Fake plan administrator or financial advisor claiming a COVID or hardship early withdrawal from a 401k is available and that the target can avoid the 10% IRS penalty by submitting a claim within 30 days — advance-fee or credential-harvest fraud; real 401k hardship withdrawals are initiated through authenticated plan administrator portals, never cold email with penalty-avoidance claims.

Fake 401k plan administrator, financial advisor, or HR benefit notice claiming a COVID or financial hardship early withdrawal is available from the target's 401k account, and that they can avoid the standard 10% IRS early withdrawal penalty by submitting a claim within 30 days — advance-fee or credential-harvest fraud exploiting IRS hardship-withdrawal rules. Real 401k hardship withdrawals are initiated exclusively through the authenticated plan administrator portal (Fidelity NetBenefits, Vanguard Retirement, TIAA, Principal Financial, Empower); cold emails claiming penalty-free early withdrawal availability with a 30-day claim deadline are either advance-fee fraud (requiring an "administrative processing fee" to release funds) or credential-harvest attacks targeting plan portal login credentials. Distinct from pension-early-withdrawal-phish (pension/403b/IRA modality) and corporate-401k-enrollment-phish (open-enrollment pretext) — this targets the 401k COVID-hardship / penalty-avoidance / 30-day claim deadline narrative. Detection: 401k + hardship/COVID early withdrawal + avoid 10% penalty/claim within 30 days vocabulary + no List-Unsubscribe + no In-Reply-To + not protected sender. Trash score: +4. Source: GC1-R27; IRS 401k hardship withdrawal rules (IRC 72(t)); FTC retirement account fraud advisory 2025; FINRA investor alert on fake hardship withdrawal offers.