If you think you've been scammed
If you think your AustralianSuper account may have been compromised in some way, keep calm and follow these steps:
Report it to us
Change your passwords
Contact IDCARE
Multi-factor authentication (MFA)
In a phased approach from the 21 May 2025, AustralianSuper has started to roll out multi-factor authentication for the login process.
MFA is an extra layer of security added to your account, making it harder for unauthorised individuals to gain access.
The next time you log into your online account, we'll send a one-time PIN to your registered mobile number. Simply enter this PIN on the login screen to verify your identity.
-
Has the login process changed?
Yes, MFA will now be required on login, for members who have a registered mobile. Over the coming weeks, we’ll be introducing MFA on the AustralianSuper mobile app. In addition, the option to ‘trust the device’ you are using will become available in both the app and portal too.
-
What if I need to update my registered mobile number?
If you need to update your mobile number, please contact us on 1300 300 273 8am-8pm (AEST) weekdays.
-
Can I access my account from overseas?
Yes. The MFA process should work from most countries if you can receive an SMS. If you are having trouble logging in from overseas, please contact us on +61 3 9067 2108 8am-8pm (AEST) weekdays.
-
Will I need to enter a PIN every time I login?
Yes. For now, this step will need to occur every time you login. However, trusted device functionality is coming shortly for both the portal and the app. Selecting ‘trust the device’ removes the need to complete a PIN each time you log in but is just as secure.
-
Still experiencing login issues?
Please contact us on 1300 300 273 8am-8pm (AEST) weekdays, we’re here to support you.
Protecting your privacy and identity
Identity theft occurs when your personal information is used to carry out fraudulent activity, like accessing your AustralianSuper online account and attempting a withdrawal or a rollover.
We have secure measures in place to help ensure your super is safe. However, there are additional things you can do to reduce the risk of identity theft on your account.
-
Keep up to date with your account
The best way to keep on top of your super and detect any unusual activity is to set up online access to your account. You’ll be able to:
- track your balance
- update your details
- check your employer contributions
- download your annual statement
- review your insurance cover
You’ll receive an SMS confirmation when you make changes to your personal details via your account online. If you receive a confirmation for a change you didn't make, contact us on 1300 300 273 or message us via the mobile app or at australiansuper.com/contact-us
Haven’t got online access to your account?
-
How we protect your information
AustralianSuper takes the issue of account security and the privacy of our members very seriously. Protecting our members’ interests is of key importance, with cyber security risk management being a focus area.
We have deployed robust security measures and processes that are designed to keep members’ data safe, and are consistent with relevant legislation and regulation.
Australian Prudential Regulation Authority (APRA), Australian Securities and Investment Commission (ASIC), and other Australian and International regulatory bodies provide direction and oversight on how we operate.
Security measures specific to protecting members include:
- Further authentication for member-critical actions such as registering for an account online or resetting a password within the Member Portal and the Mobile App.
- A comprehensive account and transaction monitoring program, including a dedicated team that analyses any suspicious behaviour.
- Enhanced call security and staff training to strengthen mitigation controls and monitoring, to combat increasingly sophisticated cyberattacks and data breaches.
- Working with government agencies, regulators and law enforcement agencies to ensure unhindered flow of regulatory advice and direction, and timely intervention in case of criminal activity.
-
Create a secure password and change it regularly
Setup a password on your AustralianSuper account that is:
- Based on a phrase that only you know, and is made up of a variety of letters, numbers and symbols
- Easy to remember, but difficult for someone else to guess
- Unique to your AustralianSuper online account (don’t reuse passwords from other websites or apps)
- Only known to you, not shared with family or friends
Remember to change your password regularly and keep your AustralianSuper account details confidential.
Make sure to log out of your online banking and super services across all your devices and apps after using them.
Avoid using the same password for your social media or banking accounts.
-
Beware of email scams
Fraudsters may send you fake emails that can contain harmful links or malicious attachments. This is known as phishing. You can identify a phishing email by:
- misspelling or images and graphics that don’t look quite right
- unfamiliar sender address
- suspicious attachments
- links that take you directly to your online account
- requests for your personal information
AustralianSuper will never send you an email asking you for your personal information. If you receive an email you’re unsure about:
- contact us on 1300 300 273 (not on the phone number on the email)
- don’t open the attachment or click on any links
If you’ve clicked or opened an attachment from a suspicious email, use your security anti-malware and anti-virus to scan and remove malicious software from your device.
Find out about current security alerts
-
Know what emails and SMSs should look like
Get to know what a real email or text message looks like from your super fund, bank, and other service providers you’re with. AustralianSuper authorised emails include ‘australiansuper.com’ in the link address. You can check this by hovering over the sender address. SMS messages use AusSuper as the sender’s name and will never include a link to click on.
-
Beware of unsolicited calls and SMS
Fraudsters may attempt to obtain personal information and account information over the phone or via SMS. Some things you can do if you suspect you have received a fraudulent call or SMS:
- If the caller claims to be an AustralianSuper employee and you have reason to doubt their identity, make a note of their name and contact number, before ending the call.
- Be aware of voice recorded messages that dial automatically and ask you to call a number back. These are generally fake and designed to get your personal information.
- Report any SMS you receive that has spelling errors, unfamiliar sender address, suspicious links, or requests for personal information.
If you receive a phone call or SMS that you’re unsure about:
- Contact us on 1300 300 273 (not the number within the SMS)
- Don’t click on the links within the SMS or forward the message on
- Delete the message once it’s been reported
If you’ve clicked on a link within a suspicious SMS, it’s possible your security could have been compromised. In such cases, contact us immediately on 1300 300 273.
-
Protect your device when browsing online
Fraudsters have a number of techniques to access your personal information online. Some ways you can stay safe online:
- Avoid sharing your personal information in public forums or social networks
- Regularly manage your cookies and delete your browsing history
- Before providing personal information online, check the browser address is green and secure (https and a closed padlock icon is in the URL bar)
- Make sure your current contact information is up to date, so we can contact you if a withdrawal is attempted on your super account, or we detect unusual activity.
Keep your mobile device secure
- Set up auto-lock on your device
- Sign out of websites when you’ve finished browsing
- Use a strong secret passcode on your devices lock screen
Keep your phone operating systems and apps up to date
- Only install apps from official app stores, such as Google Play or Apple Store
- Avoid installing apps from links received in emails, social media or websites that don’t look genuine.
- Manage the permissions for each app. Many apps collect personal data, like your contacts or location.
- Check the name of the app publisher before downloading
- Protect your device with up to date malware and the latest security updates
-
Our privacy policy
AustralianSuper collects and holds your personal information securely.
Read our Privacy Policy to learn more