alt Hacker NewsThis whole space is littered with bizarre security practices that make my hacker senses tingle.
I know my 401k is provided by company ABC, but then they host all of their web content and ask you to log in to myretirementplan.com. and then they do a redesign and then ask you to log into yourretirementplan.com. and there's basically no communication from company ABC directly if these sites are legitimate or illegitimate
This is common for mortages, too. Mine has been sold a handful of times (as are most peoples') and more than once I've had to triple-verify that the dashboard website the new servicer is telling me to go to is legit. They often have extremely dodgy URLs like "mymortgagedash.com" that have no obvious association with the loan servicer whatsoever.