Hackers are getting smarter by the day as organizations try to shore up their cybersecurity protocols. If bad actors can penetrate the network of a major North American pipeline or nationwide retailer, imagine what they can do to break into a brokerage firm’s network to steal investors’ identities and commit investment or other fraud.
Sadly, retirement accounts are becoming targets for cybercriminals. Before you open a retirement account of any kind — whether it’s a self-directed IRA or another type of plan — there are best practices consumers can employ to protect their personal information (and in some cases, their hard-earned retirement savings). It is especially incumbent upon the IRA custodian to ensure that they have safeguards in place to avoid fraudulent activity and client identity theft.
Once a hacker gains access to your account information, they can siphon off funds and change contact information so that you may not discover the fraud until your savings are gone — and possibly deposited into a new fraudulent account under your name without your knowledge. By that time, it may also be too late to recoup your losses from your financial institution.
Avoid Email Spoofing Schemes
Cybercriminals can gain access to personal data, bank accounts and more through email impersonation or spoofing. These emails appear to be from legitimate sources involved in current business or investment transactions; the victim wires funds per the instructions to what they believe are title companies, real estate attorneys, real estate brokers, banks or other parties, only to discover they’ve been robbed of thousands of dollars.
Watch for emails that appear authentic but have telltale signs of fraud, such as odd or incorrect sender addresses, poor grammar or a sense of urgency. Verify all emails concerning the transfer of funds and contact your financial institution immediately if you believe you are a fraud victim.
Beware Of Suspicious Investment Opportunities
Has someone approached you about an investment that sounds too good to be true? It might very well be. Ponzi schemes have ruined many lives, and investments that are difficult to research or trace should be avoided. Other red flags are:
• Hard sell tactics.
• An investment that is marketed broadly via the internet or newspapers rather than through a known and vetted firm.
• Guarantees of return on investment or claims of no risk.
• An investment that is described as safe, IRA-approved or custodian-approved (because there is no such thing).
• Asking you to wire funds or send a check directly to an individual rather than the investment entity.
• When insufficient or no investment documentation is provided: In the case of self-directed IRAs, the investor is expected to conduct his or her full due diligence about an investment prior to sending instructions to the plan administrator. Lack of research resources is a giant red flag (for any investor).
Do Your Investment Homework
Consumers are ultimately responsible for their finances. To avoid having your identity and your retirement plan stolen, you should consult a trusted advisor before providing personal information to an unknown entity. Talk to your financial planner, banker, attorney or another trusted source about the investment’s validity and ensure it aligns with your investment goals. You can also check with your state securities regulator, your secretary of state, the Securities and Exchange Commission (SEC) and the retirement industry’s self-regulatory organization, The Financial Industry Regulatory Authority (FINRA), to find out more and to determine if the entity is in good standing.
Vet Your Retirement Plan Custodian
Individuals should be educated about how fraud occurs, and part of that involves vetting their plan administrator and custodian for cybercrime prevention protocols. Find out if your retirement plan administrator has these protective measures in place:
• Emails containing sensitive account information (like account numbers) should be encrypted.
• Identity verification protocols from account setup (providing a valid passport or photo ID) and through the transaction process (when you call in, they should ask questions to verify your identity) should be in place.
• Original forms should be required to have wet-ink signatures, or in certain circumstances, industry-accepted electronic signatures.
• Limited power of attorney forms and/or interested party designations should be completed and kept on file for individuals permitted to access client accounts.
• A “safe investment” checklist should be available to keep you informed about potential fraud hazards.
• There should be a disclaimer on the website or in the account paperwork.
Utilize Resources For Fraud Prevention And Reporting From Trusted Organizations
• The Securities and Exchange Commission (SEC).
• The Financial Industry Regulatory Authority (FINRA).
• The North American Securities Administrators Association (NASAA).
• American Association of Retired Persons (AARP).
Cybercriminals’ tactics grow more sophisticated all the time. The best fraud prevention is an educated investor who stays alert to changes in his/her retirement plan. Change your passwords periodically and don’t use the same or similar passwords for all your accounts (of any kind). Watch your monthly statements for unusual or unauthorized activity and report it immediately to your plan administrator. Research the investment opportunity so that you understand it before wiring funds to any entity. And work with a respected retirement plan administrator that has safeguards in place to protect clients’ sensitive data as much as possible.