There’s a dangerous assumption in the retirement plan world: that people who fall for scams somehow weren’t paying attention. That they should have known better.
That’s nonsense.
A 58-year-old woman in Michigan recently lost part of her 401(k) after being approached on WhatsApp about a cryptocurrency investment. She moved money out of her retirement account, scanned a QR code, and just like that—it was gone.
You read that and think, “How does that happen?”
It happens because scammers have gotten very, very good.
They don’t come in looking like villains. They look like opportunity. They show fake gains. They build trust. Sometimes they even let you “withdraw” small amounts early so it feels real. Then they go in for the kill—what’s often called “pig butchering.” They fatten you up before they take everything.
And here’s the part plan sponsors need to understand: your participants are targets.
Not just retirees. Not just the unsophisticated. Everyone.
Because 401(k) plans have become one of the largest pools of accessible wealth in the country. And now, with easier distributions, rollovers, and digital access, it’s never been easier to move that money—sometimes with just a few clicks.
That’s where education comes in.
Not the kind of “education” providers love to sell—webinars no one attends and emails no one reads. Real education. Repetition. Warnings about scams. Clear messaging that no legitimate investment requires urgency, secrecy, or QR codes sent over messaging apps.
And plan sponsors need to be paying attention. If participants are suddenly taking large distributions, asking about crypto rollovers, or moving money in unusual ways—that’s not just a transaction. That could be a red flag.
We spend so much time worrying about fees and fund performance. Meanwhile, someone is trying to steal the entire account.
Fiduciary responsibility doesn’t end at the investment lineup. It extends to protecting participants from risks they don’t even see coming.
Because the biggest threat to retirement security isn’t the market.
It’s the person on the other end of the message.
