top of page
  • Admin

Hackers Target Your 401(k) As Retirement Fund Fraud Increases

Published: May 3, 2020 on our newsletter Security Fraud News & Alerts Newsletter.

It’s not just bank accounts that hackers are after these days. According to a report by the National Association of Plan Advisors, retirement accounts are increasingly in the crosshairs of bad actors. In 2018, cyberfraud cost U.S. citizens $14.7 billion and retirement fraud was on the rise. Today, security experts believe attacks on 401(k) and other retirement accounts is still growing, and consumers saving for their retirement need to keep a close eye on their account activity.

There’s no shortage of tales about individuals who rarely check their retirement accounts only to find huge chunks of cash missing when they do. Some hackers make regular withdrawals from these accounts over time, keeping them low in scale until an account owner eventually notices the accruing theft. When it’s already too late to stop the fraud, the only hope for account holders is that their investment company will refund their stolen cash. Most of the bigger investment firms will replace the loss, but it’s important to check your fraud policy–don’t assume it will be refunded.

Hacking methods are moving on from targeting traditional bank accounts due to bolstered cybersecurity on the part of financial institutions and increased monitoring by consumers. Traditionally, retirement accounts don’t get checked nearly as often as bank accounts. As a result, the fraud doesn’t get reported in time to stop further damage–it’s usually after the funds are long gone. Retirement account fraud awareness is showing up in the headlines now more than ever, and security experts hope consumers are taking notice.

Cyberthieves use email compromise, spear phishing, and social profiling as an effective way to target all financial accounts, and those for retirement are no different. Once a hacker gets hold of just one email account, an inbox is often the roadmap to other holdings. Hackers see emails from banks and other accounts, showing them where other funds are likely located. Also, personally identifiable information (PII) stolen in data breaches is usually posted on the Dark Web where other cyber thieves can take and use it for their own fraudulent crimes.

Experts caution those with retirement funds to be as vigilant about them as they are other financial accounts. Practicing strong cyberhygiene, including a unique and strong password for each account is always recommended. Use MFA whenever it’s available. Be aware of email phishing and other attempts to steal PII and think very carefully before clicking links and opening attachments as they are often setups to steal data, especially when they are from an unknown source are out of the blue. Check fund statements or online accounts monthly or more, and immediately report any suspicious or unauthorized activity to your mutual fund or money manager. Investment firms send letters to their clients when details to an account are changed, including home addresses. And always make sure accounts have firewall protection and devices have updated antivirus and antispyware software.

Want to schedule a conversation? Please email us at


bottom of page