David received an email purporting to be "a special message from Social Security" about new online benefits. It included a link to sign in.
"Is this spam?" David wants to know. "I did not click through but it looks really good."
It does. The email seems legitimate at first glance.
It tells recipients that "you may be able to use a new online service that helps people who receive Social Security benefits and Medicare have the information they need to file their tax returns."
But if you hold your cursor over the link to sign in to the website, you see a really long URL that begins with "links.govdelivery.com."
This is a big red flag. A government website should have a "dot-gov" domain, not "dot-com." And any URL with dozens of characters suggests things aren't on the up and up.
I contacted Social Security and asked about the email. Is it spam? Is it a phishing scam?
"This is a legitimate email," said Patricia Raymond, an agency spokeswoman. "Individuals who established a My Social Security account may see an electronic note ... sent to their personal email account."
Well, that's reassuring. But what's with that epic URL? Won't that deter many people from clicking the link?
Raymond never replied.
So if you got one of these emails, you weren't spammed. It's Uncle Sam calling.
But government officials should know better. In this age of cyber-scams, they have no business sending an email that doesn't pass the most basic smell tests.
Consumers are trying hard to avoid online fraud. The least the good guys can do is make our job a little easier.