Protecting your privacy and identity
Identity theft occurs when your personal information is used to carry out fraudulent activity, like accessing your AustralianSuper online account and attempting a withdrawal.
We have secure measures in place to ensure your super is safe. However, there are additional things you can do to reduce the risk of identity theft on your account.
Keep up to date with your account
The best way to keep on top of your super and detect any unusual activity is by registering for an AustralianSuper online account. You’ll be able to:
- track your balance
- update your details
- check your employer contributions
- download your annual statement
- review your insurance cover
We’ll send you an SMS confirmation of changes to your personal details you make in your online account. If you receive a confirmation for a change you didn't make, contact us on 1300 300 273.
Haven’t got an online account? Register here.
Create a secure password and change it regularly
Set up a password on your AustralianSuper account that is:
- Based on a phrase that only you know, and is made up of a variety of letters, numbers and symbols
- Easy to remember, but difficult for someone else to guess
- Unique to your AustralianSuper online account (don’t reuse passwords from other websites or apps)
- Is only known to you, not shared with family or friends
Remember to change your password regularly and keep your AustralianSuper account details confidential.
Beware of hoax emails
Fraudster’s may send you fake emails that can contain harmful links or malicious attachments. This is known as phishing. You can identify a phishing email by:
- Misspelling or images and graphics that don’t look quite right
- Unfamiliar sender address
- Suspicious attachments
- Links that take you directly to your online account
- Requests for your personal information
AustralianSuper will never send you an email asking you for your personal information. If you receive an email you’re unsure about:
- Contact us on 1300 300 273 (not on the phone number on the email)
- Don’t open the attachment
If you’ve clicked or opened an attachment from a suspicious email, use your security anti-malware and anti-virus to scan and remove malicious software from your device.
Beware of unsolicited calls and SMS
Fraudsters may attempt to obtain personal information and account information over the phone or via SMS. Some things you can do if you suspect you have received a fraudulent call or SMS:
- If the caller claims to be an AustralianSuper employee and you have reason to doubt their identity, make a note of their name and contact number, before ending the call.
- Be aware of voice recorded messages that dial automatically and ask you to call a number back. These are generally fake and designed to get your personal information.
- Report any SMS you receive that has spelling errors, unfamiliar sender address, suspicious links, or requests for personal information.
If you receive a phone call or SMS that you’re unsure about:
- Contact us on 1300 300 273 (not the number within the SMS)
- Don’t click on the links within the SMS or forward the message on
- Delete the message once it’s been reported
If you’ve clicked on a link within a suspicious SMS, it’s possible your security could have been compromised. In such cases, contact us immediately on 1300 300 273.
Protect your device when browsing online
Fraudsters have a number of techniques to access your personal information online. Some ways you can stay safe online:
- Avoid sharing your personal information in public forums or social networks
- Regularly manage your cookies and delete your browsing history
- Before providing personal information online, check the browser address is green and secure (https and a closed padlock icon is in the URL bar)
- Make sure your current contact information is up to date, so we can contact you if a withdrawal is attempted on your super account, or we detect unusual activity.
Keep your mobile device secure
- Set up auto-lock on your device
- Sign out of websites when you’ve finished browsing
- Use a strong secret passcode on your devices lock screen
Keep your phone operating systems and apps up to date
- Only install apps from official app stores, such as Google Play or Apple Store
- Avoid installing apps from links received in emails, social media or websites that don’t look genuine.
- Manage the permissions for each app. Many apps collect personal data, like your contacts or location.
- Check the name of the app publisher before downloading
- Protect your device with up to date malware and the latest security updates
Types of Superannuation scams
Fraudsters may claim to be from AustralianSuper, financial institutions, or a government department when they contact you. Often they will ask you for:
- Personal information, so they can use your identity to make a withdrawal from your account; or,
- Contact you and offer to help you withdraw your super savings. This might be as one lump sum to an account that doesn’t belong to you, or as a withdrawal to a self-managed super fund.
By agreeing to such a scam you risk losing your super savings, or getting caught up in tax penalties as a result of withdrawing your super early.
Beware of advertisements promoting early access to super, as well as unlicensed operators. You can verify licensed operators on the ASIC Connect website.
If you come across any unusual activity on your super account, please report it to us:
- Contact us on 1300 300 273
If you have noticed unusual activity that’s not in relation to your AustralianSuper account, you can still report it to SCAMwatch, run by the Australian Competition & Consumer Commission (ACCC).
For more information on online crime and how you can stay safe visit the ACORN website.
Responsible Vulnerability Disclosure Statement
AustralianSuper takes the security of our member and user data very seriously and continually finds ways to protect our information and systems. If you believe you have discovered a potential or actual security vulnerability within AustralianSuper systems, website, mobile applications or one of our services or products, we would like you to let us know as soon as possible by sending an email to email@example.com
Please do not publicly disclose the details of any potential security vulnerabilities without express written consent from AustralianSuper.
We are committed to reviewing all information that are disclosed to us. We will do our best to address each issue in a timely manner and ask for your patience while we do so. We encourage responsible disclosures of any potential or actual security vulnerabilities and will not take legal action against security researchers who act in good faith in relation to the discovery and reporting of a potential security vulnerability, provided that all conduct is strictly in accordance with this statement. In the event of any non-compliance, we reserve all of our legal rights.