- Protect Your Assets Against Fraud
- Learn to Identify Legitimate TSP Communications
- Learn to Detect Fraud
- Learn to Identify Bogus Websites
- Learn to Identify Bogus Smartphone Apps
Detecting fraudulent attempts to access your TSP account - and reporting this activity - is vital to protecting your assets.
As a TSP participant with valuable retirement savings, you should be aware that there are many forms of financial fraud aimed at getting a piece of your account. Many of these scams are perpetrated over the Internet. Phishing, for example, is when you receive an email claiming to be from your financial institution, asking you (for some stated reason) to verify your account number and password. You are generally linked to a website to enter this information, and the website looks legitimate to you. You enter the information, thinking you are taking care of an important administrative task, but you've just given your account to a criminal.
How can you protect yourself?
How the TSP Contacts You
The TSP will never contact you by email, telephone, or mail and ask you to provide sensitive personal information such as your account number, Social Security number, password, or PIN.
Communication by Mail
The TSP contacts participants primarily by mail. The mail is sent from Birmingham, Alabama. Any letter that you receive from us will have your account number printed on it. This number is the TSP's means of identifying you. If we did not have this number, we could not contact you, by mail or otherwise. So if you receive any kind of communication asking you to "verify your account number," you can be sure that it is not legitimately from the TSP.
Your Web password and PIN are your business, and no one at the Thrift Savings Plan will ever need to know those numbers for any reason.
Communication by Email
The TSP will email you only to confirm an account transaction performed on the Web, and only if you provided your email address during your transaction.
Communication by Telephone
A TSP Participant Service Representative or an official from the Federal Retirement Thrift Investment Board may call you on the telephone, but only in response to communication that you have initiated by submitting a form, or by calling or writing the TSP.
How You Should Contact the TSP
In our written communications to you, we advise you to contact us through the:
- ThriftLine (1-TSP-YOU-FRST, 1-877-968-3778)
- Fax number (1-866-817-5023)
- TDD (1-TSP-THRIFT5, 1-877-847-4385)
- TSP website, www.tsp.gov or
- By writing to the TSP at P.O. Box 385021, Birmingham, Alabama, 35238
Criminals will attempt to confuse you and convince you to share sensitive personal information or visit malicious websites. They may:
- Threaten a negative action or outcome ("Your account will be closed if you don't...");
- Offer you a positive action or outcome ("Your account is eligible for a bailout..."); or
- Create a sense of scarcity ("The first 100 to respond...").
Typically, these types of illegitimate communications also provide you a "convenient" way to perform the requested action. For example, an email threatening to liquidate your account might contain a link to what looks like the TSP website or give you a phone number to call. The criminal relies on your desire for simplicity to get you to click on the link or call the provided phone number, rather than look it up. Don't do it.
Take the following steps to verify that you are really dealing with the TSP:
- Type the TSP's Web address, www.tsp.gov, into your computer browser and verify the ThriftLine number (1-TSP-YOU-FRST) to contact the TSP. If you don't have immediate access to the Internet, you can get this number from a participant statement, any TSP publication or form, from the new account letter you received when you became a participant, or you can contact your agency or service.
- Call the ThriftLine — 1-877-968-3778 — and speak to a Participant Service Representative. This individual will be able to tell you if the communication you have received is really from the Thrift Savings Plan.
Unfortunately, it is very easy for a criminal to create a website that closely mimics a target site, such as the TSP website. If you have followed a link to what you think is the TSP website, stay vigilant and practice the verification techniques listed below before you submit sensitive information about your TSP account:
- The TSP website is secured with an "extended validation certificate." This simply means that if you visit www.tsp.gov and attempt to access your account using a high-security browser, the color green will appear in one of the following forms (depending on the type of browser you are using):
- the address bar may turn green
- an icon from the Web server may appear with a green background
- "Thrift Savings Plan" may appear with a green background
- The address bar at the top left on your browser should display www.tsp.gov.
- When you enter account access to input your account number (or user ID) and password, the address bar on your browser should change from "http://" to "https://" and the security lock padlock icon should appear. If the padlock icon appears somewhere else on the page (such as at the bottom) but it does not also appear in the address bar at the top of your browser page, you are not on the TSP website.
- Look for indicators typical of phishing sites, such as misspellings and grammatical errors, information that you know to be inaccurate, and links that are not functional.
- Look for language threatening an action against your account if you do not provide your account number and password. This is typical of phishing sites. You will never find threats on the TSP website.
- If you are suspicious that you may be on a bogus website, click on the X at the top right to close the page, and report the incident to the TSP.
There are a number of mobile applications that reference the Thrift Savings Plan and may prompt you for your TSP account credentials. These applications are NOT sponsored by the TSP. The TSP cannot endorse any information or advice provided by third-party applications. More important, providing your TSP account credentials to third-party applications may jeopardize the security of your account.