Fake SSA Emails Lure Victims Into ScreenConnect Trap

Cybercriminals are leveraging spoofed emails purportedly from the U.S. Social Security Administration (SSA) to trick recipients into installing the ScreenConnect remote access tool (RAT), according to cybersecurity researchers. The phishing campaign uses fake SSA warnings to create a sense of urgency and prompt users to download a malicious attachment or click on a link that installs the RAT. Once installed, ScreenConnect grants attackers remote control of the victim’s device, allowing them to steal sensitive data, monitor user activity, and deploy additional malware.

The emails are crafted to appear legitimate, mimicking official government communication styles and language. This social engineering tactic increases the likelihood of the recipient engaging with the message. The campaign highlights a growing trend in the use of legitimate software tools, like ScreenConnect, for malicious purposes. Users are advised to remain vigilant, verify the authenticity of government communications, and avoid downloading files or clicking links from unsolicited emails.