It shouldn’t have to be your responsibility to avoid getting scammed out of your 401(k) plan contributions. Unfortunately, there are selfish, entitled, and desperate people in the world whose dysfunctional moral compass tells them that it’s OK to steal others’ money.
Here’s what to look out for so you can reduce your chances of being fleeced and losing the money that’s key to your ability to retire.
- Federal laws and oversight programs try to protect employees from 401(k) scams, but they can’t catch everyone.
- If you participate in your employer’s 401(k) program, you need to be diligent about keeping tabs on your account statements and activity.
- Knowing about common types of 401(k) fraud can help you protect your retirement savings.
In fiscal year 2021, the Employee Benefits Security Administration (EBSA) indicted 16 plan officials, corporate officers, and plan service providers in criminal cases related to plans funded in whole or in part by employee contributions withheld from wages. These are just the cases that the government was aware of and acted on. The actual scope of criminal behavior in defined contribution plans, such as 401(k)s and 403(b)s, is almost certainly larger.
Check your pay stubs against your retirement plan activity. Keep an eye out for missing contributions in these categories:
- Amounts withheld from your paycheck
- Employer matching contributions
- Amounts that should have been contributed from your bonus, overtime, or other irregular pay
In May 2022, a chief executive officer (CEO) pleaded guilty to embezzling just under $125,000 from his employees’ retirement funds over 10 months in 2015. He withheld employees’ 401(k) contributions from their paychecks but never remitted those contributions to the plan.
“Fraud caused by employers does happen, but fraud is far more likely to occur by an outside source,” says Gigi Verrey, ChFC, CLU, and vice president of wealth management at GCG Financial. “Cyber criminals are stealing funds from retirement accounts by gaining unauthorized online access. These criminals target 401(k) accounts because the payoff is bigger than a typical checking account.”
Protecting yourself against all forms of hacking isn’t possible, but you can take steps to make your account more secure.
- Stop paper statements—Not everyone has a secure mailbox. Don’t give mail thieves an opportunity to find out where your 401(k) funds are held, what your account number is, or how much you’ve saved.
- Use online access—Some people never even set up online access to their account, which means that they might only examine their account activity when they receive a quarterly statement in the mail. That’s not often enough to stay on top of things.
- Use a difficult password—A reputable password management service can help you securely store and keep track of all your passwords, and it can generate strong passwords for you.
- Set up two-factor authentication—Apps such as Google Authenticator generate a unique code every 30 seconds that you must type in to access your account after entering your password, hence the term two-factor authentication. Unfortunately, many brokerage firms do not yet have this option, relying instead on phone numbers or email addresses for the second factor. This isn’t optimal, but it’s still better than nothing.
- Opt in to account notifications—The brokerage firm that holds your 401(k) can send you text messages and emails to let you know about activity in your account. These notifications can help you stay on top of activity as soon as it happens.
- Learn about the latest phishing and social engineering tactics—Don’t let scammers take advantage of your curiosity or humanity to gain access to your account by using schemes of which you are unaware.
“Scammers depend on investors’ lack of knowledge as it relates to their 401(k) plan,” says Tilisha Conley, retirement plan manager of G&A Partners, a national professional employer organization. “The more workers know about their 401(k), the better off they are in helping to prevent fraud and scam attempts.”
Trusted financial professionals have bilked workers out of their retirement savings. In one case, a man and his son operated as an established tax business to gain clients’ trust, then emptied their clients’ bank and 401(k) accounts to purchase a Maserati, a Land Rover, luxury homes, and hotel stays, according to the U.S. Department of Justice.
The duo promised their clients yearly returns of up to 10%—higher than long-term annualized average stock market returns, but perhaps not so unrealistic as to raise investors’ suspicions. A jury found the father guilty of conspiracy to commit wire fraud, wire fraud, money laundering, and aiding and abetting in April 2022.
