Broadcast Retirement Network’s Jeffrey Snyder discusses protecting America’s retirement savers from scams and fraud with The SPARK Institute’s Tim Rouse and the National Cybersecurity Alliance’s Lisa Plaggemier.
Jeffrey Snyder, Broadcast Retirement Network
Joining me now, Tim Rouse of the Spark Institute and Lisa Plaggemier of the National Cyber Security Alliance. Tim, great to see you.
Lisa, great to meet you.
Tim Rouse, The SPARK Institute
Jeff, thanks for having us. As always, it’s a pleasure.
Jeffrey Snyder, Broadcast Retirement Network
Pleasure to be here. Yeah, it’s great to talk to you, Lisa. I can’t wait to talk about a very important topic, fraud prevention month.
Many Americans may not be aware of this, but it’s a very important topic. Tim, last month we had you and Snezan on to talk about financial literacy. And I wonder if piggybacking off of financial literacy and the work Spark and people are doing will help prevent some of the frauds and scams that really could impact retirement plan participants and retirement plan sponsors.
Tim Rouse, The SPARK Institute
Well, Jeff, Spark recognizes that strong financial literacy covers many topics and defense against fraud is always foundational, right? And in particular, it’s important to start young and with young workers to begin to build, that are beginning to build their retirement savings and to get them literate in terms of what’s out there, what kind of red flags they might experience, unsolicited or urgent requests for account access, and then phishing emails and things of that sort. And then for older workers, older savers who have saved vast amounts of money are prime targets for financial scams.
So education builds awareness. Employers and plan and providers should do their best to integrate fraud prevention seamlessly into existing education programs. Many are doing this today with targeted modules, onboarding, annual enrollment communications, and mobile app notifications.
Providers are leveraging tools like short videos, interactive quizzes, alerts, describing common imposter scams. So SPARC encourages plan sponsors to collaborate with their record keepers on all of these efforts.
Jeffrey Snyder, Broadcast Retirement Network
Yeah, and Lisa, really important. This is an important month, but really every day of every year should be cyber fraud prevention day, month. What are some of the fraud risks and scams that retirement plan participants are actually facing today?
Lisa Plaggemier, National Cybersecurity Alliance
Well, I mean, you said it, it’s scam scams and more scams. I mean, I hear the word scamdemic now and then. Crypto or pig butchering scams, romance, any kind of relationship scam, scams leading to account takeovers like Tim mentioned.
You might’ve noticed the revised loss numbers from the FTC recently. They estimate that while 2.4 billion was actually what was reported losses by older adults in 2025, that the actual unreported losses could be as high as 81 and a half billion dollars. I mean, just to wrap your head around those kinds of numbers.
I mean, this is affecting generational wealth. This is the wholesale transfer of wealth out of our country to adversarial countries in most cases. I think the thing for people to remember is that this isn’t people who are naive or gullible or just not savvy.
Our minds and our emotions are being weaponized against us. These are very sophisticated actors. Like I said, transnational organized crime, ties to hostile nations.
So the biggest risk of being victimized is that we’re human. They weaponize how to get your attention. Human connection is being weaponized, right?
Loneliness is being weaponized. They create incredibly convincing backstories that are very, very believable. And I would posit that they’re actually more effective in motivating consumers to take the actions they want them to take than legitimate financial institutions are than the rest of us are at trying to get consumers to take action.
Trying to get a consumer not to use the same password on every account or to use MFA. Hopefully you’ve mandated it, but it’s hard to get consumers to do those things. So when you think about what the criminals are able to do to get somebody to withdraw cash and put it in a crypto ATM, they are masters at influencing people, masters of deception.
So I would say, don’t think this can’t happen to you, can’t happen to a loved one. Educate yourself and help your family and your loved ones.
Jeffrey Snyder, Broadcast Retirement Network
Tim, $2.4 billion. Now that didn’t necessarily come from the retirement industry, but if I’m a plan sponsor- And that was just from seniors. That was just seniors.
