Pension scammers have been impersonating members to exploit security vulnerabilities and gain unauthorised access to members’ accounts, The Pensions Regulator (TPR) has warned, urging the industry to "act now" to protect savers.

Analysis of reports to Action Fraud, made possible as part of TPR's Pension Scams Action Group (PSAG) work, revealed that fraudsters are using increasingly sophisticated impersonation tactics to target savers’ pensions.

In particular, TPR found that fraudsters are hacking savers’ email accounts and accessing their correspondence with their pension scheme.

With the stolen data, the fraudsters then impersonate the member and contact their pension scheme and attempt to change the details of the beneficiary bank account.

TPR also found examples of fraudsters using the stolen information to set up fake pension accounts in the member’s name in order to transfer and steal their savings and, in some cases, access was gained to the accounts as the credentials were poorly secured or unsecured.

More than half (55 per cent) of the reported victims were aged between 50 and 69.

Commenting on the findings in a blog post, Pension Scams Action Group intelligence business lead, Paul Sweeney, argued that it is "vital trustees and administrators act now to strengthen their scheme defences – and ensure their members secure their accounts".

Sweeney also raised concerns over reports that fraudsters are impersonating brands, including trusted organisations savers may rely on for help, in order to target individuals, including those who have already been scammed.

Indeed, he noted that the Financial Conduct Authority and the Fraud Compensation Fund (FCF), as well as the Chartered Trading Standards Institute (CTSI) have recently issued alerts to warn consumers that fraudsters are impersonating them.

Sweeney stressed that work is underway to address this, as PSAG's AI-assisted work to detect and disrupt fraudulent websites continues, with more than 30-high risk sites having been taken down by PSAG.

He also confirmed that, in order to keep the pensions industry aware of emerging threats, TPR is now issuing warning alerts to the pensions industry in collaboration with  City of London Police.

This follows a recent pilot with a small group of industry practitioners and is part of the wider PSAG strategy to tackle online harm and fraud.

However, he also emphasised the need for greater industry action, noting that nearly 70 per cent of the reports to Action Fraud about fraudsters attempting to access savers’ accounts came directly from savers or their relatives.

"This is a powerful reminder of why we need trustees and administrators, as frontline professionals, to step up and report suspicious activity – before fraudsters reach savers. As our analysis demonstrates, every report counts," he stated.

"It’s up to all of us to play our part in tackling fraud and preventing harm to savers."

In particular, Sweeney encouraged trustees and administrators to tighten security, report suspicious activity to Action Fraud, and support Action Fraud’s campaign.
:
"What we are seeing makes it clear that schemes must tighten their security – and take action to protect their members," Sweeney said.  

---