top of page

Hackers are ramping up attacks on retirement accounts — how to keep yourself safe

The thought of losing your life savings to hackers can be terrifying — and it’s why two of Houston financial adviser Michelle Gessner’s clients didn’t want to consolidate their retirement assets, even if the move would be financially savvy.

The couple had already been the target of identity theft in the past, then with their credit cards, and they were afraid that if they rolled all their money together, they’d be “sitting ducks” at risk of losing their entire nest egg. “The question is real and understandable,” Gessner said. “This is a real concern.”

Gessner was able to talk them through their fears, and showed them the custodians she works with — such as Fidelity, TD Ameritrade AMTD, +0.13% and Schwab SCHW, +0.04% — all guarantee protection in the event of a hack. When she saw how worried these two clients were, she wrote a blog post for all her other current and future clients to help ease their minds. Gessner also follows strict cybersecurity measures of her own, including two-factor authentication and constant surveillance. “My laptop and my assistant’s laptops are like a fortress to get into,” she said.

Bank accounts are a top target for hackers, and retirement accounts may not be far behind. Cybercriminals are moving toward retirement and loan accounts. Although the number of consumers affected by identity fraud has declined between 2017 and 2018, hackers are targeting new types of financial accounts — such as customer rewards programs and retirement plans, according to the 2019 Identity Fraud Study from Javelin Strategy & Research.

Part of the problem is identity theft, which can provide hackers the keys to getting into important accounts. Data breaches have become common — Target TGT, -0.48%, Sony SNE, -1.57% and Microsoft MSFT, +2.30% were all targets of major data breaches in recent years — and provide scammers with credit card information and billing addresses. Capital One COF, -1.18% was also hacked in 2019, revealing information of more than 100 million of its customers — including dates of birth, income and payment history and Social Security numbers.

Sometimes, hackers may use information they find for their own endeavors, but they may also sell this sensitive data on the “dark web,” a part of the internet only found using specific browsers. The dark web is where cyber crime usually begins.

There are many layers to stealing from retirement accounts — most financial institutions have numerous security measures in place before a withdrawal occurs — but if it were to happen, it could result in the loss of tens of thousands, if not hundreds of thousands, of dollars. Retirement accounts in particular can be a hacker’s dream, as they’re not checked nearly as often as other financial accounts and retailer sites.

Savers need to be sure that they access their accounts in a secure manner, so that they aren’t the next victim. Fraudulent activity can be harmful to an individual, especially when it affects that person’s future. “The financial hardships that may be caused by identity theft or a scam can last for months or years after your personal information is exposed,” said Paige Hanson, chief of identity education at Norton Life Lock.

Here’s what you can do to keep your accounts safe:

Check your accounts — but just for security purposes Financial advisers typically suggest not to frequently check your retirement accounts, as market volatility may cause a balance to appear lower than normal and thus, concern individuals about their retirement security. But people should occasionally sign into the account, just to ensure nothing has changed pertaining to account information. “We often don’t check our retirement accounts as often as other accounts, such as your email, credit card or bank account,” Hanson said. She suggests setting up notifications that alert the account holder when someone has logged into the account, conducted a transaction or changed a password.

If you notice transactions you’re unfamiliar with, contact the compliance department of the custodian immediately, Gessner said. You can also find login history for your account after you’ve signed in.

Secure your accounts

Always be cautious with sensitive information, such as Social Security numbers, passwords, and addresses or phone numbers. People may not know when this information has gotten into the wrong hands, Hanson said. “Thieves may not use your information for months or even years, waiting for a time when you may not be as attentive to the risk,” she said.

Password managers can store or even generate secure passwords, much better than generic codes like “123456” or “password.” People can also turn on two-factor authentication, which means someone logging into the account would need to input the password and then a code sent via text message, email or phone call.

Pay attention to who or what institution is receiving your personal information. Many consumers shop online, or register for subscription services and newsletters that could easily be hacked, said Adi Peretz, senior consultant and head of research at CyberInt. “Once you disclose that to a third party, that puts you at risk of being exposed,” he said.

Other tactics: change the password on a router, which is how hackers can access a person’s home internet — and any device linked to it; change the default Domain Name System, which internet service providers initially create; and use a VPN, which creates an “encrypted tunnel” for data sent and received, Hanson said — it’s especially useful when on public Wi-Fi.

Keep your devices updated

Don’t click on unfamiliar links via email or web searches, Gessner said. And always use the most updated software and operating systems when on your computer or mobile device. An out-of-date program may not have the same security measures as the newest version, or they may no longer be supported, which creates vulnerabilities.

“Cybercriminals frequently use known exploits, or flaws, in your software to gain access to your system,” Hanson said. “Patching those exploits and flaws can make it less likely that you’ll become a cybercrime target.”

Written by our friend: Alessandra Malito is a personal finance reporter based in New York. You can follow her on Twitter @malito_ali.