Recognize and Report Phishing: Protect Your Pension System During Cybersecurity Awareness Month
As Cybersecurity Awareness Month continues throughout October, TEXPERS, a National Cybersecurity Alliance (NCA) Champion, is focused on empowering public employee pension system leaders, investment professionals, and vendors to recognize and report phishing threats. Phishing poses a serious risk to sensitive financial data and operations within pension systems. Understanding these threats is crucial to protecting pension funds and the personal data of retirement system members.
What is Phishing?
Phishing is a deceptive tactic cybercriminals use to trick individuals into revealing personal information. Often, attackers impersonate legitimate organizations—such as banks, government agencies, or even a pension system—and send fraudulent messages designed to look authentic. According to the NCA, these messages may urge recipients to click on a link or download an attachment, leading to malware installation or the theft of sensitive data.
In a world where large-scale cyberattacks and data breaches have become a constant threat, recognizing phishing attempts is one of the most critical steps to protect a person's or organization's digital life.
The NCA's Key Signs of Phishing
- Suspicious Links or Attachments: Phishing emails often contain unsolicited links or attachments. Hover over links to verify their destination before clicking.
- Urgent or Threatening Language: Emails claiming an account will be suspended unless they act immediately are common phishing tactics. Legitimate organizations rarely make such requests.
- Unusual Sender Email Addresses: Look closely at the sender's email address. Phishing emails often come from addresses with minor misspellings or extra characters.
- Poor Grammar and Spelling: Frequent grammatical errors or awkward phrasing are red flags in phishing emails.
Why This Matters for Pension System Leaders and Vendors
Public employee pension systems manage vast amounts of sensitive data, making them prime targets for cybercriminals. A phishing attack could lead to unauthorized access to retirement assets, data breaches, or service disruptions—posing severe risks to a fund's operations and credibility. Protecting a retirement system's digital environment is essential for maintaining trust with pensioners, annuitants, and stakeholders.
What to Do if You Receive a Phishing Attempt
Here are some tips from the NCA if a fund suspects a phishing attempt:
- Report it to the fund's IT department or email provider (most services like Gmail and Outlook have reporting tools).
- Forward the suspicious email to the Federal Trade Commission (FTC) at [email protected].
- Delete the email without clicking on links or downloading attachments.
TEXPERS' Initiatives for Cybersecurity Awareness
In addition to a previous news release and blog posts on protecting passwords and multifactor authentication, TEXPERS is hosting a special webinar for system members at 10 a.m. CT on Oct. 29. The event, conducted by NCA's Executive Director, Lisa Plaggemier, will provide insights from the NCA's Cybersecurity Attitudes and Behaviors Report and offer practical tips on how to protect pension systems from phishing and other cyber threats.
Attendees will also receive one Continuing Education (CE) hour, which is valuable for trustees and administrators to meet state-mandated training requirements.
Stay Secure, Stay Vigilant
TEXPERS is committed to supporting our members and stakeholders in safeguarding sensitive data. Throughout October, we'll share more resources to help public pension system leaders, investment professionals, and vendors protect their digital environments from phishing and other cyber risks.
Together, we can Secure Our World—and protect the futures of the public employees we serve.
About the Author:Allen Jones is the director of communications and event marketing for TEXPERS. He joined the Association in 2017. Before TEXPERS, he worked in the news media industry, producing content for newspapers, magazines, and online publications and leading newsrooms as an editor and publications manager. [email protected]