Visiting the secure section of www.trsnyc.org is the best way to stay on top of your TRS accounts. But logging in is a multi-step process—for your protection.

Start with the LOGIN/REGISTER button at the top right corner of any page on our site; then click LOGIN. You will see a screen to enter your Username (also known as User ID) and then a screen to enter your Password. After that, you will need to enter a one-time password (OTP), which will be sent to you by email.

It may take a few minutes before you receive the OTP, so please wait before requesting another one. If you do need to request another OTP, you can choose “Alternative Authentication” to receive it by phone or text message. But the first OTP will always be sent by email, so make sure the address you have on file with TRS is one that you can access easily!

You probably have heard stories of pension fraud in the media: A relative does not report the death of a pensioner and continues to cash the monthly payments. Or a stranger manages to steal a retiree’s identity and redirects the victim’s pension payments to a different bank account. It’s scary stuff.

For TRS, preserving the security of our members’ benefit payments is our highest priority. As an anti-fraud measure, TRS sends annual “retirement allowance verification” mailings to many retirees. If you receive one of these letters, you don’t need to panic—but you do need to comply.

The mailings explain the different ways you can provide TRS with the necessary “proof of life” documentation. If you don’t respond to multiple requests, your retirement allowance payments may be placed on hold or even suspended until you provide the documentation.

Requesting this information year after year may seem intrusive. But it’s becoming more common across the pension industry. TRS has a fiduciary responsibility to verify that the intended retirees—and only the intended retirees—receive their pension payments. If scammers or loved ones succeed in stealing your retirement allowance, that harms all of us: you, your beneficiaries, and TRS (through increased liabilities).

So, when we send you a retirement allowance verification mailing, please understand the greater goal and provide a timely response. Thank you for helping us secure your pension benefits.

Cyber-crime is on the rise. So, you need to be extra careful when accessing your TRS account. Follow these tips when you visit the secure section of our website:

• Guard your login credentials. Never share your TRS account (or bank account) information.
• Make sure the software on your computer and phone are up to date.
• Create strong account passwords and use Multi-Factor Authentication for better protection.
• Be on high alert for online and phone scammers. Verify, then Trust.
• Report suspicious activity to TRS immediately

At TRS, we do our best to protect you from hackers and scammers—who may even pretend to be a TRS representative to obtain your sensitive information. With that in mind, please note that TRS will never:

• Ask for your password or login credentials. If you receive a message requesting your account information, it’s a scam.
• Request personal or financial information via email, text, or social media. TRS will only communicate through official channels. Always visit the official TRS website instead of clicking on links in unsolicited messages.
• Call you and ask for your account or bank information. If you receive an unexpected call claiming to be from TRS (and not an expected callback from us), do not share your sensitive information. Instead, call TRS directly and report this to us.
• Ask you to email your bank information or proof of benefits to an email address not already associated with your account. If you need to update your information, do so in the secure section of the TRS website.
• Pressure you into making immediate financial decisions. Scammers often create a false sense of urgency to trick people into acting quickly.
• Advise you to update your list of beneficiaries without a specific reason. A legitimate request is generally made when we become aware that your records are incomplete—and you can make those changes in the secure section of the TRS website.

Help Keep Your Information Safe

If you receive a suspicious call, email, or message claiming to be from TRS:

• Stop and think. If something feels off, trust your instincts.
• Verify the source. Contact TRS directly through official phone numbers or email addresses.
• Report suspicious activity. If you receive a fraudulent message, let TRS know so we can help protect you and other members.

Cyber threats increase by the day. Whether it’s phishing emails or social media hacks, cyber criminals constantly invent schemes to access your personal information. That’s why it’s important to be vigilant every time you read your emails and text messages, do online shopping, or use your electronic devices. This time of year is a particularly vulnerable time, so brush up on these key reminders:

Passwords

• Use different passwords for different accounts, and don’t reuse old passwords—choose a new one each time.
• Make each password at least 8 characters long. Use upper- and lowercase letters, a numeral, and special character.
• Consider using a passphrase to make your passwords unique and easy to remember. For example: M0untainHiking@$unri$e!2023

Phishing and Social Engineering

• Pay attention to every email. Hackers send emails pretending to be from a legitimate third party—a bank, vendor such as PayPal or Venmo, and online retail store. The messages may be friendly but they might also be threatening. They may say your account is in jeopardy, then ask for your account number, address, phone number, etc. Many include a link or an attachment. Don’t click on it!
• If you’re not sure an email is legitimate, call the vendor or provider directly.
• Never click on a link or attachment that you’re uncertain about. When in doubt, delete questionable emails.

Social Media

• So many of us enjoy connecting with others on social media. While it’s fun to post and share information to our networks, don’t post confidential information.
• Avoid taking online quizzes. These are often a clever technique to get you to disclose personal information.

