How Do Hackers Get Your Social Security Number?

Is a Hacker Using Your SSN?

A stolen Social Security number (SSN) can be all it takes for scammers to access your bank account, steal your identity, or break into your online accounts. And despite how hard you try to protect your sensitive information, the unfortunate truth is that [*]:

Many cybersecurity experts believe that every SSN has been compromised at some point. 

Even Elon Musk’s SSN was allegedly leaked in a recent data breach at Tesla [*].

With cases of identity theft and cybercrime hitting all time highs in the past few years, protecting your SSN and other critical personal identifiers should be a priority. But how do hackers get your Social Security number in the first place? And how can you keep it safe? 

In this guide, we’ll cover how SSNs get stolen, what hackers can do with your SSN, and how you can protect yourself and your family against hackers and identity thieves.

{{show-toc}}

How Do Hackers Get Your Social Security Number?

Here are the most common ways that hackers can steal your SSN — and what you can do to protect it.

1. Data breaches at companies storing your SSN

Scammers rarely steal Social Security numbers by targeting individuals. It’s much more efficient for them to hack large corporations or government agencies that store hundreds, thousands, or even millions of SSNs in customer databases. 

If your SSN or other personal information is stolen in a data breach, it can end up for sale on the Dark Web for as little as $2 [*].

What you can do: Don’t share your SSN on any forms or applications unless it’s required.

You can’t control how companies store and protect your SSN and other information. For this reason, you should use a less valuable piece of ID, such as your driver’s license number. You can also ask companies to provide proof of their data protection policies before submitting your SSN. 

2. Phishing emails and text messages

A phishing attack occurs when a scammer poses as an employee from an organization and uses emails or texts to convince you to share your SSN. They may send you a link to a page that looks legitimate — like your financial institution’s website — but is really a spoofed website that allows the scammer to access your SSN and any other sensitive information that you submit.

What you can do: Educate yourself about the signs of a phishing scam. 

Phishing messages often contain grammatical errors, strange language, invoices you don’t recognize, or shortened links. Never click on a link that looks suspicious, and always visit a website directly to log in to your account. Using a spam filter on your phone and email can also prevent phishing messages from reaching your inbox.

3. Hacking your online accounts

If your sensitive information has been leaked to the Dark Web, hackers might be able to access your online accounts, where they can steal even more information.

For example, if your Medicare login credentials are for sale on the Dark Web, a cybercriminal could buy your login details, sign in to your account, and use your plan number to obtain medical services in your name.

What you can do: Use a strong, unique password for every new online account that you create.

It’s also a good idea to use a secure password manager to store your login information, and enable two-factor authentication (2FA) for extra protection. If you’re notified that your login information was leaked in a data breach, change all of your passwords immediately.

📚 Related: How To Check If Someone Is Using Your SSN →

4. Posting bogus job offers

Before you apply for a job online, make sure it’s a legitimate opportunity. Some scammers create job postings that require submitting your personal data, such as your SSN or bank account number, before you’re interviewed. 

These bogus job listings often seem too good to be true — typically offering high salaries for entry-level positions, or involving 100% commission-based pay.

What you can do: Never provide your SSN until you’ve spoken to a real person and can verify that the company is legitimate.

A legitimate employer will only ask for sensitive information later in the interview process, usually to run a background check. 

5. Infecting your devices with malware

When hackers infect your computer with malware, they’re able to spy on your activities and log your keystrokes which could expose your login credentials and personal information. There are a few ways that hackers can infect your computer with malware — such as via phishing emails, remote access scams, and prompting you to download files from fraudulent websites.

What you can do: Take the appropriate precautions to protect your devices against malware. 

Only visit secure websites that have an “HTTPS” encrypted URL (rather than “HTTP”), and don’t click on links or pop-ups that look suspicious. 

You can also use malware protection software that notifies you if harmful files are found on your computer. Every Aura plan includes powerful antivirus software and uses artificial intelligence (AI)-powered filtering to stop you from clicking on malware sites.

6. Stealing your wallet

One of the most common ways that scammers can gain access to your SSN isn’t through sophisticated technology — it’s through your wallet. 

Criminals might attempt to steal your wallet in hopes that it contains your Social Security card or other valuable items, like your health insurance card. With just a few cards in your wallet, it’s possible for scammers to open new lines of credit in your name, drain your bank accounts, or steal your identity. 

What you can do: Don’t keep your Social Security card in your wallet. 

Instead, it’s better to memorize your SSN and keep your physical card in a safe place at home, or in a safety deposit box. 

If your Social Security card gets stolen, you need to act quickly. Put a credit freeze on your credit report with the three major bureaus (Experian, TransUnion, and Equifax), report the stolen card, and file a police report. You can also get a new card by logging in to your “my Social Security” account [*].

📚 Related: What Do Hackers Do With Stolen Information? →

7. Dumpster diving for sensitive mail

Motivated scammers sometimes resort to dumpster diving or stealing your trash to hunt for mail that might contain valuable information — such as your SSN, health insurance plan number, or bank account numbers. 

If you throw these documents into the recycling bin without thinking about the potential consequences, you could become a victim of Social Security identity theft.

What you can do: Shred documents containing personal information before throwing them out. 

This also holds true for any bank statements, medical bills, old tax returns, and documents or cards that include potentially sensitive information. You should shred or destroy all old credit cards, health insurance cards, and anything else that scammers could use to steal your identity. 

What Can Hackers Do With Your SSN? 

If your SSN gets stolen or compromised, there are a number of risks that you might face — including identity theft. According to the Federal Trade Commission (FTC) [*]:

Last year alone, more than 1.1 million Americans reported having their identities stolen.