But Tim, if I’m sitting around that committee table, which so many of your members’ clients do, making decisions, how do you prioritize this with the fiduciary protections and your responsibilities?
Tim Rouse, The SPARK Institute
Well, our Fraud Prevention Committee, Jeff, has developed industry best practices around fraud controls that really are intended to educate the fiduciary and to provide a baseline for what fiduciary should prioritize, not just year round, not just for Fraud Awareness Month, but ideally communicating these things on a regular basis. So key priorities to include are implementing strong multi-factor authentication, like Lisa just mentioned, real-time alerts, participant education on verification steps and collaboration via information sharing platforms. We work with LIMRA on their fraud, our members work with LIMRA on their fraud share program because just sharing that information back and forth is very helpful in defeating or helping to defeat fraud.
And then fiduciary should also conduct regular risk assessments and train their staff. So beyond, like I said, beyond Fraud Awareness Month, ongoing vigilance through updated policies, technology adoption, and industry-wide sharing of threat intelligence is really essential. And we here at Spark understand that.
Jeffrey Snyder, Broadcast Retirement Network
Tim, we rely so much on technology in our industry, in the retirement industry and in financial services industry in general. How do you balance the need for information, data with digital, with the threat of cyber fraud and cyber attacks?
Tim Rouse, The SPARK Institute
Well, you’re absolutely right, Jeff. Technology is a double-edged sword, right? It certainly empowers savers with convenient access, real-time monitoring, and personalized tools that enhance retirement security, but it also expands the attack surface for fraud.
Innovations like AI-driven anomaly detections help our members look at behavioral analytics to flag things that are strange, and other security measures play critical roles in the defense that can often stop a fraud before it escalates into something bigger. But as you know, we’re passionate advocates for advancing retirement security and helping America save more effectively. However, fraud attempts have surged, driven increasingly by sophisticated cyber threats, identity theft, and exploitation of personal information like Lisa had mentioned earlier.
Jeffrey Snyder, Broadcast Retirement Network
Well, Lisa, you mentioned, or you were talking about some of these scams, and I wonder if you could go into some of the top behavioral red flags. One you mentioned, I had never heard of, I think you said pig butchering, was that a correct term?
Lisa Plaggemier, National Cybersecurity Alliance
Pig butchering, yeah.
Jeffrey Snyder, Broadcast Retirement Network
But what are some of, in all seriousness, what are some of the red flags that we need to be thinking about as plan sponsors, as professionals in the retirement industry, as advisors, record keepers, et cetera?
Lisa Plaggemier, National Cybersecurity Alliance
So I can put this into the context of something we talk about as the core four, that really applies across the board, whether it’s cyber or scams or fraud. Having a long unique password for every account, you probably need the help of a password manager for you to do that. Using multi-factor authentication on every account that offers it.
And I’m gonna say that if you’re doing business with a financial institution that doesn’t offer it or doesn’t, really everybody should be mandating this at this point. We tell consumers to get a different bank. Like if you’re working with a financial institution that doesn’t even offer it, and I will run into that in cases when we’re giving talks to the public, it’s really that important.
So if it’s not on your radar, that’s not on your plan to get that out there, you need to catch up would be my advice. Keep all your devices and your operating systems and everything up to date. And then really the fourth one that has the most to do with scams is watching out for all kinds of signs of social engineering.
So that sense of urgency that Tim mentioned, offers that are too good to be true investment opportunities that sound too good to be true. Anybody asking you for money, data, or access to a device like a tech support scam, Dell is not gonna call my mom and say, hey mom, we saw a problem with your computer, let us remote in and they’ll give us your credit card and we can fix it for you. Don’t answer the phone if you don’t know who it is.
We tell people to make sure they have all their contacts on their phone, their doctor’s offices, all those folks. It is okay not to answer the phone. We were all raised, when I was a kid and there was a landline and the phone rang, somebody get the phone, right?
Like the older generation is used to answering the phone. And now we have to kind of retrain ourselves not to pick up if we don’t know who it is. Don’t reply to texts, if we don’t know exactly who that is, if that person isn’t on our contacts.
