401k Cyber Crime A Growing Concern

Retirement Plan Cyber-Crime401k cyber crime is on the rise.  The reason cyber criminals are targeting retirement accounts is because its an easy place to pick up someone else’s money.  Industry professionals are doing everything possible to be certain that you are not the victim of 401k cyber crime.   Staying one or two steps ahead of the 401k cyber criminals is in your best interest.  In fact, cyber crime has been dubbed one of the great threats of the 21st century.

The latest cybersecurity criminals are targeting retirement plans of unsuspecting 401k and 403b plan participants.  As such, it’s critical for plan sponsors and retirement plan service providers to pay careful attention to cybersecurity by exercising great caution when putting measures in place to protect plan participant accounts from retirement plan cyber criminals.

Cybersecurity has increasingly made headlines in recent years as data breaches have become more commonplace. Equifax, Target, Marriott — there’s no shortage of household-name companies that have experienced the sting of a cyber attack. Interestingly, however, the instances of merchant-account fraud have declined in recent years. Nonetheless, retirement plan cyber account fraud has increased, according to Larry Goldbrum, Senior Vice President and Director of ERISA Fiduciary Services, Retirement Strategies Group, at Reliance Trust, who was quoted in a Fox 5 News article on the topic.

Goldbrum spoke at the SPARK Forum in Palm Beach, FL, where he explained that cybercriminals are increasingly targeting retirement and loan accounts. Indeed, cyber fraud targeting retirement accounts tripled in 2017-2018 from 2016-2017, he said. And these cyberattacks aren’t simply targeted at the accounts. These crimes are perpetrated by sophisticated retirement plan cybercriminals who are keen to take over entire systems to gain access to a user’s login credentials and send phishing emails.

You might think cybersecurity is an issue isolated to older folks.  Not so, according to Rick Floress, Senior Vice President, Risk Management, FIS, who was also quoted in the Fox 5 News article. A child’s data is worth 51 times that of an adult’s. That’s because most parents don’t check their child’s credit until age 18, around the time they’re applying for financial aid for college. By then, the damage has been done — cybercriminals have already stolen the child’s ID.

Indeed, cybercrime is expected to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015, according to research from Cybersecurity Ventures.  The costs of cybercrime are numerous and varied, including “… damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm,” noted Steve Morgan, founder and Editor-In-Chief at Cybersecurity Ventures, again quoted by Fox 5 News.

Some companies pledge to make their customers whole following a cybersecurity data breach.  Financial firm Charles Schwab is one such company.  On its website, Schwab promises to cover 100% of losses in customers’ Schwab accounts due to unauthorized activity.  Not all companies make such promises, however.  Therefore, it’s important not to assume that if participants’ retirement accounts are hacked by retirement plan cybercriminals, the stolen money will be returned.  Companies are required only to investigate reported hacks for fraudulent activity and report the incident to the police.

Of course, one of the best ways retirement plan sponsors can protect participants’ accounts is by implementing strong 401k cyber crime policies and measures. Experts recommend installing firewalls and up-to-date anti-phishing and anti-spyware on all computers and devices.  Training your employees to be aware of and watch out for phishing attacks via email can also help keep their, and your, sensitive data safe, including retirement plan information.  And remind participants to check their retirement plan statements carefully for any suspicious or unauthorized activity that could be perpetrated by 401k cyber crime professionals.

ERISA, the law that governs employer-sponsored retirement plans, doesn’t expressly spell out a plan sponsors’ fiduciary obligations when it comes to retirement plan cybersecurity.  But like all fiduciary duties, plan sponsors and plan fiduciaries should make sure that the retirement plan cybersecurity prevention you have in place protects your participants’ best interests as well as their retirement savings.

Click here to register for the June 12, 2020 Virtual Town Hall Meeting on Fraud Prevention.


Thank you for visiting our site!

TRAU, Inc. and its affiliates TPSU and 401kTV do not provide investment, legal, tax or accounting advice. 401kTV readers and viewers should consult their legal and tax advisors for guidance. All materials, including but not limited to articles, directories, photos, videos, graphics etc., on this website are the sole property of TRAU, Inc. and are intended for educational purposes only. We do encourage your sharing 401kTV content with Plan Sponsors; however, unauthorized use of any and all materials is prohibited/restricted.

Permission to use any of the materials, etc. on any of this site or affiliate websites may be requested in writing at [email protected] and may be granted in writing on a case by case basis. Use of all editorial content without permission is strictly prohibited.

Scroll to Top