Scam alert! Watch out for 401(k) scams – CyberTalk

EXECUTIVE SUMMARY:

Many fraudsters know that the real money is in retirement accounts.

In response to increased cyber security around other coveted targets (tax returns, credit cards…etc), cyber criminals have turned their attention elsewhere; to 401(k)s. A popular retirement savings plan in the United States, cyber criminals are boldly breaking into 401(k) accounts in order to illicitly aggregate wealth.

401(k) savings plans provide cyber criminals with access to hundreds, thousands or hundreds of thousands of dollars. The data security around retirement plans typically varies, as plans are managed by a combination of corporate stakeholders and financial groups.

401(k) phishing

In regards to 401(k) monetary theft, experts have warned of an uptick in phishing emails that target employee credentials.

These emails say that they’re from [your] corporate Human Resources group, and that there is a 401(k) plan update or new information about contributions that everyone should be aware of.

Because employees are sometimes eager to increase and protect retirement investments, it’s easy for people to fall prey to these scams.

The QR code element

Within the latest 401(k) phishing emails, experts have noted a surge in QR codes. The QR codes direct recipients to phony login pages that immediately pinch account credentials.

Image courtesy of Bleeping Computer.

401(k) scams and crypto

Recently, for employee investors, major 401(k) plan administrators began to offer cryptocurrency as an alternative investment asset.

Not all retirement plans offer crypto, but those that do and corresponding accounts could see a tsunami of new in cyber threats — especially phishing-related threats — due to the fact that cyber criminals often prefer to conduct business in cryptocurrency.

401(k) scam prevention

The duplicitous tactics outlined above underscore the need for organizations (and individuals) to proactively safeguard retirement accounts.

  •       Leverage advanced anti-phishing technologies that can stop even the most sophisticated of phishing attacks
  •   Implement a tool that can scan the links behind QR codes, such as Check Point’s Harmony Email & Collaboration technology
  •   If your business outsources its HR operations, confirm and verify retirement account security protocols with the appropriate third-party
  •   Teach employees about the need to keep tabs on emails, account statements and account activities
  •   Inform employees about the importance of setting up two-factor authentication

Further information

In the U.S., federal laws and oversight endeavors attempt to protect employees from 401(k) scams. But they’re not adequate.

Ensure that your enterprise has the right cyber security in-place. Secure inbound and outbound emails with a top-of-line anti-phishing solution – Learn more here.

Related resources

  • Explore more of the latest cyber security trends – Read reports
  • Enhance your visibility into malicious QR codes – Here
  • Ensure the highest level of security for all of your employees – See details