A new and particularly dangerous Social Security scam is making the rounds, and it’s more sophisticated than most. This one starts with an email that appears to come from the Social Security Administration, or SSA, telling you that your Social Security statement is ready for download. The message looks convincing, but it’s a trap.

What sets this scam apart is that the entire email is often just an image, not text. This makes it harder for email security filters to detect and block. The email includes a download link that, if clicked, will install a program called ScreenConnect on your computer. ScreenConnect is a legitimate remote support tool, but here it’s being used by a phishing group to take full control of your PC without your knowledge.

Once the scammers have remote access, they can search for and steal sensitive information, including your banking details, Social Security number and other personal data. Their main goal is financial fraud, but the stolen information can also be used for identity theft and other harmful activities.

Be cautious with any email claiming to be from the SSA. Official SSA emails will never ask you to click on links or download files to access your statement. Instead, the SSA recommends you always visit ssa.gov directly to access your information securely. Like with all suspicious emails, watch for red flags like odd grammar or word use, missing punctuation and strange color choices for links. Never click on links or attachments, and always visit the sender’s real website by going to it from your browser.

Phishing emails are getting more sophisticated, and a recent Gmail scam is a good example. Developer Nick Johnson first spotted this one, and it’s a variation on a well-known scam, using Google’s own services to look legitimate.

You might receive an email that appears to come from Google, sometimes from a no-reply@google.com address. The message claims to need account information from you about your Google account. It urges you to click a link to review documents. The link takes you to a page hosted on Google Sites that looks like a genuine Google support portal.

This scam is tricky because the email looks authentic and even passes some security checks. But in this case, you don’t need to do any sleuthing to determine whether or not the email is legitimate. Google says it will never “contact you to reset your password or troubleshoot account issues.” If you get an email like this, it is a scam. Report it to Google by marking it as phishing, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org, and report the phishing attempt to the Federal Trade Commission, or FTC, at ReportFraud.ftc.gov.

Mac users aren’t off the hook. A new scam targets Macs by pretending to offer a Realtek driver update. Realtek makes hardware components like audio and networking chips, so the request sounds plausible.

This scam starts with a prompt to update your Realtek driver. If you click the link, it downloads a malicious script that installs malware designed to steal your Mac login credentials, browser cookies and Apple Keychain data. The malware sets itself to run every time your Mac starts and quietly sends your private information to attackers.

Watch out for unexpected update prompts that don’t come through your Mac’s official software update tool. The fake update might ask for your system password through a suspicious app. If you didn’t seek out a Realtek update, don’t trust the request.

All three scams rely on tricking you into handing over sensitive information or credentials. Once a password is stolen, whether through a phone scam, phishing, or malware, the attacker can access your account. That’s why passwords alone don’t cut it anymore. Next week, I’ll explain why it’s time to move beyond passwords for good.

Leslie Meredith has been writing about technology for more than a decade. As a mom of four, value, usefulness and online safety take priority. Have a question? Email Leslie at asklesliemeredith@gmail.com.