That dip in your retirement savings account balance might not be the result of recent volatility in the stock market. It could be a sign that someone has hacked your account and is stealing your money.
In recent years, hackers have increasingly been targeting retirement accounts, according to a report by financial services research company LIMRA and the Society of Actuaries. Sometimes, they use large-scale cyber attacks on financial institutions to gain access to accounts. However, it’s becoming more common to see thieves use stolen personal information and account credentials to pose as account owners and access their accounts to drain funds, reports the National Association of Plan Advisors.
With cyber attacks on retirement accounts on the rise, it’s more important than ever to ensure your nest egg is safe. Take these steps to protect your retirement account from hackers.
Make sure you have online access to your account
Set up online access to your retirement account if you haven’t for two key reasons. For starters, having online access allows you to check in on your account whenever you want to make sure everything is OK rather than waiting for monthly or annual statements. Log in regularly to make sure there aren’t any transactions you don’t recognize and that your contact information still is correct (changes to your contact information might mean your account has been hacked).
More importantly, setting up an online account prevents thieves from beating you to the punch. If your account information falls into the wrong hands—through a data breach or even a statement you threw out without shredding it first—thieves can use that information to set up online access to your account and steal your retirement savings. While you’re at it, create a my Social Security account at SSA.gov so thieves don’t do it first and divert your Social Security benefits to their bank account.
Use a strong account password
If you have online access to your retirement account, use a strong password that isn’t easy for hackers to guess. For example, don’t use “12345,” “password,” your name, family members’ names, pets’ names, birthdate or any other personal information.
Instead, create a password that is at least 12 characters long with a combination of upper-and lowercase letters, numbers and symbols. To make this easier, use a password manager such as the one offered as part of the Carefull account monitoring service that can generate a unique password for all of your accounts and safely store them so you don’t have to remember them.
[ Learn: How to Protect Your Account Passwords ]
Use multi-factor authentication
To make accounts more secure, most financial institutions now offer multi-factor authentication, or two-step verification. In addition to entering your username and password when logging into your account, you might be asked to use another factor to confirm your identity, such as your fingerprint or a code sent to you by text message.
It might seem like a hassle, but enabling multi-factor authentication on all of your financial accounts is actually an easy way to keep hackers out of your accounts. Opt in if your financial institutions offer it. And take security a step further by downloading an authenticator app such as Authy, LastPass or Microsoft Authenticator that creates a secret key to create a one-time code to log you into your accounts.
Use an account monitoring service
Take advantage of technology to keep constant tabs on your retirement account for unusual transactions and signs of fraud. For example, you can link the Carefull service to your investment accounts for 24/7 monitoring and alerts when it spots withdrawals or large balance declines in those accounts. If funds are withdrawn fraudulently, it’s important to notify the investment firm quickly to increase the chances of being reimbursed. Some firms won't reimburse account holders for fraudulent transactions if they aren't reported within a certain number of day.
Sign up for identity monitoring
Thieves are increasingly accessing retirement accounts by using account holders’ personal information and credentials that are stolen in data breaches and sold on the dark web. You can’t prevent these data breaches from happening. However, you can find out if your personal information is being misused or sold on the dark web by signing up for an identity monitoring service. Then you can quickly change the passwords for accounts that have been compromised to prevent thieves from accessing them.
In addition to providing account monitoring, the Carefull service includes credit and identity monitoring—plus up to $1 million in identity theft insurance coverage if your identity is stolen.
Name a trusted contact
You can add another layer of protection to your retirement account by naming a trusted contact for that account. A trusted contact is someone the financial institution is authorized to contact if there is an issue with your account and it can’t reach you. The trusted contact can’t act on your behalf but can be asked to verify your contact information or your health status and can help respond to possible financial exploitation to protect your assets.
Check the settings of your online account to see if you can add a trusted contact if you haven’t already. If this option isn’t available online, contact your financial institution to ask about adding a trusted contact. Carefull also allows users to name trusted contacts, who get view-only access to accounts and alerts when the service spots money mistakes and unusual transactions.
Don’t give out account information over the phone, email or text
If you get a call, email or text message supposedly from your financial institution asking for your login credentials or any other account information, don’t provide the requested information. It’s likely a scam. Financial institutions typically don’t reach out to customers out of the blue asking for personal information. If you’re concerned that there might be a problem with your account, contact the financial institution directly by calling the customer service number listed on its website.
[ Find Out: What Is Phishing and How to Avoid It ]
Don’t use public Wi-Fi to access your account
If you get the urge to check your retirement account while you’re out and about, don’t use a public Wi-Fi network to log on. Hackers can access these networks and see your online activity. Instead, use your mobile phone’s cellular data to check your account.
Iif you’re using a laptop computer, use your mobile phone as a hotspot to get Internet access. Go to your phone’s settings, click on “Personal Hotspot” then “Allow Others to Join.” You’ll be provided with a password that you can enter when you go to Internet access settings on your computer.
The best defense against hackers is your willingness to go the extra mile to protect your retirement account. Using a strong password, multi-factor authentication and account monitoring can go a long way toward keeping your account safe. And make sure you remain diligent about guarding your account information so it doesn’t fall into the wrong hands.
[ Keep Reading: What Is Investment Fraud and How to Avoid It ]