Ready To Talk?
We're ready to listen.

How We Help
Find out more about the types of services we provide when we partner with you.

Get the latest new, tips, and helpful hints about employee benefits.

Fraudulent Retirement Distribution Requests On the Rise

Over the last six months, we have seen a significant increase in cyber theft in the retirement plan industry. Discovering the convenience of electronic transmissions of data and poor security policies that are common in this industry, cyber thieves have left the credit card and banking industries and have begun attacking the private retirement plan system. Whether it be from a phishing email, robo call to your home, cloning your email, ransom ware, or a variety of other ways to hack your business and home computers, cyber thefts have found that collecting information on your computer and making changes to your retirement plan accounts have become a very profitable endeavor for them.

Who is at Risk and How Does this Happen?

Many of the fraudulent claims seen in the industry have been against the “baby boomer” generation. This is primarily because many of them have significant retirement plan balances and qualify for in-service distributions from their retirement plans. Cyber thieves typically find a way to hack the email or web history of the individual and determine if he/she has a retirement account and where it is located. Next, the cyber thief will contact the plan administrator, plan investment provider or third party administrator via a spoofed email and request the information that needs to be completed in order to take a distribution from the plan.

Most people believe that a cyber-thief would not have access to the information needed in order to complete the form to receive a distribution from the plan, but that is far from factual. Cyber thieves are able to extract from your computers all the information needed to complete the forms. They verify the information with the person that will be processing the distribution to make sure all their information is factual and then submit the forms to the processing firm with fraudulent signatures and fraudulent bank accounts to receive the proceeds from the distribution. Nearly all of these fraudulent claims are submitted on paper forms requesting ACH distributions. Submitting a claim via a paper form provides cyber thieves the ability not to have to login to your account to request the distribution, and the proceeds are sent electronically. This means that they get their money faster, whereas a traditional paper check would have been mailed to your address of record which would prevent them from getting the money.

What is the Industry Doing to Prevent these Attacks?

The retirement plan industry has been working very diligently to prevent the misappropriation of your private information and the balances in your account. Many online accounts now require two-factor authentication in order to login to your account.  While it may be inconvenient, it does lessen a hacker’s ability to access your account.

Many recordkeepers, plan administrators and TPAs have stopped taking paper distribution forms and now require the participant to login to their account and request the distribution. With the help of two factor authentication and the requirement to enter the distribution request online, it has deterred many cyber-thieves because it is more difficult and less convenient.

Other methods that have been implemented include a 10 day hold on all ACH distributions, no ACH distributions allowed with paper distribution requests, requirement of additional personal documentation with ACH transactions and implementation of a distribution waiting period if the participant changes their address.

Resource Benefits Administrators, as well as our partners in the industry, are working diligently to keep the private information and the account balances of the participants safe from these cyber attackers.

“We continually monitor what is happening in the cyber community and how it could affect our systems and processes,” said Michelle Parks, Partner and Managing Director at Resource Benefits Administrators. “Cyber theft is always evolving, and we will continue to monitor our processes to accommodate these changes.”

If you would like additional information about how to access your current vendors’ privacy and cyber-attack policies, please contact us at or call our office at 254-776-6214.