“Activate Your COLA” Social Security Scam Messages Are Back | Here’s How to Avoid Them

A fresh wave of Social Security scams is targeting anyone who gets retirement, SSDI, or SSI benefits. Texts, emails, calls, and even letters, that say you must “apply for” or “activate” your cost-of-living adjustment (COLA). The goal is to push you to click a link, call a number, or share bank/Social Security details. Below is what’s real, what’s fake, and the exact steps to protect your money.

How the scam works right now

• “Activate your COLA” messages. Criminals impersonate SSA in texts, emails, and calls, claiming you’ll miss an increase unless you act today. Some messages send you to a fake “My Social Security” page; others tell you to call a toll-free number. The SSA Office of Inspector General (OIG) says these are classic lures to steal personal and banking data.
• Letters in the mail. Scammers have stepped up by sending official-looking letters that say you must call to “activate” an increase. OIG warns that this mail-based twist is rising alongside text and email phishing.
• Fear + urgency. Common threats: your benefits will stop, your number is “suspended,” or your account will be frozen. Real SSA won’t threaten arrest, demand immediate payment, or ask you to move money “for safekeeping.” See SSA’s official scam guidance for the red flags.

What SSA actually does (so you can spot fakes fast)

• COLA is automatic. You do not apply, pay, or “activate” COLA. SSA announces the rate in October; increases post automatically in January (SSI reflects late December). SSA and OIG both spell this out and warn against “apply to get your COLA” messages. Check SSA’s COLA page or the OIG’s COLA scam alert for details. 
• How SSA contacts you. Official notices come by mail or inside your secure my Social Security account. SSA won’t ask for gift cards, cryptocurrency, wire transfers, or gold, and won’t threaten to seize your bank account. See SSA’s scam page for the “never ask” list. 
• Legit email addresses. When SSA emails, it uses “.gov” addresses (for example, no-reply@ssa.gov). If it’s not “.gov,” be skeptical and log in directly at ssa.gov (don’t click links). See my Social Security security for how SSA handles email and two-step verification. 

If you got one of these messages, do this now

1. Don’t click, don’t call back. Ignore links and phone numbers in the message. Instead, go straight to ssa.gov/myaccount and sign in to check for real notices. If you need to speak to SSA, use the number on ssa.gov, not in the message.
2. Secure your SSA account. Change your password, confirm your contact details, and ensure two-step verification is on. SSA explains account security and MFA here: my Social Security security & protection. Creating an account prevents someone else from opening one in your name. See SSA’s brochure: How You Can Help Us Protect Your SSN. 
3. Call your bank or card issuer. If you shared card or account info, alert your financial institution to block transfers and watch for fraud.
4. Freeze your credit (free) or place a fraud alert. A freeze stops new accounts; an alert tells lenders to verify identity before opening credit. The FTC explains fraud alerts and confirms freezes are free; you can also see their step-by-step on freezes here. 
5. Report it. Forward the details to the SSA OIG fraud portal (or use their mail/phone options), file with the FTC, and if you lost money online, submit a complaint to the FBI’s IC3 immediately. Fast reporting improves recovery odds. 

Red flags that mean “hang up, delete, or shred”

• “Apply” or “activate” your COLA. COLA happens automatically; there is no application and no fee. OIG’s COLA alert and SSA’s COLA info spell this out clearly. 
• Pressure + threats. “Act now or lose benefits,” “your SSN is suspended,” “we’ll seize your money.” These are scam tells. See SSA’s scam checklist. 
• Weird payments. Requests for gift cards, crypto, wire transfers, or even gold bars are pure fraud. OIG has multiple alerts on these tactics, including “safe-keeping” demands. Here’s one. 
• Look-alike websites and email domains. If it isn’t “.gov,” don’t trust it. Go directly to ssa.gov or your my Social Security account by typing the address yourself.

Why this scam is spiking now

Scammers piggyback on real news and seasonal patterns. Each autumn, COLA anticipation makes it easier to fool people with “activation” messages. This year, OIG issued fresh scam alerts in mid- and late-July about fake benefit boosts and unexpected contacts, including letters . This is a sign that criminals are diversifying beyond texts and emails. The BBB is tracking the same trend.

Extra protection moves that actually help

• Create and lock down your my Social Security account now. If you don’t have one, create it before someone else tries to. Use strong, unique passwords and two-step verification. SSA’s setup and security pages are here: my Social Security and security & protection. 
• Know the October rhythm. SSA announces COLA in October and applies it automatically in January. If a message pushes you to “activate” anything, it’s a scam. Check SSA’s COLA page when you see rumors.
• Keep your credit on a short leash. If you don’t need new credit soon, a fraud alert or credit freeze makes it harder for thieves to open accounts in your name. 
• Talk with family. Many losses happen because a relative clicks a link or calls back in a panic. Share SSA’s one-page scam guide: ssa.gov/scam. 

Bottom line

COLA adjustments are automatic and free. You will never need to “activate” them, pay a fee, share your bank info, or click a special link. When in doubt, ignore the message, sign in directly at ssa.gov/myaccount, and verify there. If you slipped up, move fast: lock down your SSA account, call your bank, freeze your credit, and report to the SSA OIG, the FTC, and the FBI’s IC3. That combination helps stop further damage and gives investigators what they need to go after the criminals.