Search This Blog

Cyber Thieves Target Retirement Accounts

Online thieves have recently been targeting employer retirement plans and the accounts in the plans.

Data security has become a priority for tax returns, credit cards, and other conventional targets of cyber criminals. Online thieves have recently been targeting employer retirement plans and the accounts in the plans. 

Data security at retirement plans varies, and there are numerous ways to breach it. Cybercriminals seek to exploit each plan's weakest link. 

In one of the instances, a retiree at a large employer recently discovered that his monthly pension cheque was not deposited on time. He got in touch with the retirement administrator, who, after some investigations discovered that the specified bank account for the contribution had been altered. 

The retired person did not alter the account. Instead, the request was made by an unidentified party. An employee of planning processed the change request since it was relevant and accurate. 

Fortunately, neither the retiree nor the plan lost financially. The payments were abruptly terminated, and the retirement account was changed from a payment method to a depository. After a brief investigation, the plan administrator found that change requests had been made for several other retirees, all of which were being paid to the same bank account. 

By monitoring his accounts carefully and noting that his monthly payment was not deposited on the usual day of the month, this retiree was able to avoid becoming a victim of cybercrime. He further got in touch with the administrator right away to make sure the modification did not happen. 

Methods Used by Hackers 

There are several methods used by threat actors in order to steal from retirement plans and accounts. 

  • One of the tactics used is the conventional method of accessing an email system. Cybercriminals may as well use “phishing” emails in order to deceive an employee or retiree into exposing access information.

Phishing attacks generally include threat actors sending an email to the target key employee or retiree and posing as a legitimate corporate employee (often a high-level executive) or a third-party vendor. 

The fraudulent email asks for specific information and, in the case of several employees or retirees, may request a list of personal information. Sensitive information can be given to criminals via email if the recipient is not watchful. 

  • Another method used by cybercriminals is purchasing personal details about the retirement account owners via the dark web and utilizing the data in order to access the retirement account. 

Whatever the method be, if cyber thieves get access to the data, they can utilize it to log into the account of a retiree or employee and reroute payments or disbursements. 

How to Protect Yourself 

  • One way to secure your data is to make yourself aware of the security measures of retirement planning. In particular, how to verify the validity of each request for an account change. What does it do to verify the identity of the user? Is two-factor authentication used before an account can be accessed or changed online?
Of course, none of the data security precautions are effective if online criminals make modification requests on paper. Thus, after confirming the accuracy of the information on the paper request, the user may inquire as to whether the plan administrator takes any further actions. 
  • Setting up your own personal cyber security procedures is another strategy to safeguard oneself. According to security professionals, most of the user's personal data is available for sale on the dark web. This makes it important to keep the information as secure as possible. 

This could be made possible by following precautions such as not sharing their Social Security number and other important information unless it is necessary. 
  • Keep a check on your accounts on a regular basis. If the deposit is due on a certain day, make sure deposits have been made by checking your accounts around that time each month. The plan administrator should be contacted if the deposit is not made. 
  • Moreover, log in to your account in order to monitor any suspicious activity. You may as well look for any unauthorized changes and transactions. Lastly, make sure that your address, beneficiary, and other details have not been changed.  

Share it:



Data Breach

data security

Data Theft


Retirement accounts