As scammers get more aggressive, some types of Social Security fraud are growing exponentially. Here's what you can do to safeguard your personal data and keep fraudsters from stealing your Social Security benefits.

One Friday afternoon in February 2018, Ward Waltman came home to a voice mail that sounded suspicious. A woman claiming to be from the Social Security Administration left a message asking Waltman, a retired federal employee in Manakin Sabot, Va., to call her back. His first thought: "This sounds like a scam."

But over that weekend, Waltman started wondering if the call might be legitimate. He was then 68 years old and had not yet claimed his Social Security benefit. And he knew that his personal information had likely been stolen multiple times in recent data breaches involving insurance giant Anthem and credit bureau Equifax. What if a fraudster was using his personal details to claim his Social Security benefit?

It seemed like a stretch. After all, years earlier Waltman had followed the Social Security Administration's advice for sidestepping fraud. He set up his own "My Social Security" account, which allows users to estimate their retirement benefits and change their contact details, among other features.

So Waltman logged into his account, a process that requires not only a user name and password but also a security code sent to the user's mobile phone or email. What he saw confirmed his fears. His email address had been changed to an address he didn't recognize, and a claim had been filed for his retirement benefits.

Waltman called Social Security. The message was indeed legitimate, and the representative had called Waltman because she suspected the claim was fraudulent. Within 45 minutes, the matter was resolved and the bogus claim denied. But Waltman was left with an unsettling question: How had the hacker defeated Social Security's seemingly robust security systems? "I was stunned that it seems so easy for crooks to take advantage of the Social Security system," Waltman says. "But that's the online world we live in."

Online Weaknesses for Social Security

As the Social Security Administration strives to serve more customers online, the agency and current and future Social Security beneficiaries face the growing threat of cyber attacks. Social Security identified nearly 63,000 likely fraudulent online benefit applications in fiscal 2018, according to the agency's Office of the Inspector General, up from just 89 in fiscal 2015. From February 2013 to February 2016 (the most recent data available), the Inspector General received more than 58,000 fraud allegations related to My Social Security accounts--an issue that persists today, according to the OIG. Meanwhile, there has been exponential growth in Social Security imposter scams, in which fraudsters claiming to be Social Security staffers contact victims--often via robocalls--and try to extract money or personal details. More than 35,000 people reported such scams in 2018, according to the Federal Trade Commission, up from 3,200 a year earlier.

These days, it's tough to avoid dealing with Social Security online. But when you understand Social Security's cyber security strengths and weaknesses, there are steps you can take to safeguard your personal information, keep close tabs on your benefits, and with any luck, ward off the fraudsters.

The Social Security Administration is a treasure trove for hackers. The agency holds data on nearly every American, averages about 70 million monthly beneficiaries, and paid roughly $1 trillion in benefits in fiscal 2018, mostly through electronic transactions. And like many organizations across the public and private sector, the agency is pushing customers to use its online services even as it struggles to stay a step ahead of cyber crooks. In 2012, for example, the agency launched the My Social Security portal, and it encourages users to view benefit statements and manage their benefits online.

Today, the agency plans to further expand its online services "to reduce unnecessary field office visits by the public," according to the OIG. But since 2012, the OIG noted in a recent report, its auditors "have identified weaknesses that, when aggregated, resulted in a significant deficiency" in Social Security's information systems security.

The agency says it's working hard to keep pace with the fraudsters. "Social Security is committed to protecting and securing the information entrusted to us," agency spokesman Mark Hinkle said in an email. As fraud techniques evolve, he says, "we are continually reviewing our systems to ensure we identify potential fraud risks and determine if additional controls are necessary."