Your 401(k) may not be safe: More cybercriminals are targeting retirement accounts

Cybercrime is one of the greatest global threats of the 21st century, and financial experts are warning that an increasing number of attacks are being carried out on 401(k) and other retirement accounts.

While the number of overall fraud and account fraud cases has decreased in recent years, retirement account fraud is up, according to Larry Goldbrum, Senior Vice President and Director of ERISA Fiduciary Services, Retirement Strategies Group, at Reliance Trust, one of the largest trust companies in the U.S.

Criminals are “moving away from card fraud to retirement accounts and loan accounts,” Goldbrum told attendees at the November SPARK Forum held in Palm Beach, Fla.

Cyber fraud targeting retirement accounts was three times higher in 2017-2018 than in 2016-2017, according to Goldbrum.

Experts at the SPARK forum stressed that these attacks aren’t just specifically targeted at the retirement accounts — hackers are looking to take over whole systems to gain access to a user’s login credentials, as well as sending phishing emails.

And it isn’t just older Americans’ data that’s at risk.“The value of your kids’ data is 51 times that of an adult,” warned Rick Floress, Senior Vice President, Risk Management, FIS. “Credit generally is not checked for 18 years. It is easier to use their IDs to perpetrate fraud.”

Cybercrime has far-reaching economic consequences, and it is expected to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015, according to the Official 2019 Annual Cybercrime Report from Cybersecurity Ventures.

"Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm," said Steve Morgan, founder and Editor-In-Chief at Cybersecurity Ventures.

Many larger companies offer to fully cover any losses due to unauthorized activity, such as Charles Schwab, which states on its website that it will “cover 100% of any losses in any of your Schwab accounts due to unauthorized activity.”

Not all companies make such promises, though, and experts warn that people can’t simply assume that stolen retirement funds will automatically be reimbursed after a hack. Companies are only required to investigate reported hacks for fraud and notify law enforcement that a crime has taken place.

One of the best ways to protect your retirement account from cyberattacks is to implement strong personal cybersecurity practices.

Experts recommend protecting all computers and devices used to access your accounts with a firewall and current anti-virus and anti-spyware software. Practicing caution with email can also help limit your vulnerabilities to attacks. Be wary of any emails asking for financial information, even if they look legitimate — phishing emails are effective because they mimic official email correspondences from legitimate financial institutions. And finally, check the paper statements you receive in the mail regarding your accounts to make sure that no unauthorized activity has taken place.