Every year, the Social Security Administration (SSA) pays out almost $1 trillion in benefits to American citizens. Let the sheer size of that number sink in for a second.

Specific details are impossible to pin down, but no matter how well guarded, any program that gets that big will attract scammers looking to make a quick -- and easy -- profit. And because Social Security also offers up identification -- your Social Security number -- that can be used to get money out of accounts that have nothing to do with the program, the incentive for scammers is through the roof.

Let's examine five of the most dangerous scams dealing with Social Security and its companion program, Medicare. We'll cover how to identify them, where to report them, and what to do if you fall victim. These scams include:

  1. "Phishing" emails warning you about issues with your Social Security account.
  2. Human or "robo" callers saying they work for the SSA.
  3. Any phone call looking for you to simply say the word "yes," to use at a later date.
  4. Sites asking you to input sensitive information.
  5. Communications looking to exploit the new Medicare identification numbers being used.
A cartoon depicts a scammer talking on a phone with a senior woman and trying to steal money out of her purse.

Image source: Getty Images.

A few key details to know

Before diving into the specific scams, however, there are some over-arching pieces of information that, once understood, can greatly reduce the chances that you or a loved one will fall victim to such a scam.

First and foremost, Social Security scammers are after a few pieces of highly important information, including:

  • Your birth date.
  • Your birthplace.
  • Your Social Security number.
  • Your mother's maiden name.
  • Either your entire credit card number, or the last eight digits of the number.
  • Your bank account numbers.

These are the standard pieces of information that the SSA and any other financial institution use to verify that you are who you say you are. 

Under no circumstances should you give any of this information out -- over the phone, via email, or on a website -- before first validating that the person you're speaking with is legitimate. This point is doubly true if those asking for this information contacted you first.

In any case regarding Social Security or Medicare, there's absolutely no penalty for refusing to give this information before first verifying that the people you're talking to are who they say they are. By far, the easiest way to check and see is to call the SSA's nationwide office at (800) 772-1213, or, better yet, visiting this website to get the location the nearest SSA office in your region and visiting it in person. 

And when it comes to Medicare, the same rules apply. If you have any doubt about someone who calls on behalf of Medicare, hang up and dial (800) MEDICARE (633-4227). 

If you don't, you could end up like this woman in Virginia -- who gave her Social Security number away and ended up having thousands of dollars of unnecessary medical equipment while her insurance and Medicare were charged for it on her behalf.

With that as a backdrop, here are the five most dangerous scams to look out for:

1. A phishing email to get your information 

One of the key tools the SSA has set up to manage your benefits is the mySocialSecurity portal. You can keep your information, manage your benefits, and contact officials using this single site. It's incredibly convenient.

But it's also easy to exploit -- if scammers have the right details. If you haven't set up such an account, an identity thief can use your information to set one up for you, make it impossible for you to sign in yourself, and start receiving benefits you're entitled to -- all without your knowledge.

Such scammers often using a technique called "phishing." As the SSA says in its warning, phishing is "the practice of using social engineering techniques over email to trick a recipient into revealing personal information, clicking on a malicious link, or opening a malicious attachment." 

The phishers will send out an email telling you that there's something wrong with your account. Perhaps they'll say you're entitled to extra benefits, or that your account will be frozen if you don't respond immediately, or that you can only get your COLA-based increase in benefits (that's your cost-of-living adjustment) by visiting a particular site. The bottom line is that they want to get your adrenaline flowing to induce you to act before thinking.

Often, such emails will ask you to send back one of the key pieces of information mentioned, or they'll ask you to click on a link where you can input such information. 

Because these scammers can copy logos to make Internet sites look more official than they really are, checking the actual email address of the sender can help. 

If the website asks you to click on a link, hover over the link so that the URL is revealed. An actual SSA or government website will always end in either ".gov" or ".gov/." That backslash is important -- the SSA has posted examples of URLs that look like this, but are links to sites attempting to scam you. For example:

  • https://www.socialsecurity.gov.gmx.de/

Because the ".gov" is followed by another period and then additional letters, you can't be certain that it leads to a legitimate website. 