Here are some of the things scammers can do with a stolen SSN:

• Obtain more sensitive information about you in order to steal your identity. Your SSN is one of your most important pieces of personally identifying information (PII). Scammers can use your SSN to uncover more details about you, such as your address and employment information — which they can use to more easily steal your identity. 
• Take out credit cards in your name. When hackers get access to your SSN, they might attempt to open a credit card in your name. If this happens, the scammer could rack up a large amount of credit card debt that you’re ultimately responsible for paying off. 
• Open new bank, utility, or phone accounts. Fraudsters might try to open a new bank account, utility account, or phone account under your name by using your SSN. You probably won’t know that it happened until you start getting bills for strange accounts that you don’t recognize. 
• Commit tax fraud and claim your tax refund. If you unknowingly give your SSN to scammers, they might try to file a fake tax return and claim a fraudulent tax refund in your name. If this happens, you won’t be able to file your real tax return until you resolve your situation with the Internal Revenue Service (IRS).
• Access your existing bank accounts and drain your savings. If your SSN is stolen, the scammer could get access to your bank login and spend all the money in your savings account. Reviewing your bank statements consistently can help you spot fraudulent transactions.
• Get a personal loan or mortgage in your name. If you receive a statement for a personal loan or mortgage that you didn’t take out, a scammer could have used your SSN and other PII to obtain a loan under your name. Lenders and mortgage providers won’t know the loan is fraudulent, so they assume you’re responsible for the payments. 
• Frame you for crimes that they commit. One of the scariest ways that hackers can exploit you when using your SSN is to frame you for crimes that they committed. For instance, fraudsters could use your SSN and name to identify themselves if they get arrested by law enforcement.
• Receive medical care covered by your health insurance. If hackers get your SSN, they might be able to access your health insurance plan and use it to submit fake insurance claims or obtain prescriptions illegally. 
• Claim unemployment, Social Security, or other government benefits. Your SSN is linked to the government benefits you receive, including Medicaid, Social Security, and unemployment. But if you’re not using these services, criminals can use your name and SSN to get the benefits for themselves. 

How To Check If Someone Is Using Your SSN

It can be hard to know if your SSN has been stolen until after a scammer has used it for malicious purposes. At that point, the hacker might also have access to other PII — like your phone number, home address, or health insurance information. 

Here are a few warning signs that your SSN has been compromised:

• Your credit score suddenly drops or you’re turned down for credit. Request a free credit report through AnnualCreditReport.com and check your credit history. If scammers have used your SSN to take out loans or open new accounts, you might notice that your credit score has dropped when reviewing your credit report.
• You get an alert from your SSN monitoring or identity theft protection provider. If you use identity theft protection software that monitors your SSN, you’ll get a notification that your SSN has been leaked.
• You get a medical bill for services that you didn’t receive. If a hacker uses your SSN and health plan information to get medical care or file fake claims, you’ll probably receive a letter in the mail from your doctor or your insurance company. 
• You receive notices from the IRS that you didn’t request. If a scammer uses your SSN to file a tax return illegally or claims a fraudulent return, you’ll likely receive correspondence from the IRS that you’re not expecting.  
• You start to receive mail in someone else’s name. If a scammer has used your address and SSN to open new accounts that you didn’t authorize, you might start getting mail in someone else’s name. 
• You receive a notification that your SSN was leaked in a data breach. If companies store your PII and are targeted in a data breach, they’re required to notify you if your SSN or other sensitive information could have been leaked.
• You get a new credit card in the mail. If you receive a new credit card in the mail that you don’t recognize, a scammer might have opened the account by using your information. 
• You receive proof of employment for a job that’s not yours. If hackers have used your information to get a job, you might receive their W-2s or other employment information, like 401k statements. 
• You get a traffic ticket in the mail. If you get a traffic ticket in the mail that you didn’t receive, or you get a notification about a court hearing you’re required to attend, a hacker might have used your SSN and driver’s license number for malicious purposes.  

Do Hackers or Scammers Have Your SSN? Do This!

Your SSN is one of your most valuable pieces of sensitive information; but unfortunately, you don’t always have control over how it’s protected. If you think someone has access to your SSN who shouldn’t, here are some steps you can take:

• Report the fraud to the Social Security Administration (SSA).
• File an identity theft report with the Federal Trade Commission (FTC) at IdentityTheft.gov and receive a recovery plan.
• Sign up for myE-verify and use the SSA’s “self-lock” feature to protect your SSN.
• Freeze your credit by contacting each of the three credit bureaus so scammers can’t open new accounts in your name.
• Notify any companies at which your SSN was used fraudulently, and send them your FTC report.
• If you’re unable to stop scammers from continuing to use your SSN, you can request to change your SSN.

Protecting your SSN and identity can feel like a full-time job. And that’s because it is. 

For 24/7 SSN monitoring, consider signing up for Aura’s all-in-one identity theft solution. 

Aura provides award-winning SSN and identity monitoring that alerts you if scammers are using your SSN or other PII. You’ll get peace of mind knowing that you have continuous three-bureau credit monitoring — along with the fastest and most reliable fraud alerts in the industry³.

If your SSN is compromised, Aura’s U.S.-based White Glove Fraud Resolution Specialists are available 24/7 to help you contact credit bureaus, the IRS, and other government agencies to resolve the incident quickly. Plus, every Aura plan comes with a $1 million insurance policy that covers eligible losses such as legal fees, lost wages, and other expenses related to identity theft recovery.

Keep your SSN safe from identity thieves. Try Aura free for 14 days.