The Pensions Regulator (TPR) is calling on trustees and administrators to strengthen their defences against “increasingly sophisticated” pension fraud, warning that savers’ accounts are being targeted through advanced impersonation techniques.
In a new blog, ‘Taking the fight to impersonation fraud – what industry must do to protect savers’, business lead for the Pension Scams Action Group (PSAG) Paul Sweeney, said fraudsters are using stolen personal data and advances in AI to impersonate savers, hack email accounts and take over pension pots. Analysis carried out with the City of London Police shows more than half of reported victims are aged between 50 and 69.
Sweeney said: “Fraudsters are hacking savers’ email accounts and accessing their correspondence with their pension scheme.
“With the stolen data, the fraudsters then impersonate the member and contact their pension scheme to change the beneficiary bank account. We also found examples of fraudsters setting up fake pension accounts in the member’s name in order to transfer and steal their savings.”
He added that some breaches occurred because account credentials were “poorly secured or unsecured,” urging schemes to ensure members improve account security.
He said: “What we are seeing makes it clear that schemes must tighten their security and take action to protect their members.”
TPR and its partners have also raised concerns about ‘recovery room’ scams, in which fraudsters impersonate trusted organisations, including the FCA, the Fraud Compensation Fund and Trading Standards, to target those who have already been scammed.
Sweeney said: “The fraudsters have copied their branding to send texts and letters to pension scam victims, urging they act immediately to recover compensation. But the scammers’ real aim is to steal their data – or worse, more money.”
AI-assisted monitoring has led to more than 30 high-risk websites being taken down and over 100 referred for investigation. Sweeney notes that “One illicit website has the potential to reach thousands of savers.”
Warning alerts about emerging threats are now being issued to schemes in collaboration with the City of London Police.
He urged schemes to tighten security around member verification and account access and add warnings to portals and statements and encourage members to use strong passwords and two-step verification. Sweeney also mentioned educating members around verifying anyone contacting them about pensions, avoiding hasty decisions and instead seeking impartial guidance from MoneyHelper.
Sweeney emphasised the importance of industry reporting, noting that almost 70 per cent of Action Fraud reports on attempts to access pension accounts came from savers or their families. More than £17.5m was lost to pension fraud in 2024, according to Action Fraud data.