Every single day, I get a text that someone is trying to hack into my Coinbase account. I don’t even need coffee anymore, the scam alerts are my morning jolt. If it’s not Coinbase, it’s an email claiming my law firm’s “HR department” has urgent documents for me to review. (Note to scammers: I own my firm, and we don’t have an HR department.) Other times, it’s a fake real estate transaction I’ve supposedly been roped into. And let’s not forget the classics, the blackmail emails claiming they’ve hacked my webcam and are going to share embarrassing footage unless I pay up in Bitcoin.
Who falls for this stuff? Clearly, someone does, otherwise the scammers wouldn’t bother. It’s like the Nigerian prince emails of the early 2000s. They seem ridiculous, but if even one out of a thousand people takes the bait, it’s a profitable business.
Why It Matters for Retirement Plans
You might be wondering why I’m spending time ranting about scammers. It’s because the same tactics these grifters use are aimed at plan participants and plan sponsors. A single careless click can compromise accounts holding millions in retirement savings.
Think about it: hackers don’t need to break into Fort Knox when they can trick someone into handing over the keys. Phishing emails, fake login pages, phony HR messages—these are all tools in the cybercriminal’s arsenal. Once inside, it’s disturbingly easy to move money around, and the damage can be irreversible.
Vigilance Is the Only Defense
For plan sponsors, vigilance isn’t optional. Fiduciary duty doesn’t stop at picking funds and monitoring fees, it now extends to protecting participant data and assets from cyber theft. Regulators have been crystal clear: cybersecurity is a fiduciary responsibility.
That means training employees not to click on suspicious links. It means adopting multi-factor authentication (yes, even if it’s annoying). It means vendors need to be vetted for their cybersecurity practices, just as much as their recordkeeping fees.
The Human Factor
At the end of the day, technology only goes so far. The weakest link is always human behavior. Scammers don’t have to be smarter than your IT team; they just have to be clever enough to trick one distracted person into clicking “open.”
I might roll my eyes at the endless stream of scam attempts, but it’s a reminder that someone is always knocking at the door. For retirement plans, you can’t afford to leave it unlocked.
