Leading audit, tax and consulting firm RSM UK is urging pensions trustees to ensure their cyber controls and fraud prevention measures are robust, as recent figures from the NCSC (National Cyber Security Centre) show a worrying rise in ‘nationally significant’ cyber-attacks. These attacks, which can cause significant disruption and financial loss for businesses and consumers, have more than doubled already this year.

Pensions fraud is particularly prevalent, as recent Action Fraud data showed £48,000 is lost every day, with the average loss totalling almost £34,000 per person. Pensions trustees are advised to ensure their cyber risk and anti-fraud measures are as resilient as possible, and that paper-based copies of cyber risk plans are held in the event of a computer system failure, in line with recent NCSC advice.

Erin Sims, fraud risk director at RSM UK said: “Pensions fraud is often committed through cyber-attacks which use social engineering - often on an industrial scale - to trick people into transferring funds or revealing data to criminals. As the budget approaches, attacks targeting pension funds are likely to increase, as speculation about the tax-free treatment of pension lump sums increases.

“Many households are feeling the financial squeeze as inflation rises, and some may be tempted to transfer their pensions elsewhere seeking better returns, only to find they have been scammed. Pensions administrators and trustees have a key role in embedding the Pensions Regulator’s scam controls into touchpoints with clients, from wake up packs, through transfer triage and applying red/amber flags consistently. These measures should be tested regularly to ensure they remain fit for purpose.

“Rapidly improving AI video tools are making deepfakes more convincing than ever, allowing fraudsters to impersonate trusted figures and mislead investors with hyper-realistic content. Criminals are supercharging their old tactics with widely available AI generated deepfake voices and video, generating authentic interactions.

“Pensions providers’ front-line teams must also keep abreast of the ever-increasing suite of tools and techniques cyber criminals now have at their disposal. This includes training staff on spotting scams, ensuring third party cyber risks are properly considered, and retaining hard copies of cyber recovery plans.”

Earlier this year, the NCSC published its Cyber Governance Code of Practice to supporting boards and directors of medium and large businesses to govern their cyber risk and enhance operational resilience. The code highlighted that 50% of businesses and 66% of high-income charities had experienced some form of cyber security breach or attack in the last year, with the prevalence of attacks even higher among medium businesses (70%) and large businesses (74%) (Cyber Security Breaches Survey 2024).

Erin Sims concluded: “These figures are a stark reminder that more needs to be done to ensure pensions savers are protected from scams and fraudsters. We’d advise anyone who’s about to take out a pension lump sum to slow down, verify the offer is legitimate, and treat any unsolicited contact as suspicious.”

To avoid falling victim to fraud, pensions savers can take the following steps:

• Use strong, unique passwords for each website or service and never reuse them or share them with anyone.
• Enable multi-factor authentication wherever possible using secure methods like authenticator apps or hardware tokens instead of SMS, and never share your authentication codes with anyone.
• Do not log on to financial websites using public wi-fi networks as these may not be secure and can be intercepted by scammers.
• Never click on links in emails claiming to be from your pension provider, or respond to unsolicited emails and phone calls offering great returns on pensions investments.
• If it seems too good to be true it probably is – seek advice from your pension provider and/or independent financial adviser before transferring any pensions funds elsewhere.

Related news