Information Center

Protecting Your Retirement Account Against Cybersecurity Threats

06/26/25

Green lines of code against a black background.

Computer hacking, data breaches, cybercrime, financial scams – cybersecurity risks are everywhere, and your retirement account could be a target. Be vigilant about keeping your personal information secure and confidential to reduce the risk of identity theft. You can reduce the cybersecurity risk of fraud or loss to your retirement account by taking these precautions:

Online Account

  • If you don’t already have an online account for your retirement plan account(s), think about registering with your plan to set up an online account.
  • Having an online account means you can protect your retirement funds with a password and other security measures that you select.  You can then regularly monitor your retirement account and report any suspicious activity.
  • When you finish reviewing your online account, make sure you log out completely from the account and close the tab.
  • Without a regularly monitored, password-protected online account, you are more vulnerable to fraud, because a hacker could try to masquerade as you by assuming your online identity.

Tip: Regularly check important financial accounts — employers, plans and financial service firms may not send emails or alerts for fear of hacking risk or other reasons. In our growing electronic world, consumers must actively monitor their accounts.

Computer Safety

  • Keep your computer system and software programs up to date.
  • Install and regularly run a highly rated anti-virus program.
  • Avoid conducting any financial or sensitive transactions if you’re away from home. Be careful if you connect to a public Wi-Fi network, because it might not be secure. Hackers could be able to intercept your personal financial information.
  • Whether it’s an email or a text, don’t open files, documents, invoices, or other attachments or click any links unless you are expecting them and you are certain that you know the sender and have checked that the sender’s email address is correct. Don’t call the phone number or reply to the email address—it could be a scam. Go directly to the company or bank to see if they sent you anything or something needs your attention.

Passwords

Passwords are like underwear: don’t let people see it, change it very often, and you shouldn’t share it with strangers.”

–Chris Pirillo

  • Choose strong passwords that are hard to guess.
  • Make them long – at least 16 characters.
  • Make them random, for example:
    • Use a random string of mixed-case letters, number, symbols
    • Create a phrase of 4-7 unrelated words, e.g., HorsePurpleHatRunBay
  • Make them unique.
    • Have different strong passwords for each account
  • Change passwords frequently.
  • Consider a password manager.
  • Store passwords with care – do not leave passwords on your desk, table, or counter for others to see.

Use Multi-Factor Authentication

  • Whenever offered, use Multi-Factor Authentication (MFA), or two-step authentication or two-factor authentication – it provides an extra layer of cybersecurity beyond a password by requiring additional identification, such as a code texted to your phone, or a code generated by an authenticator app.
  • Even if someone steals your password (for example, through a computer data breach or hack), this second step would help to stop them from obtaining your MFA code to access your retirement or banking account.

Beware of Scammers and Fraudsters

  • Scammers and fraudsters will try to trick you into transferring money or revealing your personal and confidential information to them.
  • Some signs that it’s a scam:
    • Unsolicited letters, emails, text messages, or telephone calls from someone claiming to be from your bank, a business you deal with, or the government.
    • The person says you or a family member is in some kind of trouble, or owes money, or has an emergency, or a virus is infecting your computer requiring immediate action.
    • The person tries to pressure you into acting immediately; for example, if you’re on the phone, they’ll tell you not to hang up and will give you instructions on what to do.
    • The person tells you that the only way to fix the problem is to give them money or your financial information; for example, telling you to give them your bank or retirement account number, send them money using cryptocurrency, wire money, buy gold bars.
  • What to do if you suspect a scam:
    • Don’t tell them your personal or financial information.  Legitimate organizations or the government won’t ask for this information by phone, text, or email.
    • Tell someone you trust about what happened. Talking about it could help you recognize that it’s a scam.
    • Separately, contact the government office, bank, or the business that the person claims they’re from and investigate whether the request is legitimate. Do not call the number or use the email the suspected scammer gives you.
    • Report identity theft, scams, or other cybersecurity incidents.  The federal government, including the FBI and the Federal Trade Commission, has set up useful sites for reporting cybersecurity incidents.

For more information and resources to protect your financial and retirement accounts:

For more information about enabling multi-factor authentication:

< Back

Sign up to receive updates from us:

Do you want to stay up to date on the latest retirement news and recent happenings at PRC?

Sign up to receive emails from us:

Click here >

Support the Pension Rights Center:

In today’s challenging pension environment, our work is more important than ever. Your contribution will help make it possible for the Center to continue its crucial role as a national consumer organization committed to protecting and promoting retirement security.

Donate >

  • Facebook
  • Twitter
  • YouTube
  • LinkedIn
© 2025 Pension Rights Center. This work is licensed under a Creative Commons Attribution-Non Commercial 2.5 Generic License.