The Age is reporting that multiple Australian Superannuation funds have been targeted in a coordinated attack on the life savings of vulnerable Aussies. While it’s very early days for the reporting of this attack, EFTM can clarify several areas of concern for Australians as it stands.
No. This was not a breach of the security systems at the Super funds, nor did the “attackers” get into the Super Fund networks or IT systems.
In fact, it’s much “simpler” than that.
These criminals have obtained the credentials (login email address and password) of Aussies and are using those to attempt a Super Fund login.
Different to a brute-force attack, in this situation they are relying on the simplicity of people who use the same password across multiple services.
If the password works, they will change the password, likely change the contact information and additionally change the banking information in the hope they can withdraw money.
Usernames, Passwords, Email Addresses, and much more personal info is available for sale on the Dark Web. However, in this case, it’s likely the attackers were even more intelligent in their approach.
What they have done is looked for people who are older Australians, so where a record exists on the Dark Web that contains a name, email address, a password and a Date of Birth – the attackers have used that information to find people who are older, and more likely to have bulky super funds in the draw-down stage.
Essentially, we don’t have to look too far to consider where that information might have come from. Optus, Medibank, Latitude Financial – all sources of very detailed information, which can now be used and even combined to launch a more sophisticated attack.
In this case, it’s possibly a case of the chickens coming home to roost on the previous breaches that affected so many Aussies
If you are over 60 – your super fund is likely in the phase where you can start to draw down from it. So the attack likely didn’t target anyone under that age, and anyone under that age doesn’t really need to do much.
If you’re over 60 it’s possible they can change your banking information and attempt to withdraw from your super, going to their bank instead of yours.
Hopefully many Super Funds have pauses in place to ensure that funds are not transferred within days of any banking change, to avoid this kind of fraud.
Every Super Fund holder, especially those with Rest Super, AustralianSuper, Insignia, Australian Retirement Trust and Host Plus should log into their accounts to make sure their passwords are still active.
Those over 60 should be on high alert for any emails from their Super Funds and if they believe there has been any suspicious activity, get in touch with the Super Fund directly.
Do NOT Click any links in emails claiming to be from your Super Fund suggesting you check your account or change passwords.
Additionally, setup two factor authentication, and if it’s not available with your fund – change funds, because that should be a basic addition to any financial product’s online security.
Trev is a Technology Commentator, Dad, Speaker and Rev Head.
He produces and hosts two popular podcasts, EFTM and Two Blokes Talking Tech. He also appears on over 50 radio stations across Australia weekly, and is the resident Tech Expert on Channel 9’s Today Show each day and appears regularly on A Current Affair.
Father of three, he is often found down in his Man Cave.
If you're still catching up on Quantum Dots, OLED, Mini LED and are thinking that…
The NBN is getting ready to lock in the final stage of the Fibre to…
BMW has revealed the first new model to be designed and engineered under their 2025…
The SwannBuddy4K Video Doorbell with SwannShield™AI Voice Assistant has been given an Honouree accolade for…
Reolink is a bit of an upstart when it comes to home security but having…
LG has announced its vision for AI-powered living at IFA 2025 under the moniker “LG…