Cyber Thieves are Stealing your Retirement

If it can be stolen, cyber thieves have figured out how to do it. They hack and breach their way into what seem to be the most secure systems and steal credit cards and tax refunds, open accounts in your name, and borrow money with your information. They steal you! In this digital age, cyber theft has become a painful way of life. If you haven’t had something stolen by cyber criminals, you’re in the minority.

The most recent numbers available show that the Federal Trade Commission (FTC) received more than 5.88 million fraud reports in 2021, up 19% from the year before. The financial loss attached to those reports was more than $6.1 billion dollars, up 77% compared to 2020. And that’s just what was reported.

As bad as cyber theft is, there’s an entirely new threat that could dash the hopes and dreams you have for retirement. Cyber thieves are making sophisticated attacks on employer retirement plans and the accounts in them—your accounts.


CPA Bob Carlson tells one such story.

I know of one retiree at a large employer who recently realized his monthly pension check hadn’t been deposited by the usual date. He contacted the retirement administrator who, after some research, found that the bank account designated to receive the deposit had been changed.

The retiree hadn’t changed the account. Instead, an unknown person submitted the request. The change request included all the relevant and accurate information, so it was processed by a plan employee.

Fortunately, neither the retiree nor the plan lost money. The payment quickly was stopped, and the retiree’s financial account was re-designated as the place for the deposits to be made. The plan administrator did a quick check and found that change requests had been put in for several other retirees, with all the payments going to the same bank account.

This retiree avoided being a cyber-crime victim by paying close attention to his accounts and recognizing that his monthly payment wasn’t deposited on the usual day of the month. He contacted the administrator quickly and made sure the change didn’t go through.


Cybercriminals have a bag full of tricks when they try to steal from retirement plans.

  • They try to breach using an employer’s email system. With all the data security in place today, this old-fashioned method still works at times.
  • Phishing emails are a popular tool. The thief sends an email to a key employee or retiree, making the email appear to be from an executive in the company. The email asks for specific information about several employees or retirees.
  • Cyber thieves will buy personal information about the retirement account owner through the dark web.

No matter which strategy cyber thieves use, once they have the information, the digital highway is open for them to log into your account and redirect payments or distributions. In one case that’s been reported, a retiree’s information was purchased on the dark web. The thieves then downloaded the appropriate form from the retirement plan’s website, printed it, completed it by hand, and mailed it to the administrator who processed the paper document.


How do you protect yourself and your retirement accounts?

  • Learn what’s required to guarantee that a request to change your account is legitimate.
  • Find out how your employer verifies the identity of the user.
  • Is two-factor authentication used before an account can be accessed online or before changes can be made?
  • What steps does the plan administrator use to verify the legitimacy of a paper request?
    • Does it call you to verify?
    • Does it send a first-class letter to you to confirm the request?


Most cyber security experts agree that your vital personal information is already available for purchase on the dark web and you should operate under the assumption that’s it’s already there. So, what else can you do to protect yourself from cyber thieves? Create your own cyber security policy.

  • Don’t give out your Social Security Number or other personal information
  • Don’t open suspicious emails
  • Double-check links before you click on them
  • Change your password every 60-90 days
  • Disable Bluetooth when you’re not using it
  • Enable 2-factor authentication
  • Monitor your accounts on a regular basis. If a deposit is due on a certain date, check your accounts around that date each month to be sure the deposits are made.
  • With employer retirement accounts, if a deposit or distribution doesn’t take place when it’s supposed to, contact the plan administrator immediately.
  • Log into your accounts regularly and look for unauthorized charges or transactions. Be sure your address, beneficiary designations, account to receive transfers and deposits, and other information has not been changed.


Cyber thieves are trying hard to steal your money. Fight back by staying alert, aware, and in control.

Previous articleCareer Cushioning—The Latest Trend in Employment
Next articleHas Inflation Killed the Easter Bunny?