover over the ‘From’ email address to ensure it matches the displayed email or name of the sender.
- Look for poor choices in wording, phrasing, or spelling.
- If an email includes a business name, telephone number, or website link, verify the legitimacy of these items by searching for the official number or website in a search engine.
- Do not respond to emails requesting personal information. Reputable businesses and public agencies will not ask you for personal information in an email.
Are there other resources I can use to learn more about phishing?
To avoid security problems, please keep your web browser up to date. For more information about "phishing," go to OnGuard Online.