Unsupported Browser Detected

Internet Explorer is not fully compatible with the features of this website. For the best possible experience, please switch to Chrome or Firefox. Click each to download if needed.

You are: individual

Support

Insights & Education

It takes everyone to prevent fraud and cyber crime

November 2025 | 3 min read

Organizations today face unprecedented threats to information security. That’s why a multitiered approach that includes you and your retirement plan participants can go a long way to help protect information. Implementing strong internal processes and engaging plan participants to do their part can help stop bad actors in their tracks. Corebridge Financial is your partner to help defend against and prevent fraud and cyber threats across your organization with tools and guidance geared to your unique challenges.

What Corebridge is doing to protect your data

Protecting your information is a top priority. Our risk-centric approach helps protect personal information while ensuring access to participant data with 24/7 monitoring, continuous data scans and a dedicated cyber team. Here are just some of the numerous security features that are in place:

Multifactor authentication across our digital tools provides added security for account access, requiring unique codes via text or email upon logging in.

Finger and facial biometrics are available on the Corebridge mobile app.

Voice recognition technology improves call-in verification.

Electronic account statements reduce the likelihood of sensitive information being intercepted in the mail.

Continuous education of our financial professionals and call center representatives helps them identify fraud attempts.

Our elder and vulnerable client portal provides added protection for these especially targeted groups.

All these safeguards make a big difference, but their success also relies on your help.

What you can do to enhance cyber security from within

Under the Employee Retirement Income Security Act of 1974 (ERISA), plan fiduciaries must act prudently and solely in participants’ interests. The Department of Labor considers protecting plan data and assets from cyber threats to be part of that fiduciary responsibility. Failing to follow reasonable cyber security practices could be seen as a breach of duty. As a plan sponsor you can significantly strengthen your internal cyber security by improving internal governance, technology, and workforce and operational practices.

1. Governance and policy

Make cyber security a management priority with clear accountability for executives.

Maintain up-to-date security policies that align with standards like ISO 27001, NIST CSF, and ERISA best practices.

2. Workforce controls

Provide continuous training on phishing, social engineering, and secure data handling for all staff—not just IT employees.

Limit employee privileges to the minimum required (“least privilege”), and enforce multifactor authentication.

Use behavioral analytics to detect unusual activity that could indicate malicious or negligent insiders.

3. Technology and infrastructure

Isolate critical systems and adopt a zero-trust architecture to reduce lateral movement in case of a breach.

Implement multifactor authentication, passwordless authentication where possible and regular credential rotation.

Deploy intrusion detection/prevention systems (IDS/IPS), endpoint detection and response (EDR) and real-time SIEM (security information and event management) monitoring.

Encrypt data at rest and in transit, use secure key management and perform regular backups with offline copies of data.

4. Operational practices

Apply security patches promptly and automate vulnerability scanning.

Maintain a tested incident response and business continuity plan, including clear escalation paths.

Continuously threat test and monitor vendors and partners for their cyber security vulnerabilities.

5. Continuous improvement

Commission independent audits and exercises to simulate real-world attacks, adjusting protocols as needed.

Track key risk indicators (KRIs) such as time-to-detect and time-to-remediate to guide investment and improvement.

By combining strong governance, well-trained employees, layered technical defenses and constant monitoring, your institution can greatly reduce the likelihood and impact of cyber attacks. But that’s only half the story. Your participants are vulnerable on their own too, and there’s a lot you can do to help them secure their personal information.

Turn your participants into fraud protection champions

Education is the key to improving your participants’ information security. Sending regular reminders to take advantage of all the protections available to them is the place to start. Here’s what you can tell participants to do to help secure their information.

1. Strengthen logins

Use strong, unique passwords of at least 12 characters that include a mix of letters, numbers and symbols.

Enable multifactor authentication whenever it’s offered.

Use passcodes instead of passwords, if available.

Take advantage of biometric login (fingerprint/facial) available on the Corebridge app.

