Hackers Ramp Up Attacks on Retirement Accounts — How to Secure Yours

(MarketWatch) Bank accounts are a top target for hackers, and retirement accounts may not be far behind. Cybercriminals are moving toward retirement and loan accounts. Although the number of consumers affected by identity fraud has declined between 2017 and 2018, hackers are targeting new types of financial accounts — such as customer rewards programs and retirement plans, according to the 2019 Identity Fraud Study from Javelin Strategy & Research.

Part of the problem is identity theft, which can provide hackers the keys to getting into important accounts. Data breaches have become common — Target,  Sony and Microsoft  were all targets of major data breaches in recent years — and provide scammers with credit card information and billing addresses. Capital One was also hacked in 2019, revealing information of more than 100 million of its customers — including dates of birth, income and payment history and Social Security numbers.

Sometimes, hackers may use information they find for their own endeavors, but they may also sell this sensitive data on the “dark web,” a part of the internet only found using specific browsers. The dark web is where cybercrime usually begins.

There are many layers to stealing from retirement accounts — most financial institutions have numerous security measures in place before a withdrawal occurs — but if it were to happen, it could result in the loss of tens of thousands, if not hundreds of thousands, of dollars. Retirement accounts in particular can be a hacker’s dream, as they’re not checked nearly as often as other financial accounts and retailer sites.

Secure Your Accounts

Always be cautious with sensitive information, such as Social Security numbers, passwords, and addresses or phone numbers. People may not know when this information has gotten into the wrong hands…

Password managers can store or even generate secure passwords, much better than generic codes like “123456” or “password.” People can also turn on two-factor authentication, which means someone logging into the account would need to input the password and then a code sent via text message, email or phone call.

Other tactics: change the password on a router, which is how hackers can access a person’s home internet — and any device linked to it; change the default Domain Name System, which internet service providers initially create; and use a VPN, which creates an “encrypted tunnel” for data sent and received…it’s especially useful when on public Wi-Fi.

[Read more…]