Using the toll-free number listed at the beginning is the best way to check the validity of such emails. If you wish to report such attempts at identity theft to the authorities, send an email to phising-report@us-cert.gov. If you believe you may have given away such information, the best thing to do is visit IdentityTheft.gov or call the toll-free line at (877) IDTHEFT (438-4338). You can also call the SSA's fraud hotline at (800) 269-0271. 

2. An "SSA employee" or robo-caller calling to verify your information 

Email isn't the only way scammers will try to gain access to your Social Security information. Because the elderly are the primary users of the program, and because the elderly are less likely to be tech-savvy and using email on a regular basis, phone calls are another scamming medium.

Many times, the content of such phone calls is similar. You're supposed to get additional funds, or you need to verify that you want to receive your COLA increases, or your assets are being frozen for "suspicious activity." The person making the call will often refer to him- or herself as an "SSA employee" or someone calling from "SSA headquarters."

Sometimes, these calls are made by actual human beings looking to gather information. But often, they come in the form of a robocall, a recording made by the perpetrators to get you to reveal sensitive information. 

Whenever you or someone you love receives a phone call that meets any of these descriptions, the best thing to do is simple:

  • Immediately hang up: There's little downside to doing this. The real SSA will never ask for permission to increase your COLA amounts, or penalize you for hanging up.
  • Dial the SSA's confirmed phone number. As a reminder, that's (800) 772-1213.

Once you call the number, you can ask the employee if the call you received was legitimate. If you gave away any sensitive information, you should also call the same SSA number; call the SSA's fraud hotline at (800) 269-0271; visit the aforementioned website, IdentityTheft.gov; or call the toll-free identity-theft number at (877) 438-4338. 

3. Attempts to get you to say "yes" to just about anything 

As if the robocalls weren't enough, there's an even more devious strategy would-be scammers have adopted. When you call, you will be asked an innocuous question such as, "Can you hear me?" or "Are you the head of the household?"

The real aim of such robocalls is to simply record you saying the word "yes." Credit rating agency Experian had this to say about the tactic: "Your voice is being recorded to obtain a voice signature for scammers [to] authorize fraudulent charges over the phone."

Sometimes, when your data is stolen -- whether that data be your Social Security number, your banking account numbers, or your credit card details -- it can be bought and sold on the black market. When that information can be combined with an audio recording of you saying "yes," that can be enough to persuade a financial institution to allow fraudulent transactions to go through.

As I mentioned, the best thing to do if you receive a suspicious call is to hang up. It's understandable, however, that if someone immediately asks if you can hear them, you might automatically answer "yes." For that reason, it's doubly important to check your caller ID before picking up a call. If it's not a number you recognize, steel yourself for the unexpected. And if you must say something, simply ask: "Who is this?" in response, and you should be safe.

If you want to stop receiving such robocalls, your best bet is to visit the FCC's website on the topic. While it would be nice to have a single spot where you could opt out of such calls, it will require legwork on your part. The site has links to individual mobile or landline providers that need to be contacted to stop unwanted calls from reaching you.

4. Attempts to get you to enter sensitive data through a website link

With a little bit of effort, it's very easy to make a fraudulent website appear legitimate. Sleek layouts, official logos, and well-written content are usually enough to convince the average person that a site is legitimate. 

Unfortunately, all of that is easy to fake.

As we discussed, you should never click on a link that you receive from a suspicious email address. Even if you do, checking to be sure that the URL ends in ".gov" or ".gov/" is critical. Only legitimate government organizations can end their Internet address in ".gov" or have ".gov/" at the end. But remember: if ".gov" is followed by anything but a backslash, it's likely to be a scam site. 

If you still aren't sure whether a website is legitimate, there's a third workaround to check the validity: Simply cut and paste the address into a Google search and see what pops up. Often, people will have already posted about questionable or fraudulent people trying to contact them. Reading through these posts should give you a better idea as to whether you're dealing with fraud.  

