MLC is committed to helping you transact online confidently and securely, no matter where you are or what computer you use. There’s a range of things we do every day to keep your personal information and investments safe, including:

Session Tokens
We use unique identifiers so we know it’s you logging in to your account.

Digital certificates
These are used to verify the identity and authenticity of our websites. To see it, click on the padlock icon on your screen in the address bar.

Session timeout facility
This means we‘ll automatically log you out if you‘ve been inactive for a while.

Lockout
For your security, MLC will automatically block access to MLC Online after a number of failed logins.

Here’s some simple things you can do to help stay safe online:

Always type www.mlc.com.au into your browser
By typing the website address straight into your browser, you minimise the risk of going to a fraudulent website that looks just like the legitimate one.

Use strong passwords
Use a different password for each of your online accounts. Choose strong passwords that are difficult for other people to guess. Don’t share your passwords with anyone.

Your MLC Online password must be between 6 and 12 characters long and contain at least one numeric and one alphanumeric character.

Take care when logged in
Where possible avoid using computers in public places, such as Internet cafes, hotels and airport lounges to log into MLC Online. If you are in a public area, also check that no one is looking over your shoulder when you log in.

Remember to log off
Make sure you log off MLC Online when you’re done to help prevent someone else accessing your account.

MLC strongly recommends that all software on your computer/device is kept up to date to help protect it from malicious software, which may allow unauthorised access to your online accounts or information.

Keep your operating system up to date
Ensure your computer’s operating system is up to date by turning on automatic updates. For more information visit the Microsoft Safety and Security Website or the Apple Product Security Site.

Keep your security software up to date

Free anti-virus software for Microsoft Windows computers

Windows 10

Windows 10 has built-in protection with Windows Defender Antivirus.This free anti-virus program gives comprehensive, ongoing and real-time protection for your system, files and online activities from viruses, malware, spyware, and other threats.

Older versions of Windows

If you’re looking to protect a personal computer running an older version of Windows, like Windows 7, you can download Microsoft Security Essentials for free, real-time, comprehensive malware protection that’ll help guard against malicious software.

Special offer for MLC customers:

We have partnered with McAfee to offer MLC customers a free 6 month trial of McAfee’s Internet Security software product. After the trial period you can choose to purchase the product at the subsidised rate of 25% off the normal retail price.

McAfee Internet Security
Comprehensive, award-winning security for your PC and MAC to bank, shop and surf online.

• Protect against viruses and malware
• Protect your financial information
• Block spam and dangerous email
• Install quickly and easily
• Download McAfee Internet Security Now

No protection software will completely guarantee against unauthorised access or virus contamination, but it may increase the security of your computer systems.

This special offer for security software is not an endorsement from MLC. Reference to a vendor's product is intended for explicit description only. Using the link will take you to a website external to MLC. MLC does not receive commission from the sale of any software.

April 2020: COVID-19 emails/text messages

MLC is aware of COVID-19 themed emails and text messages circulating which contain malicious software, lead to phishing sites or asking you to donate money to a bank account.

The emails and text messages may purport to be from legitimate organisations, including government agencies, and request you to click on links, open attachments or donate money to a bank account. Please see two examples below.

If you have clicked on links or attachments in a suspicious email or SMS, or sent funds based on a request received from a suspicious email please call MLC on 132 652.

If you receive a suspicious message, do not click on any links or attachments. Please forward it to phish@mlc.com.au and then delete it.

You can also visit the Federal Government's Australian Cyber Security Centre website for more information about COVID-19 related scams.

For more information on MLC’s response to Coronavirus, visit mlc.com.au/personal/corona-virus

May 2020: Scam calls regarding release of superannuation during COVID19

MLC is aware of current scam phone calls targeting Australians. The caller may claim to be from an organisation that can assist you to get early access to your superannuation. The caller may ask for your personal and superannuation details.

If you ever have any concerns as to the legitimacy of a call, hang up and call the company back on a publicly listed number.

If you have received this type of call and have provided information about your superannuation, please contact MLC immediately on 132 652.

If you have provided personal or banking details, please also contact your financial institution.

If you receive a text message saying your superannuation fund is going to release your super, and you did not request this, contact your superannuation fund immediately.

You can also visit the Scamwatch website for more information about this scam.
 

Phishing emails
Phishing emails are fraudulent emails that pretend to be from MLC or NAB or other legitimate businesses to attempt to trick you into providing information such as your MLC log in details, date of birth, or credit card information.

MLC will never send you an email asking for your password, or with a link asking you to log in to MLC Online.

If you receive a suspicious email, do not click on any links or attachments, or provide any information.
You can see the latest phishing emails on NAB’s Security Alerts page by visiting nab.com.au/security.

If you have responded to a phishing email, contact us immediately on 132 652 (or +61 3 8634 4721 from outside Australia) between 8 AM and 6 PM AEST Monday to Friday.

You can report suspicious MLC or NAB-branded emails by forwarding them to phish@mlc.com.au.

We investigate every email reported. Where possible, please send the suspicious email as an attachment on a new email.

If you receive a suspicious email not related to MLC or NAB, you can report it to ACSC, the Australian Cyber Security Centre.

Identity Theft
If you receive a call requesting personal or banking information, hang up and call the company back on a publicly listed number.

Protect yourself by securing your letterbox to help prevent mail being stolen. Ensure documents containing personal information are shredded before you dispose of them.

Australian Government | Australian Cyber Security Centre and Stay Smart Online
The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together into a single location.  It is the hub for private and public sector collaboration and information-sharing to combat cyber security threats.  ACSC’s Stay Smart Online provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities, and risky online behaviours.

Australian Government | ReportCyber 
ReportCyber is a secure reporting and referral service for cyber crime and online incidents which may be in breach of Australian law.  The ReportCyber website provides a cyber crime reporting mechanism as well as helpful information about cyber crime.

Australian Competition and Consumer Commission | Scamwatch
Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.

Australian Government | Office of the eSafety Commissioner
The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.

Australian Government | Attorney-General’s Department
The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.

We take the security of our systems seriously, and we value the security community. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of MLC and our customers.

If you believe you have found a security vulnerability with any of our services, we would like you to let us know right away via our Responsible Disclosure Program.
MLC does not condone any malicious or illegal behaviour in the identification and reporting of security vulnerabilities.

Our Responsible Disclosure Program is managed by Bugcrowd.

To see the terms of the program, and to report a security vulnerability, please refer to bugcrowd.com/nab

Please note all disclosures must be made via Bugcrowd, not directly to MLC.