Skip to content
Download PDF

Client Conversations – Fall 2021

In this installment of Client Conversations, the team at VESTED gets into old-world and modern-day tactics crooks use to steal from 401(k), 403(b), and other retirement accounts. From contacting financial institutions pretending to be the account holder to convincing the account holder to transfer funds out of the account—we’re exposing what you need to know to safeguard your accounts. Also included are insights on the potential age delay in RMDs. With change expected to become law by the end of the year or sometime in 2022, VESTED dives into the ways that the extra years could provide more time to strategize.

Q: Are criminals targeting retirement accounts? If so, what do I need to know to protect myself?

Attempts to steal from 401(k), 403(b), and other retirement accounts are, in fact, on the rise. But while it might feel like crooks always seem to be a step ahead of the good guys, you should know that stealing from a retirement account isn’t easy. 

Criminals try to steal from retirement accounts using both old-world and thoroughly modern techniques. They might try calling the plan’s recordkeeper and impersonating you or sending a faxed distribution request with your signature. 

That’s right—crooks can even lift signatures from other documents to create an initial online identity or steal the one you have in place through hacking. 

Each approach requires different knowledge about you, and there are several barriers in the way. In addition, 401(k) accounts are more difficult to steal from than typical bank accounts because they often require additional paperwork from the employer to access the money, but these retirement accounts can also be easily subject to fraud if the crook has the right information. 

Experts say criminals use a few common tactics. One is acquiring an account holder’s statement or website credentials and contacting the financial institution pretending to be the account holder trying to get his or her money out. 

The other way crooks make off with retirement savings is by using a technique called social engineering (which is what used to be called a con or a grift), persuading the account holder to transfer funds out of the account. 

Fortunately, there are some things you can do to protect yourself from frauds like these. Taking the following steps can help safeguard IRAs and retirement plan accounts like 401(k)s. 

Create an online account. Experts recommend setting up online account access even if you prefer paper statements. It’s easier for impersonators to take control of your account online if you haven’t claimed online access for yourself. 

Check in regularly. Check your retirement account, including your email and street addresses, at least monthly. Sign up for text alerts that notify you of changes or transactions, and use multi-factor authentication (MFA). MFA is a security enhancement that allows you to present something you know—like your password—with two credentials when logging into an account. Credentials fall into any of these three categories: something you know, like a password or PIN; something you have, like a smart card; or something you are, like your fingerprint. 

Practice good internet hygiene. Avoid public Wi-Fi, and never click on suspicious or unfamiliar links in emails, text messages, or instant messaging services seeking personal information, including passwords. 

Design good passwords. Choose unique passwords that you keep confidential. Long passwords are stronger, so make your passwords at least 12 characters. Try using a lyric from a song or poem, a meaningful quote from a movie or speech, or a passage from a book. 

Dispose of printed statements carefully. Shred printed statements along with other sensitive documents. Local office supply stores offer shredding by the pound in case you have lots of old statements to dispose of. 

If you see something, say something. If you are personally affected, immediately call your recordkeeper and employer and have a freeze put on your account. You may also want to report it to the Federal Trade Commission (FTC) at, the Treasury Inspector General for Tax Administration (TIGTA) at, and your local police department. 

Q: I’ve heard Congress might raise the age for taking RMDs. What do I need to plan for if the age moves to 73?

It is true. The age when Americans must start making withdrawals from traditional individual retirement accounts (IRAs), IRA-based accounts, and most employer-sponsored retirement plans could change again, and potentially soon. 

The proposed new legislation, nicknamed SECURE Act 2.0, would increase the required minimum distribution (RMD) age to 73 starting in 2022, then to 74 in 2029 and 75 in 2032. 

This change is expected to become law either by the end of this year or sometime in 2022. However, the potential impact of a higher age requirement on your RMD timing is mixed and depends on how quickly you need the money. 

The majority of retirees will not be impacted. According to the Internal Revenue Service (IRS), 79 percent of retirees take more than their RMD annually because they need the money. 

However, for the 20.5 percent who take only the minimum amount required, the extra years could provide more time to strategize. 

If you have income sources in addition to your IRA and company plan, waiting another one to three years can be a big plus because it allows your savings to grow on a tax-deferred basis for longer. 

Another big planning opportunity related to RMDs at 73 is that the SECURE Act leaves the eligible age for qualified charitable distributions, or QCDs, intact at 70 1/2. The QCD gives charitably inclined retirees the opportunity to make tax-free gifts using assets from their tax-deferred accounts. 

The mismatch between the QCD-eligible age (70 1/2) and the new RMD age of 73 provides an opportunity to use QCDs aggressively when first eligible with an eye toward reducing RMDs when they commence. However, it is a short window, and QCDs are limited to $100,000 per year. 

A delay in the RMD age is also an opportunity to convert more of a traditional 401(k) or IRA over time to a Roth IRA. 

While taxes are paid on the converted money, withdrawals down the road would be tax-free, unlike distributions from a traditional IRA or 401(k), which are taxed as ordinary income. 

Similarly, those post-retirement, pre-RMD years allow for tax-lowering maneuvers not directly related to the IRA. For example, tax-gain harvesting in taxable accounts can help reduce or eliminate capital gains taxes eventually due on those assets. 

While the first SECURE Act eliminated the stretch IRA for the majority of beneficiaries who inherited IRA assets in 2020 or later, it does provide a big opportunity for Roth IRA beneficiaries. 

Distributions from inherited Roth IRAs are almost always tax-free. A beneficiary could take no distribution until the tenth year after inheriting the account, leaving all the earnings in the inherited Roth IRA to grow tax-free. The account could then be emptied in the tenth year after years of tax-free growth with no tax bill for the beneficiary. 

If you are considering your estate plan and are thinking about how your beneficiaries will fare under the new rules, now may be a good time to consult with a knowledgeable tax or financial advisor.