6 Ways to Protect Your Retirement Accounts From Hackers

Upset senior on a laptop
Photo by fizkes / Shutterstock.com

There is a growing threat to your retirement savings, and you probably are not aware of it.

Thieves increasingly are targeting individual 401(k) accounts by impersonating the account owners so the crooks can steal thousands — or even hundreds of thousands — of dollars.

Heide Bartnett of Darrien, Illinois, lost $245,000 when a fraudster used the “forgot password” option on her 401(k) account to log into Bartnett’s account. The crook later successfully impersonated Bartnett when calling the 401(k) plan’s call center, The Wall Street Journal reports.

Two years later, Bartnett has recovered just $108,000 of her stolen funds.

In another case, a woman from Massachusetts had $200,000 siphoned from her account, the Salem News reports. And another woman learned that a thief had swiped $99,000 from her 401(k) account, according to Bloomberg Tax.

You might think that the 401(k) plan itself would be responsible for reimbursing the funds it released in these situations. But that’s not necessarily the case.

As the WSJ reports, federal law is murky about who is responsible for losses associated with cyber theft. And 401(k) providers may include slippery language in their terms in an effort to evade responsibility for the lost money.

Even a company as respected as Vanguard says “if there’s evidence you neglected to reasonably safeguard your account, further investigation may be necessary to determine whether we can issue a reimbursement,” according to the WSJ.

So, what can you do to protect yourself? The following steps will go a long way toward keeping your retirement savings safe.

Create ridiculously strong passwords

How strong is strong — eight characters? How about 10 characters?

Try at least 16 to 25. That’s what the folks at LMG Security — which provides cybersecurity and digital forensics services — recommend. Other experts agree.

LMG says its penetration testers can break down an eight-character password hash — a scrambled version of the password — in anywhere from less than eight hours to about seven days, depending on the nature of the hash.

It takes them a bit longer to crack a 16-character password hash — 6.5 trillion years to 147 trillion years.

Use password managers carefully

Password managers provide a great service, and they have a solid reputation for keeping your information secure.

But a detail in the WSJ story might give you pause when considering whether to use a password manager.

Alight Solutions, a 401(k) plan record-keeper, says 401(k) plan participants who give passwords to third-party services that aggregate passwords or financial-account data might not be reimbursed if “our investigation determines that a fraud event is traceable” to such a service, the WSJ reports.

(Alight Solutions is the 401(k) plan record-keeper that allegedly released Bartnett’s $240,000 to the fraudster who attacked her account.)

That means you might be out of luck if a data breach that led to the theft of your identity can be traced back to your password manager. So, at the very least, you should choose a password manager very carefully.

Don’t use text-based verification

Two-step verification, also referred to as two-factor authentication, adds a layer of security to your online accounts. Instead of providing just a username and password to access your account, you must also provide another piece of information you have, such as a code sent to your phone via text message or an authenticator app.

This extra step makes it harder for a crook to access your retirement account, or any other account for which you set up two-step verification. But if you have verification codes sent by text message, it’s possible for a fraudster to bypass this security measure.

In a scam known as a “SIM swap,” a criminal can hijack your cellphone number. The fraudster who takes over your phone number in this way can create untold havoc, including stealing money from your 401(k) account and other financial accounts.

The scammer does this by calling your cellphone company, pretending to be you and asking the provider to change the SIM card associated with your phone number to a SIM card in a phone that is in the scammer’s possession.

Think it can’t happen to you? It happened to Twitter CEO Jack Dorsey when a crook took over Dorsey’s Twitter account.

“SIM” is short for “subscriber identification module,” and a SIM card tells a cellphone what cellular provider network and phone number to use. So, if your phone number is associated with a scammer’s SIM card, that scammer will receive calls and text messages sent to your number.

Perhaps the worst thing about this form of fraud is that there is little you can do to prevent it. You can ask your cellphone provider to create a PIN for your account so that no one can request a change of your SIM card without first providing that PIN. However, fast-talking crooks sometimes can convince the phone company representative to make the switch anyway.

For this reason, security experts recommend two-step verification that relies on an authenticator app over verification via text messages. Examples of such apps include Microsoft Authenticator and Authy.

Use a separate, secret phone number

This is tough — but necessary — medicine.

Just as a crook who knows your phone number can impersonate you and convince your cellular provider to make changes to your cellular account, a crook could call a financial services provider and impersonate you in an attempt to access your retirement account.

If the crook did a SIM swap and thus appears to be calling from your phone number that is associated with your retirement account, that crook might be able to convince the financial services provider to give the person access to your retirement account.

One way to thwart this type of identity fraud is to give your financial services provider a different phone number that you keep secret by not using it for anything else. Sound like overkill? Remember, a good chunk of your life savings could be at stake if someone is able to dip into your retirement account and clean it out.

Set up an online account with your plan provider

Ben Taylor, a consultant at investment-consulting firm Callan, tells the WSJ that by exercising the option to set up an online account, you beat the crooks to the punch.

As he puts it, “unclaimed online accounts are easier for impersonators to take control of.”

In other words, if you have the option to set up an online account and you take advantage of it, an identity thief can’t open an account in your name and then take control of it.