So we have all these tips and more on staysafeonline.org and then at thenandnow.info, which is our new campaign for the aging demographic.
Jeffrey Snyder, Broadcast Retirement Network
And I’d be remiss, Tim brought up artificial intelligence. It’s very big in the retirement industry as we look for ways to streamline and improve the workflow, but it’s being weaponized against people as well. So it’s not only replacing images and doing fun memes, it’s being used to kind of strip people of their essence.
Lisa Plaggemier, National Cybersecurity Alliance
Yeah, AI unfortunately has made the bad guys infinitely more efficient and effective. So they can create a lookalike website, for example, of a financial institution in just minutes, they can create a very convincing phishing email in seconds, they can create hordes of them at scale. So there’s the old advice of checking sender addresses and checking web URLs to make sure they look legitimate, but those are, even those, even what they’re dreaming up there is getting more and more sophisticated and it’s getting harder and harder to tell.
So we tell people to make sure they’re navigating to their provider’s website on their own, not clicking on links to get there. But what concerns me the most about AI are the deepfake tools. You kind of talked about creating your own images.
So these real-time deepfake tools, they’re cheap, they’re easily available, and they allow a criminal to have a conversation, let’s just say with my mom, with grandma, she might think she’s talking to my daughter and it’s a real-time face and voice swap. So with any, just a few seconds of audio or video of my daughter, they can convince my mom that they’re on a FaceTime or a phone call with my daughter and it’s a real-time conversation. So we did a campaign on this last year around April Fools, AI Fools, and the call to action was having a safe word, having a safe word with, it could be a coworker to defend against things like MFA attacks, or it could be grandma, it could be my mom.
So we’ve told her if she doesn’t hear the word avocado, then she doesn’t need to be rushing to the scene of an accident or wiring money to anybody or giving anybody her MFA code. So it’s really about having a verbal password, something that only you know, don’t send it in a text or an email. And that’s the advice that we’re giving to avoid those deepfake attacks.
Jeffrey Snyder, Broadcast Retirement Network
You may wanna change the avocado password.
Lisa Plaggemier, National Cybersecurity Alliance
Yeah, I use that as an example, yeah.
Jeffrey Snyder, Broadcast Retirement Network
Tim, I wanna close out our conversation, Spark is the leading advocate for the retirement industry. You’re up on Capitol Hill, in fact, you’re in Washington, DC right now. I can see the Washington Monument behind you.
But what do we need to do legislatively, regulatorily to make a difference? And how can you foster that with the partnership with the National Cybersecurity Alliance?
Tim Rouse, The SPARK Institute
So Jeff, you know that Spark has been a passionate advocate for enhancing retirement security and helping Americans for a long time. However, fraud attempts have surged, as I mentioned earlier, and are driven increasingly by sophisticated cyber threats and everything that Lisa just mentioned. So Spark members have naturally expanded their focus to include robust prevention.
To really protect retirement, however, it’s about stopping fraudsters from gaining access to personally identifiable information in the first place. And then they use that to do everything that Lisa just said. This challenge extends way beyond just retirement across our entire society today.
And so we really need to start to focus on the broad sources of this information, like social media platforms, data brokers, unsecured databases, and lax online practices that make the fraud attempts easier. So that’s really where our members are now starting to, for the first time, to focus on how can we, working with others, get to some of the root sources of these attacks. So.
Jeffrey Snyder, Broadcast Retirement Network
Yeah, I mean, as Lisa said, there are so many threats out there. There are adversarial threats. We need to be protected.
We need to protect ourselves. We need to help other people protect themselves. Spark does that on behalf of so many of its members, now with this partnership with the National Cyber Alliance.
You know, the sky’s the limit. And you know what? It’s not just one month out of the year.
It’s 12 months out of the year. Lisa, Tim, we’re gonna have to leave it there. Great to see you as always.
And look, we look forward to having you back on the program again very soon.
Tim Rouse, The SPARK Institute
Thank you, Jeff.
Lisa Plaggemier, National Cybersecurity Alliance
Thanks for having me.