Last Friday, cybercriminals launched an attack the following super funds:
- AustralianSuper
- Australian Retirement Trust
- Hostplus
- REST
- Insignia (owner of MLC and IOOF platforms)
The attack involved a process known as “credential stuffing” (a type of brute force attack) and targeted retirees aged 60 or older who are able to withdraw money from their super accounts.
AustralianSuper reported that four members of their fund had lost $500,000 between them. So far, this was the only reported loss.
Because of the incident, a flood of logins by worried super members (who wanted to check their savings) have crashed or slowed down the online portals and apps, adding to the worry.
All the above-named funds have taken immediate action to lock the affected accounts.
Should You Be Worried?
We should put this into context: there is cyberattack every 6 minutes in Australia. The government (through the Australian Signals Directorate) as well as corporations have invested heavily in protecting against this ongoing threat. It is part and parcel of the digital age we live in, unfortunately. This incident negatively impacted a very small number of people due to the vigilance and protections of the organizations involved (of course, this is no solace to those four people who have lost over half a million dollars).
What Should You Do?
Below are some of our top tips to help you protect your account
Enable two-factor authentication
Two-factor authentication adds an extra layer of security to your account, making it significantly harder for hackers to gain access, even if they know your password. If your super fund offers this facility, we highly recommend that you activate this as it is one of the best ways to help secure your account.
Change your password regularly
Most cyber experts recommend that you change your password every at least once every year (ideally more often), and that your password should be difficult to guess (no birthdays, children’s names, etc.). It is a good idea to use a phrase password – a combination of words that form a memorable phrase, typically with spaces between them. Make sure that the words are unrelated, so they make a unique phrase. For example:
- Jazz Monkey Rainbow Tacos
Be aware of email scams
One of the most methods used by malicious actors gain access to your credentials is to send you fake emails or messages containing harmful links or attachments – this is known as “phishing”. Some common markers of phishing emails include: misspelling or images that don’t look right, fake sender email addresses, suspicious links and requests for personal information. If you suspect you have received a phishing email, you should ensure that you don’t click any of links or attachment contained within and contact the organization from whom the email or message purports to be from.
If you have any issues or concerns about your super and investment funds, please do not hesitate to contact us.
