The Age is reporting that multiple Australian Superannuation funds have been targeted in a coordinated attack on the life savings of vulnerable Aussies. While it’s very early days for the reporting of this attack, EFTM can clarify several areas of concern for Australians as it stands.
No. This was not a breach of the security systems at the Super funds, nor did the “attackers” get into the Super Fund networks or IT systems.
In fact, it’s much “simpler” than that.
These criminals have obtained the credentials (login email address and password) of Aussies and are using those to attempt a Super Fund login.
Different to a brute-force attack, in this situation they are relying on the simplicity of people who use the same password across multiple services.
If the password works, they will change the password, likely change the contact information and additionally change the banking information in the hope they can withdraw money.
Usernames, Passwords, Email Addresses, and much more personal info is available for sale on the Dark Web. However, in this case, it’s likely the attackers were even more intelligent in their approach.
What they have done is looked for people who are older Australians, so where a record exists on the Dark Web that contains a name, email address, a password and a Date of Birth – the attackers have used that information to find people who are older, and more likely to have bulky super funds in the draw-down stage.
Essentially, we don’t have to look too far to consider where that information might have come from. Optus, Medibank, Latitude Financial – all sources of very detailed information, which can now be used and even combined to launch a more sophisticated attack.
In this case, it’s possibly a case of the chickens coming home to roost on the previous breaches that affected so many Aussies
If you are over 60 – your super fund is likely in the phase where you can start to draw down from it. So the attack likely didn’t target anyone under that age, and anyone under that age doesn’t really need to do much.
If you’re over 60 it’s possible they can change your banking information and attempt to withdraw from your super, going to their bank instead of yours.
Hopefully many Super Funds have pauses in place to ensure that funds are not transferred within days of any banking change, to avoid this kind of fraud.
Every Super Fund holder, especially those with Rest Super, AustralianSuper, Insignia, Australian Retirement Trust and Host Plus should log into their accounts to make sure their passwords are still active.
Those over 60 should be on high alert for any emails from their Super Funds and if they believe there has been any suspicious activity, get in touch with the Super Fund directly.
Do NOT Click any links in emails claiming to be from your Super Fund suggesting you check your account or change passwords.
Additionally, setup two factor authentication, and if it’s not available with your fund – change funds, because that should be a basic addition to any financial product’s online security.
Trev is a Technology Commentator, Dad, Speaker and Rev Head.
He produces and hosts several popular podcasts, EFTM, Two Blokes Talking Tech, Two Blokes Talking Electric Cars, The Best Movies You’ve Never Seen, and the Private Feed. He is the resident tech expert for Triple M on radio across Australia, and is the resident Tech Expert on Channel 9’s Today Show and appears regularly on 9 News, A Current Affair and Sky News Early Edition.
Father of three, he is often found in his Man Cave.
Gaming lifestyle brand Razer has launched their new esports-focused Viper V4 Pro gaming mouse and…
Eddie Murphy plays an African Prince - and more, in this romantic comedy. A story…
If you thought LEGO had found all the iconic places, things and brands to partner…
Microsoft has had a rough couple of years with Xbox, but with a change of…
Alongside their gaming announcements, ASUS has also announced their new lifestyle range with a new…
The Nothing Phone (4a) series was announced last month, Trevor has just checked out the…