Protecting your money: Cyber Security and scam awareness

Helping you keep your super and
investments secure online

Your super and investment savings represent years of hard work for a secure future. Unfortunately, they can be a prime target for scammers, causing significant financial loss and emotional distress.

Financial scams are on the rise and becoming more sophisticated, making them harder to detect. This page will help you recognise common types of super and investment scams, how to identify them, and how to protect yourself and your loved ones.

Think you might be facing a scam?

Click here to learn the best steps to take immediately.

  • Super scams

    These scams usually involve individuals or companies pretending to be from a super fund or regulatory body seeking your personal information. They
    may claim they need it to update your super account or verify your identity. Or they could offer to help you access your super before you’re eligible to
    under law. They may claim that doing this can, for example, help you pay off debts or purchase a house. But accessing your super early can result in
    significant penalties. In addition, these scams may involve high fees or charges which can eat into your super savings.

    We recommend that:

    • You never give out your personal information unless you’re sure it’s safe.
    • You’re aware of the conditions of release to withdraw your super.
    • If you’re ever in doubt, contact us.

  • Investment scams

    Investment scams can come in various forms, all aimed at tricking you out of your money. Here are some common ones to watch out for:

     

    Fake investment websites
    that vanish once you’ve put your money in.

     

    Phony brokers
    who lock you out of your account after receiving funds.

     

    The promise of huge returns
    who lock you out of your account after receiving your funds.

     

    Romance or friendship scams
    that then lead to bogus investment opportunities.
    (See Romance section for more.)

    If you suspect you’re being targeted:

    • Be cautious of unsolicited messages promising big returns with low risk.
    • Seek professional advice before committing to any investment.
    • Watch out for investments claiming to avoid taxes; they may not be legitimate.
    • Research the company or platform online for reviews or scam warnings.
    • Check the credentials by looking up ASIC Connect for Australian businesses.
    • Beware of deepfake ads featuring fake endorsements from celebrities.
    • Avoid unregulated investments like overseas whisky schemes with unrealistic returns.

  • Impersonation scams

    Impersonation scams mimic authorities like police, government, banks and well-known businesses to gain your trust.

    For example, we have seen scammers pretending to be from Insignia Financial (MLC’s parent company) use cold calls to offer high-return investment accounts, or term deposits with “special one-time rates”. They may direct victims to legitimate websites to appear credible. These scams often feature genuine Insignia Financial logos/images to deceive victims, but upon closer inspection reveal discrepancies.

    For instance:

    Addresses used are not actual Insignia Financial locations.

    Website/domain name have variations such as additional symbols like ‘-’ or additional letters. Examples include:

    • insigniafinancial-wm.com
    • insigniafinancial-clientportal.com
    • insigniafinancial.com--about-us.com

    Scammers may email details about these investments. Please note that MLC (and Insignia Financial) employees do not make unsolicited (cold) calls to promote products or business offerings.

    Impersonation scams constantly evolve and exploit trusted brands to deceive victims. Visit Scamwatch for more information on impersonation scams.

  • Crypto scams

    The cryptocurrency craze has always felt like the Wild West. Now, with its growing popularity, scammers are eager to exploit it. They might pose as investment managers or brokers, promising sky-high returns, but ultimately leave you with nothing.

    Here are common crypto scams to watch out for:

     

    Fake recommendations
    from compromised social media accounts or unsolicited messages with links to fake crypto sites or apps.

     

    Fake crypto platforms
    that appear legitimate but actually divert your funds to scammers.

     

    Initial coin offerings (ICOs)
    offering discounted coins to investors which are left worthless once scammers cash out.

     

    Fake job offers
    involving setting up bank and crypto accounts to assist in money laundering, putting you at risk of prosecution.

     

    Scammers posing as recovery services
    promising to recover lost funds for a fee but failing to deliver results.

    If you suspect a crypto scam:

    • Seek professional financial advice especially if you’re new to crypto.
    • Research platforms, tokens or coins online and look for scam warnings.
    • Be wary of unsolicited messages promoting crypto investments.
    • Check websites for legitimacy, watch for spelling mistakes and avoid sites that promise instant rewards.
    • Beware of high returns with low-risk guarantees.
    • Check with AUSTRAC for registered digital currency exchanges.
    • Visit moneysmart.gov.au for more on crypto scams and what to do if you’ve been scammed.

