Be warned that "phishing" E-mails encouraging you to create a my Social Security account are circulating. If you receive such an E-mail, DO NOT click on the links. This E-mail is NOT from Social Security. my Social Security is indeed a recently released new service for the public, but the agency is NOT sending E-mails to generate enrollment. You should come directly to our my Social Security page.

How to detect a fraudulent E-mail message:

  • Any E-mail coming from Social Security will come from an E-mail address ending in “.gov”, although you should not trust the “From” address, since attackers can spoof this address.
  • Any E-mail coming from Social Security will not have E-mail addresses associated with private companies such as Yahoo, Hotmail, Gmail, etc.
  • Look for poor word choice, phrasing, spelling, or extra words that are not needed in the text.
  • Links to Social Security websites will always begin with or (the slash after ".gov" is important). For example, you should not trust a link that looks like this: If you are suspicious of a link in an E-mail, use your mouse to “hover over” the link to see the web address.

Members of the public who receive phishing E-mails should forward them to the U.S. Computer Emergency Readiness Team at (

In general, you should follow these rules when you are working online:

  • Do not open or respond to E-mails from people you do not know, as they may contain viruses or spyware. Additionally, never respond to E-mails requesting personal information. No reputable business or public agency will ever ask you for personal information in an E-mail address.
  • Only go to websites you trust and never click on links that appear suspicious. Criminals use phony websites and links to trick you into giving them personal information or downloading viruses or spyware.

For more information about “phishing,” go to Onguard Online.