Be Cautious: Cryptocurrencies
Are cryptocurrencies the way of the future or more like a bunch of Ponzi schemes? It depends on whom you ask—and on the cryptocurrency under discussion—but financially conservative folks caution against funding your retirement by relying on a new, high-risk asset class that’s not backed by anything tangible. These currencies have both risen and fallen very fast, creating the risk of losing everything when you turn your dollars into crypto.
Some brokerage firms may allow retirement plan sponsors to offer cryptocurrency as an investment option within a 401(k). For example, Fidelity has introduced a bitcoin offering.
Retirement plan fiduciaries must select a prudent menu of investment options for participants. Fiduciaries can be held personally liable for plan losses resulting from a breach of their duty to provide the highest standard of professional care.
The U.S. Department of Labor “cautions plan fiduciaries to exercise extreme care before they consider adding a cryptocurrency option to a 401(k) plan’s investment menu for plan participants,” according to a March 2022 memo. The department also states that cryptocurrencies and products whose value is tied to cryptocurrencies “present significant risks and challenges to participants’ retirement accounts, including significant risks of fraud, theft, and loss.”
Cryptocurrencies are speculative and volatile, and many people don’t understand how they work. They’re more vulnerable to loss and theft than traditional investments, their valuation is questionable, and they’re less well regulated than other types of investments. The EBSA plans to investigate plans and question fiduciaries that offer cryptocurrencies within 401(k)s.
How can I protect myself against 401(k) scams?
“The administration and management of a retirement plan rests with the employer, but the employee bears responsibility for monitoring their account for consistency and accuracy,” says Mary Fedorak, retirement plan advisor at Savant Retirement Plan Services. Here are three ways that you can protect yourself, in addition to the ones discussed above.
- Review your pay stubs—Check how much your employer is withholding from your paycheck as a salary deferral 401(k) contribution. Also, check how much your employer says it is contributing on your behalf as a matching or nondiscretionary contribution.
- Review your account activity—Make sure that all the 401(k) items noted on your pay stub match what’s actually going into your account.
- Talk to your co-workers—You don’t have to discuss dollar amounts, but you should discuss things such as whether you’re happy with your investment options and fees, how your portfolio is performing, and whether your employer and plan sponsor are correctly crediting your account with your contributions.
What are some warning signs of 401(k) scams?
Poor or inconsistent communication from an employer or any third party involved with the plan is one of the warning signs that employees should monitor, Fedorak says. Plan participants should receive prompt and consistent communication about contributions, withdrawals, and any other activity, all of which should be reflected on regular account statements.
Frequent changes to the investment lineup and high investment management fees should also raise suspicion. And if your company is acquired, be alert to the possibility of errors when your existing plan is merged with the acquiring company’s plan.
In addition, Verrey recommends checking your account statements for investments that you didn’t authorize. If you find anything suspicious, contact your 401(k) provider using the information on its website.
What should I do If I suspect a 401(k) scam?
You should immediately contact either the Employee Benefits Security Administration (EBSA) or the Internal Revenue Service (IRS). The EBSA enforces the Employee Retirement Income Security Act (ERISA), while the IRS audits and tests plans to make sure that their accounting and administration are being handled correctly.
Do government safeguards protect employees from 401(k) fraud?
“With all of the regulations and regulators involved with retirement plans, can employees rest assured their retirement assets are safe and secure? The answer is unequivocally no,” says Patricia L. Hutchinson, MBA, director of retirement plan services at Savant Retirement Plan Services. “Employer malfeasance (intentional criminal conduct), the lack of fiduciary responsibility (standard of care), or a combination of the two have resulted in significant losses for employees over time,” she continues. In other words, employees must be alert to the possibility of scams and take steps to avoid being cheated out of their savings.
The Bottom Line
Missing contributions, unauthorized distributions, dubious cryptocurrency investments, and investment fraud are some of the top ways that employees may get scammed out of their 401(k) savings. While federal laws and oversight programs regulate and oversee how employers and plan sponsors handle workers’ contributions and accounts, employees unfortunately need to be aware of the ways in which unscrupulous or incompetent people might part them from their money. Ideally, you’ll never have a problem, but if you do, catching it early could limit the damage.