  • Identity theft scams

    These scams involve criminals stealing your personal information (name, date of birth and Tax File Number). With this data, they can open bank accounts, credit cards and other financial accounts in your name, leaving you with the debt and a damaged credit score.

    We recommend that you:

    • Keep your personal information secure and beware of unsolicited messages asking for it.
    • Regularly check your bank accounts for suspicious activity.

    If you suspect that your identity has been stolen, contact your bank or financial institution immediately and report the fraud to the Australian Cyber Security Centre.

  • Self-Managed Super Fund (SMSF) scams

    While Self-Managed Super Funds (SMSFs) are a legitimate way to manage your super, there’s an increasing risk of scams. Scammers may pretend to be financial advisers or SMSF businesses, urging you to:

    • Open an SMSF.
    • Expect high returns with low risk.
    • Let them handle everything for you.
    • Invest in unconventional investments like cryptocurrencies.

    Appearing trustworthy and patient, they gradually convince you to transfer your super into their control.

    They may also offer to help you access your super early, asking for personal details to withdraw funds or set up an SMSF for a fee. However, accessing super before you’re allowed can result in significant fines and taxes.

    We recommend that you:

    • Never give out your personal information unless you’re sure it’s safe.
    • Be aware of the conditions of release to withdraw your super.
    • Seek professional advice if you’re ever in doubt.

    If you suspect an SMSF scam:

    • Research the company thoroughly and seek independent trustworthy financial advice.
    • Check if the business is licensed by visiting the ASIC Connect website and APRA disqualification register.
    • Ensure you meet the conditions for accessing super.
    • Visit moneysmart.gov.au for more on super scams and what to do if you’ve been scammed.
    • Report it to the police promptly if you think you’ve been scammed.

  • Romance scams

    Romance scammers often reach out through social media, gaming or dating apps, trying to build a connection by pretending to share your interests. They may then coerce you into financial transactions, such as opening bank accounts, unknowingly getting involved in money laundering or investing in risky schemes like cryptocurrency.

    Their tactics typically include:

     

    Rushing the relationship
    to make you feel special quickly and lower your guard.

     

    Moving the conversation
    off the dating app to a chat app to maintain secrecy.
    For example, to WhatsApp.

    Avoid meeting in person
    and discouraging you from telling friends or family.

     

    Requesting personal information
    including coercing you to comply and threats if you resist.

    If you suspect a romance scam:

    • Never send money to someone you haven’t met.
    • Avoid sharing sensitive documents online.
    • Avoid transferring funds for others to prevent involvement in illegal activities.
    • Verify the person’s identity and take things slow.
    • Search for their name with “scam” to check for warnings.
    • Be careful when sharing personal details and intimate content.
    • Don’t keep the relationship a secret; talk to trusted friends or family.
    • Learn more about staying safe online and on social media platforms.

    Visit scamwatch.gov.au/types-of-scams/romance-scams for additional resources.

  • Credential stuffing

    What is Credential Stuffing and how can you protect yourself against it?

    Cyber-attacks are evolving and becoming more sophisticated every day. One of the latest attacks allows hackers to access members’ accounts using their stolen passwords, via a method known as Credential Stuffing.

    Credential stuffing is a type of cyber-attack whereby cyber criminals collect stolen usernames and passwords available on the dark web from previous data breaches, and then attempt to use those credentials on other websites or services. If an affected user uses the same password across multiple accounts, a successful credential stuffing attack could compromise all of their accounts.

    To protect against this type of attack, it is important to follow the cyber security advice as given by the Australian Government with 3 easy steps:

    • Set up multi-factor authentication to add an extra layer of security to your online accounts.
    • Create strong and unique passphrases of 14 or more characters long. These passphrases should be different for each account you hold.
    • Install software updates regularly to keep your devices secure.

    Please refer to the Australian Government’s best cyber practices and protect yourself online at cyber.gov.au

    How MLC is protecting your future

    At MLC, your security is our priority. We use Multi Factor Authentication across our websites and mobile apps and continuously monitor for suspicious online activity.

    From time to time, you may be asked to verify your identify when logging in. This additional step helps ensure that only you can access your account.

    This verification involves sending you a one-time passcode to your mobile or email. We will never ask you to provide this passcode to us.

Stop, Reflect, Protect, Report

Given the variety of scams out there, following these four steps can help prevent you falling victim.

  • Stop

    If you receive a suspicious call, email or text, pause and assess.
    Genuine organisations like MLC never pressure you to act immediately or ask for your password via email.

