Are You a ‘Phish?’

TSP investors are not immune to scams from people who see a big pot of money and would like to have some of it.

Do you know how much money you have in your TSP account? Could someone transfer the money from your account into an account at an offshore bank while you are thinking of how you are going to spend that money when you retire?

Before you answer with certainty, read on.

Unless your spam protection is better than most, you are probably used to getting e-mail with “good news” advising you of a variety of fortunate events that have fallen on you. Perhaps you are being advised that you have won the Spanish lottery; you have been selected by a distraught multi-millionaire in a war-torn country as a trustworthy person who could hold on to a few million of his dollars until he can leave to claim them back from you; or, in a more scary tactic, you are being given a notice from the “IRS” that you need to update your personal information in order to avoid tax problems with the federal government.

There are several common denominators in these scams. First, some people always fall for them and reveal their personal information on a website that is not what it purports to be. Second, they always want your money and/or information that will enable them to get your money.

Some of the scams are very effective–especially when they are first issued. Some of these scams even use fake government e-mail addresses to lure the suckers into the web of lies and deceit.

The method of getting a person to provide the information is called “phishing.”

What is phishing?

Phishing is a term for deception designed to steal your identity. In phishing scams, the thief tries to get you to disclose valuable personal data—like credit card numbers, passwords, account data, or other information—by convincing you to provide it under false pretenses. These schemes can be carried out in person or over the phone, and are delivered online through spam e-mail or pop-up windows.

“Phishing” is a term that is from the jargon of internet technology. “Fishing” becomes “phishing”–probably because a computer geek somewhere thought it looked cool when the term was first used. The scam artist is looking (i.e. fishing) for your personal information. Perhaps it may have initially been taken by a deranged fan of the rock group called Phish. In any event, the term as it is now used can mean problems for you and your retirement.

With these scams popping up every day on the internet are federal employees immune?

You may think that working for Uncle Sam will convey a type of immunity. Who wants to get the attention of the FBI or other federal investigative organizations by targeting the federal government in a scam?

But the federal government is often where the money is and working for Uncle Sam doesn’t automatically provide much protection. In any event, a person operating a scam from a foreign country may not have much fear of the FBI or the US federal government–or may just not be that bright to begin with.

Last week, a new phishing scheme emerged and this one is not going to impact an unknown person with whom most readers have nothing in common.

This scam e-mail went to a number of federal employees asking them for personal information on their Thrift Savings Plan account.

Why not? The TSP has about $175 billion in assets. An entrepreneurial thief may be able to convince a few unsuspecting TSP investors to part with their TSP password, use the information to suck your money out of your account, and slink away quietly into the night with a much bigger foreign bank account. You, on the other hand, could find yourself with nothing left in your TSP fund that you may have been building up for the past 18 years or so.

Like most financial institutions that are reputable, the TSP does not send out an e-mail to participants asking for their Social Security number, credit card or banking information.

But, if you got an e-mail telling you that the TSP has added a new e-mail to your account, asked you to verify that you made this change, and directing you to a website to correct the problem, you have been the target of a phishing scam.

Moreover, if you provided your Social Security number, your TSP personal identification number, or provided other personal financial information, you have been “phished.” You may also now be broke.

If you did provide this information, contact your credit card company/bank immediately and seek guidance. In addition, call the TSP at 1-877-968-3778 and ask to have your account access blocked.

Welcome to the brave new world of instant access to information and electronic money.

About the Author

Ralph Smith has several decades of experience working with federal human resources issues. He has written extensively on a full range of human resources topics in books and newsletters and is a co-founder of two companies and several newsletters on federal human resources. Follow Ralph on Twitter: @RalphSmith47