Up-to-Date Software

•  Keep your anti-virus and anti-malware software current.
• Ensure that all your devices and applications have the latest security patches and updates installed.

Have you ever tried to open your TDA Quarterly Statement document on the secure section of our website, and found that you couldn’t? Or maybe you’ve tried to create a document for income verification purposes: you click on “Create Letter” and… nothing.

While it may seem like there’s a problem with the website in these cases, the issue might actually be a pop-up blocker—a browser setting designed to prevent the display of unwanted pop-up ads. The problem is, sometimes these blockers prevent users from accessing useful information too.

To resolve the issue, you need to disable the pop-up blockers. The steps to follow vary depending on which internet browser and which device you are using. Some browsers give an alert or other clue in the address bar to indicate that there’s an issue with pop-up settings. But, if you go to your browser settings and search for “pop-up,” you should be able to figure it out.

As a reminder, for best results, be sure you’re using the latest version of Microsoft Edge, Google Chrome, Firefox, or Safari to access our website.

For many, there’s a comfort level with writing paper checks to pay for services. Unfortunately, this practice has become less safe. When you drop a letter, card, or payment statement in the mailbox or at the Post Office and it somehow gets lost in the mail—what sometimes happens is that it’s stolen.

Imagine stealthy fraudsters rifling through a mailbox under cover, snatching checks you intended for bills or loved ones. Skilled criminals can use chemical compounds to erase your handwriting and replace it with their own details. If they get their hands on one of your checks, they have the tools to deplete your entire bank account. And while bank account balances up to $250,000 are federally insured and protected, it can take more than 30 days to retrieve your missing funds!

According to a recent New York Times article about this troubling trend, banks and credit unions were expected to file nearly 540,000 suspicious-activity reports tied to check fraud in 2023—more than double the number from 2021.¹

One Solution: Electronic Payment

Once considered a scary and untrusted option by some, Electronic Fund Transfer (EFT) may now be a better way to complete transactions. Here’s why:

When a paper check is intercepted, thieves have access to a lot of important account information, including your:

• Account number
• Bank routing number
• Signature
• Address
• Check number

That’s plenty of information to use for identity theft. When you make electronic payments to TRS or other institutions in a secure, controlled environment, it minimizes your risk for theft. EFT is a transfer of funds between two regulated financial systems. Your personal information is not on a piece of paper that is traveling outside of your control.

So for the next payment you make, consider paying electronically.

EFT: Safer for Receiving Payments, Too

Of course, receiving your payments electronically is safer than being paid by check. About 96% of TRS retirees receive their retirement benefits directly in their bank accounts each month. No worries about mail delays, damage, or theft.

If you’re still receiving paper checks each month, please protect yourself and your pension from fraud by signing up for EFT. You can enroll in the secure section of our website or download and file the EFT Authorization Form (code BK58).

¹ New York Times, published Dec. 9, 2023; updated June 3, 2024.

If you are using an outdated browser to visit TRS’ website, some features of the site might not work as intended. Even worse, your username, password, and other information you enter may be more vulnerable to hackers.

Our website no longer supports outdated browsers such as Internet Explorer, which Microsoft retired in 2022. If you visit our website (or any website) with an outdated browser, you might not be able to complete transactions or view content correctly.

TRS’ website currently supports Microsoft Edge, along with Safari, Google Chrome, and Firefox. Whichever browser you prefer, please make sure you keep the latest version downloaded on all your devices!

Scammers rarely take a day off. While you are making purchases, travel plans, and charitable donations, cybercriminals are looking for ways to gain access to your personal information. But sometimes the scams are not online. Instead, they’re over the phone.

The Federal Trade Commission (FTC) has a wealth of information on its website to educate and protect consumers. Visit consumer.ftc.gov for FAQs, videos, and easy-to-read articles that give practical consumer advice.

For example, the article Four Signs That It’s a Scam explores tactics that phone scammers commonly use. They:

1. PRETEND to be from an organization you know
2. Say there’s a PROBLEM or a PRIZE
3. PRESSURE you to act immediately
4. Tell you to PAY in a specific way

And watch out for spoofing

“Spoofing” is how phone scammers can make a phony name or number show up on your caller ID—to trick you into taking the call. They change the name so that it appears as a real government agency or business, or they make the phone number appear to be a local number.

If you answer a call from an unknown number and don’t immediately recognize why you’re receiving the call, just hang up.

Being vigilant is the best way to avoid falling victim to phone scams. Share these tips with your family and friends. If you or someone you know is scammed, report it to reportfraud.ftc.gov.

