The security of tax returns, credit cards, and other usual targets of cybercriminals has been strengthened. Cybercriminals are now launching sophisticated assaults on workplace retirement plans and plan accounts.
The security of retirement plan data varies and may be compromised in several ways. Most cybercriminals examine each strategy to identify the most susceptible place.
One retiree of a big firm recently discovered that his monthly pension cheque had not been deposited on time. After conducting an inquiry, the retirement administrator determined that the bank account authorized to receive the contribution had been altered.
The retiree had not altered the account. Instead, an unidentified individual submitted the request. The update request had all pertinent and accurate information, and thus it was processed by an employee of the plan.
Neither the retiree nor the plan suffered a financial loss. The payment was immediately halted, and the account of the retiree was re-designated as the location for deposits. The plan administrator performed a fast check and discovered several other retirees had also requested that their benefits be sent to the same bank account.
This retiree avoided becoming a victim of cybercrime by closely monitoring his accounts and noticing that his monthly payment was not deposited on a normal day. He called the administrator immediately and prevented the modification from taking effect.
Cybercriminals use various methods to steal from retirement plans and accounts. Traditional methods of email system penetration are one strategy, and old-fashioned hacking techniques can occasionally grant access to a company’s email system.
Cybercriminals increasingly utilize “phishing” emails to mislead employees and retirees into divulging access details. In a typical phishing assault, thieves send an email to a selected key employee or retiree, making the email appear to originate from a legitimate business employee (often a high-level executive) or an outside vendor.
When sent to an employee, the phishing email may request a list of the personal information of many workers or retirees. If the email recipient is unaware, sensitive information is transferred to criminals.
Cybercriminals may also purchase personal information on the owner of the retirement account on the dark web and use this information to get access to the account.
Once the cybercriminal has the information, it may be used to get into the account of a retiree or employee and divert payments or dividends. In the most recent example, criminals utilized both new and ancient techniques. The information about the retiree was obtained on the black web. The thieves then printed the form, filled it out by hand, and mailed it to the administrator after downloading it from the retirement plan’s website. The administrator processed the paper document normally.
Knowing the security measures of the retirement plan is one approach to protecting yourself. Learn the processes necessary to verify the legitimacy of any account modification requests. What does it do to validate the user’s identity? Is two-factor authentication required before an online account may be accessed or modified?
None of these data security measures are effective when cybercriminals make paper modification requests. Inquire whether the plan administrator takes extra procedures after confirming the accuracy of a paper request’s details. Does it phone the person to confirm the request? Does it send a confirmation letter through first-class mail to the individual?
Establishing personal cyber security measures is another method of self-protection.
According to most cyber security experts, you should assume that your sensitive personal information is for sale on the dark web. Protect this information as much as possible. Give away your Social Security number and other sensitive information only when required. However, you should presume that it is already public. Therefore, you must regularly monitor your accounts. If deposits are due on a specific day, you should check your accounts around that period each month to ensure that they have been made. Contact the plan administrator if a deposit is not made.
Additionally, check your account frequently for any activity. Look for unapproved alterations and transactions. Verify that your address, beneficiary, receiving account, and other details have not changed.