While this method can be an easy way to identify fraudulent websites, it is not a reliable way to guarantee the site is safe. In other words, if you paste the URL into a search and no suspicious evidence is found, that alone is not enough to guarantee that a site is safe.

If you want to truly check and see if a site is safe, it's best to either call the SSA at (800) 772-1213, or -- if you're dealing with non-Social Security-related information -- call the number for your banking or other financial institution.

If you'd like to report fraudulent websites, you can visit USA.gov's scam site here.

If you believe you've fallen victim to such a scam by inputting your information on questionable sites, it would be wise to contact the SSA directly at that number, or -- if non-Social Security related -- consider freezing your credit.

If you'd like more information on whether freezing your credit is a good idea, we've written about that. And if you'd like a step-by-step guide to doing that, we have more information.

5. Medicare scams 

Finally, while it's not technically related directly to Social Security, there's a scam making its rounds right now dealing with new Medicare identification numbers. Congress recently enacted a provision requiring all Social Security numbers to be removed from Medicare filings. In its place, retirees will be getting new 11-digit Medicare identification numbers.

Seizing on the change and the chance to exploit it, scammers have moved into action. Many times, these scammers will communicate with retirees by email or phone, asking for the aforementioned sensitive information to guarantee that they will receive these new cards. As you can imagine, when paying for one's healthcare is on the line, the incentive is high to cooperate.

Medicare officials want everyone to know that as long as your address on file with the SSA is correct, there's absolutely nothing you need to do to receive your card.  It will be taken care of automatically, and all cards should be received no later than April 2019.

If you're unsure that Medicare or Social Security has your correct address, you can update your information on your mySocialSecurity account or by calling (800) 772-1213. Even though these are technically SSA contacts, the same information is used for your Medicare profile.

This is why the scam is potentially harmful to your Social Security. While the information purports to be about Medicare, your Social Security number is often the real information thieves are after.

What to do if you've been scammed

If you believe you've received a fraudulent call regarding new Medicare cards, you should immediately call (800) MEDICARE (633-4227).

If you've given away this sensitive SSA information, follow these steps:

  1. Visit IdentityTheft.gov or call the toll-free line at (877) IDTHEFT (438-4338).
  2. Follow that up by calling the SSA's fraud hotline at (800) 269-0271.

It's also worth thinking about putting a freeze on your credit, as well as contacting your banks and credit card companies -- as these numbers (Social Security and Medicare) can also be used as identification to take money from your personal accounts.

The bottom line

For added layers of protection, you might also consider subscribing to additional services. These services usually involve a subscription fee of between $10 and $25 per month. It's not reasonable to expect these services to eliminate any potential of falling victim to a scam. They can, however, help lower the probabilities and -- depending on the service -- help you take the right steps to remedy the situation if it does happen.

Consumer Advocate has put out a list of the Top 10 Identity Theft Protection Services for 2018. The list includes, in order of ranking:

  1. Identity Guard, owned by Intersections.
  2. Identity Theft Protection by Experian.
  3. IDShield. 
  4. IdentityForce. 
  5. Reliashield.
  6. LifeLock, owned by Symantec.
  7. OnTrack by Lexington Law.
  8. Identity Protect.
  9. Credit Sesame.
  10. myFICO, owned by Fair Issac.

You can find links to each service by using the Top 10 link.

But with any luck, you can focus on where the difference is really made: your own response to attempts at identity thefts. A few simple steps will help you or a loved one from falling victim to such Social Security scams. To summarize, the fool-proof steps to take are simple:

  • Never give sensitive information over the phone.
  • Always check to see emails or websites end in ".gov" or ".gov/."
  • If you're ever in doubt, call the SSA at (800) 772-1213.

Follow these steps, and you should be able to rest easy knowing that your Social Security benefits -- and all of your financial assets, for that matter -- are protected from identity thieves.

Brian Stoffel has no position in any of the stocks mentioned. The Motley Fool has no position in any of the stocks mentioned. The Motley Fool has a disclosure policy.