During the holidays, it’s peak season for in-store and online shopping. It’s also the busy season for scam artists. Follow these tips to keep your information safe:

• Report lost or stolen credit/debit cards or checks immediately.
  • Don’t include your Social Security or driver’s license number on personal checks.
• Review your bank and credit card statements carefully.
  • Report suspicious activity to your bank or card provider.
• Beware of phishing attempts in emails, phone calls, or through the mail that ask you for personal information.
  • Never give out personal details over the phone unless you initiated the call and know to whom you’re speaking.
• Limit what you share on social media.
  • Never share your vacation plans, date of birth, address, etc.
• Install antivirus and antispyware software on your computer.
  • Update the software regularly.

Don’t let scammers spoil your holidays! Stay safe, be vigilant, and enjoy!

Today, we live in a virtual environment. And with all the benefits of the Internet, there are some downsides—including cybercriminals. Fraudsters jump at the chance to hack your personal information. Two common gateways are web imposters and fake apps.

Web Imposters

When a fraudulent web address is created to mimic a popular website, that’s a web imposter. Instead of Walmart.com, for example, an imposter may create Wallmart.com. A simple change to the company web address can fool unsuspecting people and can lead to theft of data.

Avoid becoming the next victim:

When you visit a website, check the address bar for the site’s security status.

• A padlock icon should display before the web address. Avoid sites without the icon!
• The padlock indicates that any information you send to the site is sent securely and can’t be intercepted.

Dashes and symbols in the domain name (like www.Apple #$%-.com) are a red flag indicating a likely web imposter.

The domain extension is often a clue.

• Common extensions for legitimate businesses: .org, .com, .edu, .gov
• Domain extensions like .biz or .info tend to be illegitimate.
• Note that .com and .net are the easiest extensions to obtain.

When you have trusted websites that you visit frequently, use the bookmark tool on your computer to “remember” those sites. Doing so allows you to visit sites you’ve previously confirmed with confidence.

Fake Apps

While it may seem that every company has an application (app) for Apple or Android phones, that’s not true. TRS does not have an app. Yet, there are TRS app imposters!

Don’t let imposter apps fool you. Confirm that the app is legitimate:

Obtain apps from Apple’s App Store or the Google Play Store.

• Unfortunately, some fake apps may be there, too.
• Read the app score and customer reviews before downloading.

Check the company’s website to see if the app is referenced.

• If it’s not mentioned on the company website, it probably doesn’t exist.

Most apps are available at no cost.

• If there is a cost, confirm the app is legit by contacting the company first.

Change your system settings to not allow third-party apps to be downloaded from untrusted sites.

Think twice before clicking a link or downloading anything on the Internet. Assume all unsolicited requests for information are phishing attempts. Whether it’s a web imposter or fake app, spelling errors, bad formatting, and poorly written content are obvious clues. If you keep these tips foremost in your mind, you’re less likely to fall into traps set by cybercriminals.

To be sure you’re visiting the real TRS online, here are our web locations:

• Website: https://www.trsnyc.org
• Facebook: https://www.facebook.com/mytrsnyc
• Instagram: https://www.instagram.com/trsnyc
• Threads: https://www.threads.com/tag/trsnyc
• X (Formerly Twitter): https://x.com/myTRSNYC
• YouTube: https://www.youtube.com/user/trsnyc

TRS does not have an app, and we are not currently on any other social media platforms

Our world is more virtual than ever! Everything seems to require a password. We know we should NEVER write them down, but the question becomes… how can we remember all those passwords?

One solution is to create a Clue List—a password reminder. Like your password, your Clue List should never be shared. Here’s how it works:

For every online account you have, you need a unique password.

While the passwords should differ, try to follow the same pattern when you create each one: Use upper- and lowercase letters, a number, and at least one special character, creating a password that is at least eight characters long.

Common special characters: ! @ $ % & * +

Your password should be something only you would know and easy to remember with a clue. Let’s go through a few examples:

• CLUE: My favorite month, favorite number, !
  • Actual password: October5!

The clue lists each element of your actual password without giving it away. There are upper- and lowercase letters, a number, and a special character.

• CLUE: My favorite state, favorite number, &&
  • Actual password: Maine5&&

For this example, two special characters are used to bring the password to eight characters.

• CLUE: My favorite vegetable, favorite number, &!$
  • Actual password: Kale5&!$

Three different special characters are used this time.

•  CLUE: A statement that applies to you, plus a special character, !
  • Actual password: Ilove2travel!

The number 2 and one special character is used this time.

Tip: Write down your Clue List, snap a picture of it, and keep a hard copy in a safe place. Your clues just need to help jog your memory without making it easy for others to figure out.

Note: Experts say that the highest-security passwords are random and complex. However, if you want to stick with passwords you remember, this strategy may help you. TRS is sharing this strategy for informational purposes only and is not making a recommendation.