Dan is a 20 year veteran of the ICT industry working for global and local vendors in bringing new and innovative technologies to market in the ANZ region. During his career, Dan has been passionate about bringing a local voice and insights to global technology challenges. As the Editor of GetCyberResilient.com Dan casts a keen eye across the hot topics, trends and pulse of local security practitioners to curate stories from near and far that are most impactful in addressing our evolving risks.
Scammers have been stealing thousands of dollars from superannuation accounts by exploiting the COVID-19 early access scheme. Earlier last month, the government froze superannuation withdrawals for two days when the Australian Tax Office discovered cybercriminals using stolen identity data to siphon funds out of various accounts.
Cybercriminals seemed to have set up duplicate myGov accounts in their victims’ names and applied for early release of super funds, in some cases, up to $10,000 per account. Since many users share their myGov logins with their accountants or tax agents, it’s quite possible for such confidential information to leak out into the wild by accident or through deliberate cyberattacks.
Since the scams were discovered, the Government and the ATO have taken steps to upgrade the scheme's security. With Australians feeling the economic pinch of the pandemic, 1.1 million people have already applied for access to superannuation, with $9.4bn of retirement savings approved for early release.
Retirement savings and super accounts have always been a favourite target for scammers, especially since these accounts are typically held by older, less tech-savvy Australians. In 2019 alone, cybercriminals stole over $6 million through superannuation scams, with people aged 45-54 bearing the brunt of the loss.
How to protect yourself from superannuation scams
Protecting yourself from high-tech attackers can seem daunting, but cybercriminals typically rely on human error to get access to confidential information. Here are steps you can take to protect yourself from any scammers eyeing your super account.
- Never give any information about your superannuation to someone who has contacted you — this includes offers to help you access your superannuation early under the government’s new arrangements.
- If someone calls you claiming to be from an organisation that can help you get early access to your super, hang up and verify their identity by calling the organisation directly on their listed number.
- The ATO is coordinating the early release of super through myGov. You don’t have to involve a third party or pay a fee to get access under this scheme.
- Never follow a hyperlink to reach the myGov website. Always type the full name of the website into your browser yourself.
- If you have given information about your superannuation to a scammer, immediately contact your superannuation fund. If you shared your personal or banking details, you should also contact your bank and tell them what happened.
How to check if your super fund has been compromised
If you think you may have been targeted, there are steps you can take to make sure you nip the problem in the bud:
- Check if your data was involved in any known data breaches at the website ‘Have I Been Pwned?’
- Check your myGov account or contact the myGov helpdesk on 132 307 to see if an application for early access to your superannuation has been made fraudulently on your behalf.
- If an early-access application has been made and you did not make it, or you do not have a myGov account, contact your superannuation fund and ask them to stop the withdrawal. Tell them you did not make the request.
- Notify the ATO on 1800 467 033 that someone has attempted to withdraw your superannuation without your consent.