HOW TO PROTECT YOURSELF

1. MONITOR YOUR ONLINE ACCOUNT

• Maintaining online access to your retirement account allows you to protect and manage it.
• Regularly checking your account reduces the risk of fraud.
• Failing to register for an online account may enable cybercriminals to assume your online identity.

2. CREATE A STRONG SECURE PASSWORD

• Do not use single words that can be found in the dictionary.
• The password must be between 8-20 characters and must include at least one letter, number and symbol (e.g. afhtfsf2$).
• Use a combination of uppercase and lowercase characters as well as numbers and symbols in your passwords.
• Don’t use letters and numbers in sequence (e.g. “abc”, “567”, etc.).
• Do not use your name, your spouse’s name, your pet’s name, your birthday, your address, or any personal information that others can easily obtain.
• Do not use a password that contains part of your user name or e-mail address
• Don’t write down passwords.
• Change passwords every 30 days, or if there’s a security breach.
• Don’t share, reuse, or repeat passwords across multiple accounts.

3. SIGN UP FOR ADDITIONAL SECURITY

• Multi-Factor Authentication (MFA) - Also called two-factor authentication, MFA requires a second credential to verify your identity (i.e., entering a code sent by text or email).
• Set up an account passphrase - In addition to the systems we currently have in place, you now have the option set up a passphrase to verify your identity when contacting us by phone. To set up a passphrase, visit this Create Secure Passphrase page and follow the instructions.

4. KEEP PERSONAL CONTACT INFORMATION CURRENT

• Update your contact information when it changes.
• Make sure there are multiple options for communication.
• Close or delete any unused accounts.

5. ACCOUNT ACCESS TIPS

• Make sure your web browser is the most current version to access your account online.
• To verify that your session is secure, look for an address starting with https:// instead of http:// and a secure symbol (icon of a closed padlock for most browsers).
• Avoid connecting to free Wi-Fi, because it's not always private.
• Do not leave your computer unattended, especially when you are logged into your financial accounts.
• Click “Log Out” to end your account access session.
• Review all your confirmations and account statements and verify the accuracy of all account information, transactions, and other instructions entered through the online platform.

6. BE CAUTIOUS OF PHISHING ATTACKS INCLUDING:

• Text message or email that you didn’t expect or that comes from a person or service you don’t know or use.

• Spelling errors or poor grammar.
• Mismatched links (a seemingly legitimate link sends you to an unexpected address). Often, but not always, you can spot the actual destination by hovering your mouse over the link without clicking on it.
• Shortened or odd links or addresses.
• An email request for your account number or personal information (legitimate providers should never send you emails or texts asking for your password, account number, personal information, or answers to security questions).
• Offers that seem too good to be true, express great urgency, or are aggressive.
• Strange or mismatched sender addresses.
• Anything else that makes you feel uneasy.

7. REPORT ANY FRAUDULENT ACTIVITY OR PHISHING ATTEMPTS IMMEDIATELY

• Report any suspicious transactions in your account to us immediately at 800.258.7878.
• Visit the Department of Justice website at https://www.justice.gov/criminal-fraud/report-fraud and/or your State Regulator to find out how to file complaints.