Never Heard of 401(k) Identity Theft? It’s Time

This particularly dangerous form of identity theft is on the rise during COVID. Here’s what it is and how to protect yourself

In uncertain times, saving for the future can be a source of comfort. But as we move more of our lives online, especially in the age of COVID-19, 401(k) identity theft is a growing concern — one that’s likely more attractive to bad actors since the recent CARES Act permits early retirement distributions without penalty for those affected by the pandemic.

It’s vital to take actionable steps to protect yourself — and your future funds. We spoke with Carrie Kerskie, president of identity theft recovery firm Kerskie Group, for the full scoop on how to do just that.

Go all-online, and check in on your account often.

Experts say trading paper statements for online ones is a good first step to beef up your account security. Log into your provider’s website, check the box that says you’d prefer to forego paper statements in favor of online ones and set up all available account alerts. “That way you can go in and you can monitor your balances, you can see if any distributions have been filed [and] you can see if there’s been any changes to your account,” says Kerskie — including whether your mailing address, phone number or email address has been changed.

To best protect against identity theft, it’s important to stay engaged with your account: Log in at least once a month rather than waiting for your quarterly statement. The earlier you can detect fraud, says Kerskie, the better your chances of getting it back.

Make the answers to your security questions — and your PIN — something unexpected.

While you’re at it, make sure you set up all possible security measures on your account, including two-factor authentication and security questions. For the latter, though, the key is to make it something unexpected — a “one-off,” says Kerskie, who recalls a client giving her the idea. A bad actor could potentially find the real answer to the question online (your high school mascot, mother’s maiden name, first street you lived on), so you might as well pick someone you know — e.g., your best friend, brother, parent, child, etc. — and use their circumstances as your “answer key.” For instance, if the question were your first pet’s name and your answer key was your cousin, you’d choose their first pet as your own answer.

That goes for your PIN, too — people always want to choose their birthday, year of birth, anniversary, part of their Social Security Number or part of their address or phone number, says Kerskie. Choosing a four-digit number at random is better protection.

Look into identity theft insurance.

Identity theft insurance used to primarily serve businesses; now, it’s becoming more readily available for individuals and consumers, says Kerskie. Generally, you can either buy a standalone policy or check to see if it’s available as a rider on another policy you have, such as homeowner’s insurance.

Be sure, though, that the policy specifies that it reimburses stolen funds — and that it includes coverage for funds stolen from retirement accounts, such as 401(k)s. (Some policies still exclude those types of accounts.) If the policy does have stolen funds coverage, then you also need to check the limit on the policy: “Make sure your coverage matches what you have in your accounts,” says Kerskie.

With Hayden Field

Jean Chatzky

Jean Chatzky