Staying Safe from Retirement Fund Cyber Attacks

In the last two months, multiple Australian superannuation retirement fund providers have been hacked, allowing scammers to retrieve hundreds of thousands of dollars by stealing overused and repetitive passwords. In one of the most significant funds, with 3.5 million users, several members have reportedly lost close to AUD$500,000 in combined savings.

Details of the cyberattacks have been publicly drip-fed through the media. What is clear is that the hackers were able to remain, for the most part, unseen, with suspicious activity kept to a minimum as it occurred overnight. Scammers were able to retrieve their login passwords, change details and transfer funds.

Although members of other superannuation funds do not seem to have lost any money, their personal information may have been compromised.

These recent cyberattacks have sparked speculation about whether two-factor authentication (2FA) is sufficient, with industry experts suggesting that multi-factor authentication (MFA) is more secure.

How to stay safe using SMS text messaging or 2FA:

1. Don't take any action if there is any (even the slightest) hint that something is not right. This could be an out-of-the-blue request or wording that seems a little off.
2. Watch out for scammers who try to impersonate your bank, making urgent requests via SMS to stop a scam. They can use these codes to compromise your device.
3. Spoofing is when scammers trick users into sharing personal or financial details via SMS links to fake websites, prompting victims to share sensitive information.
4. Never respond to SMS’s that appear directly on your lock screen, as this prevents them from being reported or traced.
5. Consider or request multi-factor authentication from your financial or retirement fund providers.

Multi-factor authentication is often initiated by a verification code being sent to the user's mobile phone or an authenticator app, and for even higher security, facial recognition can be used.