FBI PIN: Cyber Criminals Steal Funds from Retirement and Spending Accounts through Unauthorized Online Access
The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report.
Since September 2017, the FBI has received numerous reports of cyber criminals creating new online accounts—or accessing existing online accounts—to gain access to a variety of victim retirement and health spending accounts. Examples of targeted accounts include 401(k), pension, health savings, and flexible spending accounts. Many of the victim reports indicated the criminals used stolen personally identifiable information (PII) to either create new accounts or access existing ones, while other attacks targeted multiple employee accounts which were managed by the employer or a third-party plan administrator.
The attached FBI PIN provides an overview of the threat and recommended mitigation measures to assist organizations in guarding against the persistent malicious actions of cyber criminals.
Please do not hesitate to contact the NJCCIC at firstname.lastname@example.org with any questions. Also, for more background on our recent cybersecurity efforts please visit cyber.nj.gov.