Senior woman contemplating

“Unlike with stolen credit cards, a saver’s losses to fraud in retirement investment accounts aren’t limited by federal law, although mutual fund companies typically say they’ll reimburse funds lost to fraudulent activity.”

She thought she had nearly $80,000 saved in her employer-sponsored retirement plan, but when Beth Bennett checked on her account, there was only about $8,000 in the account. She didn’t check the account very often, so she didn’t even know the theft had occurred.

Her experience, detailed in the article “Cybercrooks Targeting Retirement Accounts” from Insurance, was the result of someone stealing her identity, changing her mailing address, redeeming money from her mutual funds and having checks mailed to new locations. A bank cashed the first two checks. When the theft was discovered, Bennet was able to stop payment on a third check. But that wasn’t the worst discovery.

Contacting the mutual fund company revealed that there was no sure guarantee that she would be reimbursed for the loss.

As cyberattacks on retirement funds rise, investors need to be on guard.

Hackers are going where the money is, and retirement accounts are rich targets. Fraud in retirement accounts is on the rise, according to a report from the National Association of Plan Advisors. Criminals are looking for any possible route, and they have found that email compromises, spear phishing and social profiling are profitable. Spear phishing is when criminals send emails that look like they are from a known and trusted sender, trying to get confidential information.

Some experts say that criminals are gaining entry by getting people’s passwords and account numbers, which can be purchased on the “dark web.” When getting access to one email account, they can figure out how to get into the bank account. All they have to do is go through the “Forgot Password” process and reset your password through an email and they have access.

Bennet was lucky. Her retirement fund company returned the money that was lost. But not everyone is so lucky. The biggest companies are more likely to do so, but there are no guarantees.

What can account holders do?

  • Make sure any device used to connect to accounts is protected by a firewall and has current antivirus and antispyware software.
  • Be very cautious about opening attachments or clicking on links in emails that ask for financial information.
  • Use a longer password than a short one, and don’t use the same password on multiple accounts.
  • Open and read any letters and statements that come from your retirement accounts on a timely basis to be sure that everything looks accurate. If you see any unauthorized activity, call the companies immediately.

Reference: Insurance (Jan. 8, 2020) “Cybercrooks Targeting Retirement Accounts

For more information on elder law, retirement planning and estate planning, please visit my estate planning website.

Mr. Amoruso concentrates his practice on Elder Law, Comprehensive Estate Planning, Asset Preservation, Estate Administration and Guardianship.