By Paul Sweeney, The Pension Scams Action Group Intelligence Business Lead, TPR
You don’t need us to you tell you how persistent and opportunistic fraudsters are. Scammers will seize on any opportunity to take advantage of people – and advancements in AI have enabled them to develop fraudulent communications more convincingly than ever.
Impersonating savers to breach pension scheme defences
As highlighted in the new Action Fraud campaign, investment fraud remains prevalent. However we are also seeing an increase in reports of fraudsters using hacked data to impersonate savers and try to take over their pension accounts. Those aged between 50 and 69 are most at risk, according to our latest analysis.
As part of our Pension Scams Action Group (PSAG) intelligence-led prevention strategy, we have been collaborating ever more closely with our partners, including the City of London Police (CoLP) to enhance our shared intelligence on the scams threat landscape and disrupt emerging threats as early as possible.
The secondment of a TPR intelligence analyst to the National Fraud Intelligence Bureau, which is part of CoLP, has enabled closer analysis of reports to Action Fraud related to pension fraud than ever before. Our analysis has found that fraudsters are attempting to exploit security vulnerabilities to gain unauthorised access to members’ accounts. More than half (55 %) of the reported victims were aged between 50 and 69.
Fraudsters are hacking savers’ email accounts and accessing their correspondence with their pension scheme. With the stolen data, the fraudsters then impersonate the member and contact their pension scheme and attempt to change the details of the beneficiary bank account.
We also found examples of fraudsters using the stolen information to set up fake pension accounts in the member’s name in order to transfer and steal their savings. In some cases, access was gained to the accounts because the account credentials were poorly secured or unsecured. It’s vital trustees and administrators act now to strengthen their scheme defences – and ensure their members secure their accounts.
Impersonating organisations that savers trust
We are also concerned fraudsters are impersonating brands, including trusted organisations savers may rely on for help, in order to target individuals – including those who have already been scammed.
Our partners at the Financial Conduct Authority and the Fraud Compensation Fund (FCF), as well as the Chartered Trading Standards Institute (CTSI) have recently issued alerts to warn consumers that fraudsters are impersonating them.
The fraudsters have copied their branding to send texts and letters to pension scam victims, urging they act immediately to recover compensation. But the scammers’ real aim is to steal their data – or worse, more money. These organisations have made it clear they will not contact savers directly about their pensions or compensation. It is vital trustees and administrators ensure their members are aware of these scam risks and encourage protective habits.
These fake communications, which can be very convincing, often direct savers to cloned websites where scammers will attempt to gain their personal data. To prevent savers falling victim, our AI-assisted work to detect and disrupt fraudulent websites as early as possible continues.
We have now reviewed more than 900 websites, resulting in more than 30 high-risk sites being taken down by PSAG. We’ve also referred more than 100 sites to partner agencies for further investigation. Disrupting harmful websites has been instrumental in protecting savers from the risk of losing their pension. One illicit website has the potential to reach thousands of savers.
Working together to strengthen our defences
To keep the pensions industry aware of emerging threats, we are now issuing warning alerts to the pensions industry in collaboration with CoLP. This follows a recent pilot with a small group of industry practitioners and is part of our wider PSAG strategy to tackle online harm and fraud. Industry has a critical role to play. The latest Action Fraud data shows more than £17.5 million was lost to pension fraud in 2024.
Crucially, nearly 70% of the reports to Action Fraud about fraudsters attempting to access savers’ accounts came directly from savers or their relatives. This is a powerful reminder of why we need trustees and administrators, as frontline professionals, to step up and report suspicious activity – before fraudsters reach savers. As our analysis demonstrates, every report counts. It’s up to all of us to play our part in tackling fraud and preventing harm to savers.
What the pensions industry must do
We urge trustees and administrators to:
Tighten security – review and strengthen your security protocols, especially around member verification and account access.
Report suspicious activity to Action Fraud.
Support Action Fraud’s campaign by taking the following steps to help raise awareness:
Amplify Action Fraud’s social media posts across your own channels.
Add fraud warnings to member portals and annual benefit statements.
Warn your scheme members about the risks with the following advice for savers:
Ensure your pension account details are up to date and your online account is secure. You can improve your online security by strengthening your password and turning on two-step verification where available.
See Action Fraud for more advice on strengthening your security.
Stop, think and check who you are dealing with.
Reject contact out of the blue about your pension – even if it appears to be from an organisation you know and trust. Cold-calling about your pension is illegal. Do not click on a URL, reply to an email or use the contact details given.
Check who you are dealing with, using the FCA’s register.
If the contact is from an organisation you already know, always use their official website or contact details to check if it is from them.
Avoid hasty decisions and contact MoneyHelper for free, impartial guidance before taking any action regarding your pension.
Report – If you think you have been targeted by a scammer, report it to Action Fraud.
If you have made a payment: inform your pension provider as soon as possible, they can help you prevent any further losses. Monitor your pension statements regularly for any unusual activity.
Visit the Stop!Think Fraud website for more information on how to protect yourself.
|
