Multiple Super funds targeted as Cyber criminals look to steal your Superannuation

The Age is reporting that multiple Australian Superannuation funds have been targeted in a coordinated attack on the life savings of vulnerable Aussies. While it’s very early days for the reporting of this attack, EFTM can clarify several areas of concern for Australians as it stands.

Was this a Hack?

No. This was not a breach of the security systems at the Super funds, nor did the “attackers” get into the Super Fund networks or IT systems.

In fact, it’s much “simpler” than that.

These criminals have obtained the credentials (login email address and password) of Aussies and are using those to attempt a Super Fund login.

Different to a brute-force attack, in this situation they are relying on the simplicity of people who use the same password across multiple services.

If the password works, they will change the password, likely change the contact information and additionally change the banking information in the hope they can withdraw money.

Where do they get our Passwords from?

Usernames, Passwords, Email Addresses, and much more personal info is available for sale on the Dark Web. However, in this case, it’s likely the attackers were even more intelligent in their approach.

What they have done is looked for people who are older Australians, so where a record exists on the Dark Web that contains a name, email address, a password and a Date of Birth – the attackers have used that information to find people who are older, and more likely to have bulky super funds in the draw-down stage.

Essentially, we don’t have to look too far to consider where that information might have come from. Optus, Medibank, Latitude Financial – all sources of very detailed information, which can now be used and even combined to launch a more sophisticated attack.

In this case, it’s possibly a case of the chickens coming home to roost on the previous breaches that affected so many Aussies

How do they steal money from my Super?

If you are over 60 – your super fund is likely in the phase where you can start to draw down from it. So the attack likely didn’t target anyone under that age, and anyone under that age doesn’t really need to do much.

If you’re over 60 it’s possible they can change your banking information and attempt to withdraw from your super, going to their bank instead of yours.

Hopefully many Super Funds have pauses in place to ensure that funds are not transferred within days of any banking change, to avoid this kind of fraud.

Who should take action?

Every Super Fund holder, especially those with Rest Super, AustralianSuper, Insignia, Australian Retirement Trust and Host Plus should log into their accounts to make sure their passwords are still active.

Those over 60 should be on high alert for any emails from their Super Funds and if they believe there has been any suspicious activity, get in touch with the Super Fund directly.

Do NOT Click any links in emails claiming to be from your Super Fund suggesting you check your account or change passwords.

Additionally, setup two factor authentication, and if it’s not available with your fund – change funds, because that should be a basic addition to any financial product’s online security.