2. Protect account access

Never share login credentials—even with trusted people or plan representatives.

Log out after using shared or public devices.

Avoid public Wi-Fi for account access; if necessary, use a reputable VPN.

3. Monitor accounts regularly

Check statements and balances at least monthly for unauthorized changes.

Set up account alerts (email/text) for logins, withdrawals or profile updates.

4. Keep contact information current

Update email, phone and mailing address information promptly to receive timely alerts and recover access quickly if needed.

5. Secure devices

Install updates and security patches for operating systems, browsers and apps.

Use anti-virus/anti-malware software and enable firewalls.

6. Stay alert to scams

Beware of phishing emails or texts claiming to be from an employer, government agency or other reputable organization.

Verify suspicious messages by calling the official plan sponsor number—never click on links or open unexpected attachments.

7. Report suspicious activity quickly

Use official workplace channels to report fraudulent activity on any account or contact Corebridge at 800.448.2542 or complete the Fraud Reporting form.

If a crime has occurred, contact the major credit bureaus and place a freeze on all accounts.

All these steps help protect your participants’ retirement savings with a strong defense. Corebridge is also here to help you get them on board.

Partner with Corebridge to help protect your plan

Stopping fraud before it happens is critical to reducing damage. As your trusted provider, we can support your efforts to improve cyber defenses with our tools and educational resources. Our data protection site can help educate participants on ways to protect their data. Pointing participants to our online security center and fraud prevention tips can help them learn how to identify risks and what to do if they suspect fraud.

Your Corebridge representative can assist you with email templates and other communications to make distributing this information easier and more accurate. As a part of our Account Protection Responsibility, in the event a participant has taken all the necessary actions to prevent fraud on their account and assets are taken through no fault of their own, Corebridge will replace the full value to make their accounts whole.

If you’d like to learn more about how you can help your participants protect their information, reach out to your Corebridge representative today.

_{RO #4982519}

This material is general in nature, was developed for educational use only, and is not intended to provide financial, legal, fiduciary, accounting or tax advice, nor is it intended to make any recommendations. Applicable laws and regulations are complex and subject to change. Please consult with your financial professional regarding your situation. For legal, accounting or tax advice consult the appropriate professional.

Corebridge Financial, Inc. and its subsidiaries provide a wide range of life insurance, retirement solutions, and other financial services. These diverse offerings include products and services that help businesses and individuals protect their assets, manage risks, and provide for retirement.

Annuities and life insurance products are issued by American General Life Insurance Company (AGL), Houston, TX except in New York, where they are issued by The United States Life Insurance Company in the City of New York (US Life). Certain annuities are issued by The Variable Annuity Life Insurance Company (VALIC), Houston, TX. Issuing companies AGL, US Life and VALIC are responsible for financial obligations of insurance products. AGL does not solicit, issue or deliver policies or contracts in the state of New York. Products and services may not be available in all states and product features may vary by state. Please refer to the contract.

Policies issued by American General Life Insurance Company (AGL), Houston, TX except in New York, where issued by The United States Life Insurance Company in the City of New York (US Life).

Policy Form Numbers: ICC21-19311 Rev0321, ICC21-19310 Rev0321, 19310, 19311, 19311-5, 19310-5, 19311-10 Rev0321, 19310-10 Rev0321, 19311-35, 19310-35, 19311N Rev0321 and 19310N Rev0321; Rider Form Numbers: ICC14-14012, 14012, 14012N, ICC23-23601, 13601, 13601N, ICC14-14001, 14001, 14001N, ICC22-22995, 22995, 22995N. AGL does not solicit, issue or deliver policies or contracts in the state of New York.

Guarantees are backed by the claims-paying ability of the issuing insurance company and each company is responsible for the financial obligations of its products. Products may not be available in all states and features may vary by state. Please refer to the policy for more information.

All companies above are wholly owned subsidiaries of Corebridge Financial, Inc. Corebridge Financial and Corebridge are marketing names used by these companies.