Here is a cyber scare that hit close to home... My wife receives her 401k invoice to find the account balance previously over $115,000 drawn down to $0 overnight due a "Distribution/Other Deduction".
Considering my role with Securecast and our focus on anti-phishing / cybersecurity awareness / hacking prevention my immediate thoughts goes toward investigating a hacking scenario.
After 5 minutes of research the news gets worse... It turns out 401k accounts and other investment accounts are not protected by FDIC or other federal programs similar to your bank or credit card so the losses may be on us depending on the scenario. Second I learn that this is a major industry wide issue and alot of people are having their accounts drained on a regular basis - yikes!
So since these accounts are not insured federally what protections are in place? It really depends on the investment firm your 401k is with, the technical safeguards they have in place and their policies for protection for their client base. Most investment firms have taken a policy stance that they will refund accounts that have been plundered by a cyber-attacks as long as YOU have taken appropriate safeguards and were not negligent by say accidentally giving away your credentials or personal information from a phishing scam or other end-user hacking method.
Considering the increase in end-user hacking and phishing and the lack of investment firm accountability creates a really scary scenario for everyone out there!
Fortunately for us it turns out my wife's account was transferred to a new plan and we simply missed a previous notification but that is not the case for alot of folks out there. (google "401k hacked" to read a few horror stories)
So what should you do to stay safe?
1) Use strong passwords and do not share passwords across your accounts
2) Enable two factor authentication such as text message verify with your critical accounts i.e. banking, investing and email along with other safegaurds available to you such as phone pins and call-in secret phrases
3) Be cautious about clicking links on websites and emails - phishing emails are the #1 method used for end-user hacking out there so be vigilant and learn how to spot a phish (this is exactly what securecast.com is built for)
4) Keep an eye on your account balances so that you can respond if an incident occurs
5) Understand your investment firms policies and what they expect of you to protect your account
Bottom line, your 401k and other investment accounts do not have the same protections your bank accounts and credit cards do and there is alot of money at stake so be vigilant and take the necessary precautions.
For more information please check out this excellent article on the topic: http://www.moneytalksnews.com/ask-stacy-what-happens-investment-account-hacked/
We are excited to announce that QuickPhish has changed its name to Securecast!
Securecast is a new identity that represents our commitment to our core phishing simulation service, plus our expanding capabilities as a leading security awareness and training platform.
There is no denying that phishing attacks are on the rise because they work. Phishing threats exploit your employee's trust and expose your firm to financial and reputational risks including: compromised accounts, misleading purchases, wire fraud, and installing time consuming and costly malware (ie: Cryptolocker among others).