    Malware can target you through:

    Emails or messages with links or attachments.

    Malicious websites attempting to install malware.

    Exploiting vulnerabilities in outdated software.

    To spot malware, watch out for:

    • Unusual account activity.
    • Sluggish performance or rapid battery drain.
    • Unexpected or inaccessible files and frequent errors.
    • Automatic redirects to web pages you didn’t intend to visit.

  • Reflect

    Be careful about sharing personal information online. Scammers piece together details from various sources to exploit or create accounts in your name. Always reflect.

    Email safety tips:

     

    Be wary of unknown senders

    Always stop and think before opening attachments, clicking links or replying to suspicious emails.

     

    Never send personal information via email

    Use secure document-sharing software like DocuSign instead.

    > Visit Docusign website

     

    Avoid using public Wi-Fi

    It’s vulnerable to cyber attacks.

  • Protect

    Whether it’s personal or work, staying vigilant is crucial. When in doubt, reject contact, delete suspicious messages and avoid opening unknown links.

    Key scam prevention tips:

    Avoid sharing your superannuation information

    Never share information about your superannuation with someone who contacts you, even if they seem to be from a trusted organisation. Always verify their identity by calling the organisation directly.

    Be cautious with hyperlinks

    Avoid clicking hyperlinks in messages or emails. MLC will never ask for your password or provide a link to a login page for your account.

     

    Thoroughly research investment opportunities

    Be wary of high-return, low-risk investment opportunities – if it sounds too good to be true, it probably is.

    Check against the ASIC website

    If you’re speaking with a financial adviser, verify their registration on the ASIC website. Anyone offering advice about financial products must hold an Australian Financial Services licence from ASIC.

    > Visit the ASIC website

     

    Take your time

    Don’t rush into investments without independent legal or financial advice.

    image of one hand holding a mobile phone with lock screen and second hand holding a credit card

    Protect yourself from scams

    • Outright reject suspicious contacts
    • Use strong and unique passwords
    • Avoid using public Wi-Fi
    • Lock and shield your screen in public
    • Enable multi-factor authentication (MFA) for additional security
    • Stay informed about current scams targeting financial services, including super.
    MLC logo onorange background

    Remember, MLC will never ask for:

    • Your Online Banking Security login details
    • Your *product name* details
    • Help to catch cyber criminals or assist with internal investigations
    • Your money to be moved to a "safe" account, or to any account with another bank.

  • Report

    If you receive a suspicious email, do not click on any links or attachments or provide any information.

    If you have responded to a phishing email, contact us immediately on 132 652 (or +61 3 9966 5802 from outside Australia) between 8am and 6pm AEST/AEDT, Monday to Friday.

    You can report suspicious MLC emails by forwarding them to phish@mlc.com.au.

    We investigate every email reported. Where possible, please send the suspicious email as an attachment on a new email.

    If you receive a suspicious email not related to MLC, you can report it to the Australian Cyber Security Centre (ACSC).

 

Amy’s story: a crypto cautionary tale

Amy, intrigued by a cryptocurrency investment promising high returns using her super, fell victim to a scam that led to the loss of her savings and her involvement in criminal activity.

Her story highlights the dangers of crypto scams. It will help you to recognise and avoid such fraudulent schemes, and the potential consequences, including financial loss and legal repercussions, that victims may face.

Read full story

More information and resources

Responsible disclosure

Here’s some useful information about how MLC and Insignia Financial protects your online security.

> Visit Insignia Financial Responsible disclosure

MoneySmart website

Spot the warning signs of financial scams with MoneySmart’s in-depth coverage of different scam types.

> Visit MoneySmart

Government websites

The Federal Government also has several useful resources with information on how to protect yourself.

> ASIC consumer page

> Scamwatch website

> Little black book of scams

> Australian Cyber Security Centre (ACSC)

Latest news & insights

Get in touch

 Call us

Talk to us on 132 652 (+61 3 9966 5802 if overseas) between 8am and 6pm AEST/AEDT, Monday to Friday

Email us

Complete our contact form

Financial Advice

Find out how you can plan for your future

Connect with us

Facebook    LinkedIn  YouTube 

Download the MLC app

Insignia Financial Ltd ABN 49 100 103 722.

MLC Limited uses the MLC brand under licence. MLC Limited is part of the Nippon Life Insurance Group and is not part of the Insignia Financial Group.