Consider spreading retirement money across multiple providers

There are good reasons to keep all of your retirement funds with a single financial services provider. Not only is it more convenient, but many providers will cut you a break on fees or offer other perks as you accumulate more money with them.

But there is also a risk: If all of your money is with one provider and a fraudster gets hold of that account, you could be wiped out.

By having some of your retirement money — say, your individual retirement account and health savings account funds — with a separate provider, you will at least reduce the risk that you could lose your life savings overnight.

Houston financial adviser Michelle Gessner told MarketWatch about clients who previously had been the target of identity theft. The couple once insisted to Gessner that they did not want to consolidate their retirement assets with a single provider, even if it meant giving up some modest financial benefits.

The couple’s fear of becoming “sitting ducks” a second time “is real and understandable,” Gessner told MarketWatch. “This is a real concern.”

Disclosure: The information you read here is always objective. However, we sometimes receive compensation when you click links within our stories.

Read Next
How to Buy a Refrigerator, Step by Step
How to Buy a Refrigerator, Step by Step

Here’s how I got the perfect appliance at the perfect price.

17 Home Maintenance Tasks That Save You Money
17 Home Maintenance Tasks That Save You Money

Here’s how to cut household costs and maintain your property’s value.

7 Common Online Shopping Mistakes That Will Cost You
7 Common Online Shopping Mistakes That Will Cost You

How many of these costly online shopping missteps are you making without realizing it?

5 Ways Your Phone Can Slash Grocery Costs
5 Ways Your Phone Can Slash Grocery Costs

These free apps and websites can help you get cash back on groceries, shop more efficiently or squeeze the most from the ingredients you have on hand.

9 Items Under $25 That Will Keep Your House Clean
9 Items Under $25 That Will Keep Your House Clean

We’ve rounded up some of the best products for cleaning your bathroom, kitchen and every other room.

View this page without ads

Help us produce more money-saving articles and videos by subscribing to a membership.

Get Started

Most Popular
10 Things Frugal People Never Buy
10 Things Frugal People Never Buy

If you’re a true tightwad, the mere thought of spending money on these items gives you the willies.

10 Useless Purchases You Need to Stop Making
10 Useless Purchases You Need to Stop Making

You might as well flush your money down the loo if you spend it on these things.

7 Social Security Benefits You May Be Overlooking
7 Social Security Benefits You May Be Overlooking

There’s more to Social Security than retirement benefits.

10 Cars You Are Most Likely to Keep for 15 Years
10 Cars You Are Most Likely to Keep for 15 Years

The cars that owners hold onto the longest have one thing in common, a new study shows.

3 Ways to Get Microsoft Office for Free
3 Ways to Get Microsoft Office for Free

With a little ingenuity, you can cut Office costs to zero.

14 Things You Should Stop Buying in 2021
14 Things You Should Stop Buying in 2021

These convenient household products come with hidden costs that you might not have considered.

The 6 Best Investing Apps for Beginners
The 6 Best Investing Apps for Beginners

If you’re looking to ease into investing in the coronavirus economy with just a little money, check out these easy-to-use tools.

7 Kirkland Signature Items to Avoid at Costco
7 Kirkland Signature Items to Avoid at Costco

Even if it seems you save a bundle buying Costco’s Kirkland Signature brand products, they may not be the bargain they appear to be.

8 Things You Should Replace to Improve Your Life Today
8 Things You Should Replace to Improve Your Life Today

Being frugal isn’t smart if you put off replacing these items.

9 Things You Should Never Leave in a Car
9 Things You Should Never Leave in a Car

Thinking of leaving these possessions in a car? Prepare for unexpected consequences.

7 Income Tax Breaks That Retirees Often Overlook
7 Income Tax Breaks That Retirees Often Overlook

Did you realize all these tax credits and deductions exist — or that they apply to retirees?

9 Mistakes People Make When Cleaning With Vinegar
9 Mistakes People Make When Cleaning With Vinegar

Cleaning with vinegar can save you a lot of money, but using it like this can cost you.

13 Amazon Purchases We Are Loving Right Now
13 Amazon Purchases We Are Loving Right Now

These practical products make everyday life a little easier.

10 Things Successful Retirees Do Differently
10 Things Successful Retirees Do Differently

These habits and characteristics can help put you on the track to success.

7 Costly Health Problems That Strike After Age 50
7 Costly Health Problems That Strike After Age 50

As we age, our bodies wear down. Here is how to cut costs associated with some common ailments.

29 Purchases That Can Save You Money Every Day
29 Purchases That Can Save You Money Every Day

Sometimes, you’ve got to spend to save.

Will You Owe Taxes on Last Year’s Stimulus Payments?
Will You Owe Taxes on Last Year’s Stimulus Payments?

It’s the question on everyone’s lips this tax season.

7 Things I Never Buy at Costco
7 Things I Never Buy at Costco

A bulk buy isn’t always the best buy.

5 Tax Mistakes to Avoid in Retirement
5 Tax Mistakes to Avoid in Retirement

Even great savers can reduce their retirement income by making these mistakes.

View More Articles

View this page without ads

Help us produce more money-saving articles and videos by subscribing to a membership.

Get Started

Add a Comment

Our Policy: We welcome relevant and respectful comments in order to foster healthy and informative discussions. All other comments may be removed. Comments with links are automatically held for moderation.