Pension trustees and administrators are being urged to strengthen their defences after new analysis revealed the scale and sophistication of impersonation fraud targeting savers.
The Pensions Regulator (TPR) said fraudsters are increasingly using stolen personal data to impersonate savers and take over pension accounts. People aged between 50 and 69 are most at risk, according to its latest review of Action Fraud reports carried out with the City of London Police.
Paul Sweeney, TPR’s business lead for the Pension Scams Action Group (PSAG), said schemes must do more to protect members. He said: “It’s vital trustees and administrators act now to strengthen their scheme defences – and ensure their members secure their accounts.”
“It’s vital trustees and administrators act now to strengthen their scheme defences – and ensure their members secure their accounts.”
Paul Sweeney, TPR
Nearly 70% of Action Fraud reports about attempts to access pension accounts came directly from savers or relatives, not from industry.
Sweeney said: “This is a powerful reminder of why we need trustees and administrators, as frontline professionals, to step up and report suspicious activity – before fraudsters reach savers. As our analysis demonstrates, every report counts.”
Fresh data from Action Fraud shows that UK savers lost £17.6m to pension fraud in 2024, the equivalent of around £48,000 every day, with an average loss of £33,848 per victim.
Ian Bell, partner and head of pensions at RSM UK, warned that fraud risk was intensifying. He said: “Pension fraud is likely to increase in the run-up to the Budget, as speculation continues that the chancellor may change tax rules on the tax-free treatment of pension lump sums.”
He added that the point of drawdown was also a prime hunting ground for scammers.
“Since pension freedoms gave people more flexibility, and with cost-of-living pressures driving lump-sum withdrawals up by 60%, fraudsters have adapted fast,” Bell said. “They blend high-pressure investment pitches with convincing impersonations of trusted advisers, often using AI deepfakes to make voices and video appear authentic.”
He concluded: “Controls need to be tested and revisited to ensure that they remain fit for purpose as threats evolve. Front-line teams must also be prepared for AI-enabled impersonation to combat fraud threats and spot red flags at the earliest stage.”
What schemes should do now
The Pensions Regulator has urged trustees and administrators to take the following actions to help combat fraud:
- Apply TPR’s scam controls across member communication touchpoints, including ‘wake-up’ packs
- Tighten security around member verification and account access
- Report suspicious activity promptly to Action Fraud
- Regularly test and update scheme defences as threats evolve
- Train front-line teams to recognise AI-enabled impersonation
