Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
CLOSE ×

Search

Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

How to Keep Your Social Security Number Secure, Especially Online

Things to consider beforehand and ways to safely send your number


spinner image a social security card with a lock on a computer to illustrate cyber crimes
fstop123/Getty Images

Scammers would love to get their paws on your Social Security number, which they can combine with other personal details they've obtained about you to open credit accounts, collect unemployment insurance, circumvent your benefits, commit crimes and unleash a whole lot of misery in your name.

That's why the Social Security Administration and privacy and security experts issue stern warnings about keeping not only Social Security numbers under wraps except when necessary, but also the W-2s, 1099s and other documents they may appear on. Similar precautions apply to your driver's license, insurance and medical IDs, and other information that in the wrong hands can bleed your finances and wreak havoc.

spinner image Image Alt Attribute

AARP Membership— $12 for your first year when you sign up for Automatic Renewal

Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine.

Join Now

Trust, verify the recipient

Some people and organizations have a valid reason to receive such documents, including a new employer, your accountant, a bank, a landlord or a school. Even then, though, proceed with caution. Resist surrendering the information to practically everyone else, no matter how innocent their request seems.

Be extremely wary of providing your Social Security number to someone who has called you. You should verify the identity of the person you are speaking with if you didn't reach out directly.

Just don't do so by calling back a provided phone number or clicking on a text link. Moreover, unless the answer is obvious — the accountant you've been using for years to prepare your tax returns — ask a would-be recipient why they want the information in the first place and how they intend to secure it. Also ask what will happen if you decline to give out the information.

"Some businesses continue to use Social Security numbers as a means of authenticating customers or simply as a practice they just never let go of,” says Kathy Stokes, AARP's director of fraud prevention programs who also is head of the AARP Fraud Watch Network. “Consider pushing back and asking if there's an alternative."

Email is a no-no

If you're satisfied the stranger you are dealing with is who they say they are and has a legitimate need for the information, the next step is to figure out how to safely provide it to them. It's often inconvenient to hand-deliver financial, tax or employment records, especially during a pandemic.

If documentation isn't required and you just need to share an ID number or some other details, you can provide the information over the phone. Again, do so only if you know the person is legitimate and trustworthy.

Short of relying on an overnight courier or the postal service, your alternatives involve technology. But absent proper safeguards, digital transmissions carry their own set of security risks.

See more Health & Wellness offers >

First, what not to do. It may seem like the fastest and simplest option, but don't ever include your Social Security number and other confidential information in the body of an email, an all-too-easy hack. For the same reason, avoid attaching scanned PDFs or other documents that include your Social Security number and other personally identifiable information. Don't text the information or spill the beans via instant messages either, which are equally vulnerable.

The most popular everyday communications mediums are far from bulletproof. A scammer can sometimes deceive unsuspecting users into voluntarily giving up data through clever phishing attack schemes in which they're masquerading as real financial entities or the IRS, using fake names and convincing corporate logos.

Even if your email or text is addressed to the correct recipient, it can be intercepted by the bad guys. Emails are sometimes compromised because people use the same easy-to-guess passwords across multiple accounts. Another security faux pas is to share private exchanges when you are connected to the internet over unsecured public Wi-Fi networks.

Encryption: Secure but not user-friendly

You can send encrypted email if the company you are working with offers that option. Encrypted messages are scrambled behind industry-standard cryptographic algorithms and other secure methods.

But while businesses may rely on encrypted email to keep snoops at bay, it isn't typically a user-friendly option. Not only must the sender have the wherewithal to encrypt a message, but the recipient also needs the right digital key to unscramble it.

"That's just not something most people are going to do,” says Eva Velasquez, president and CEO of the nonprofit Identity Theft Resource Center in San Diego, which educates consumers on the risks of identity theft and offers free services to help victims recover.

Fax carefully if you must

Faxing sensitive documents isn't much more secure than regular email unless you are 100 percent convinced that the only person who will pick up the document is the intended recipient, perhaps in a one- or two-person office.

"Otherwise, it's like dropping them off on a desk,” where anyone can grab them, Velasquez says. Meanwhile, it may seem like a no-brainer, but if you do fax, double-check that you are using the correct phone number.

Upload to a secure portal

In most instances, the safest way to share your financial and health documents is by uploading them to a password-protected secure “portal” or cloud platform, with credentials from your employer, bank or accountant. They, in turn, can download the docs and send them back to you for review or electronic signatures when required.

"All the reputable places have them,” Velasquez says, adding that it is reasonable to ask a company about the measures it takes to protect the information in the portal. If they don't have a such a portal, consider doing business elsewhere.

No data system is impenetrable, as the many breaches that have been made public in recent years have shown. But if you follow commonsense steps and take all the necessary precautions when sharing your Social Security number and other personal data, you'll reduce your risk.

Edward C. Baig is a contributing writer who covers technology and other consumer topics. He previously worked for
USA Today, BusinessWeek, U.S. News & World Report and Fortune and is author of Macs for Dummies and coauthor of iPhone for Dummies and iPad for Dummies.

 

3 Ways to Keep Your Social Security Information Safe

3 Ways to Keep Your Social Security Number Safe

Discover AARP Members Only Access

Join AARP to Continue

Already a Member?