Cyber Security

Helping you keep your super and investments secure online

Your super and investment savings represent years of hard work for a secure future. Unfortunately, they can be a prime target for scammers, causing significant financial loss and emotional distress.

Financial scams are on the rise and becoming more sophisticated, making them harder to detect. This page will help you recognise common types of super and investment scams, how to identify them, and how to protect yourself and your loved ones.

These scams usually involve individuals or companies pretending to be from a super fund or regulatory body seeking your personal information. They may claim they need it to update your super account or verify your identity. Or they could offer to help you access your super before you’re eligible to under law. They may claim that doing this can, for example, help you pay off debts or purchase a house. But accessing your super early can result in significant penalties. In addition, these scams may involve high fees or charges which can eat into your super savings.

We recommend that:

You never give out your personal information unless you’re sure it’s safe.
If you’re ever in doubt, contact us.

Investment scams can come in various forms, all aimed at tricking you out of your money. Here are some common ones to watch out for:

Fake investment websites that vanish once you’ve put your money in.
Phony brokers who lock you out of your account after receiving funds.
The promise of huge returns who lock you out of your account after receiving your funds.
Romance or friendship scams that then lead to bogus investment opportunities. (See Romance section for more.)

If you suspect you’re being targeted:

Be cautious of unsolicited messages promising big returns with low risk.
Seek professional advice before committing to any investment.
Watch out for investments claiming to avoid taxes; they may not be legitimate.
Research the company or platform online for reviews or scam warnings.
Check the credentials by looking up ASIC Connect for Australian businesses.
Beware of deepfake ads featuring fake endorsements from celebrities.
Avoid unregulated investments like overseas whisky schemes with unrealistic returns.

Impersonation scams mimic authorities like police, government, banks and well-known businesses to gain your trust.

For example, we have seen scammers pretending to be from Insignia Financial (IOOF'S parent company) use cold calls to offer high-return investment accounts, or term deposits with “special one-time rates”. They may direct victims to legitimate websites to appear credible. These scams often feature genuine Insignia Financial logos/images to deceive victims, but upon closer inspection reveal discrepancies.

For instance:

Addresses used are not actual Insignia Financial locations.

Website/domain name have variations such as additional symbols like ‘-’ or additional letters. Examples include:

insigniafinancial-wm.com
insigniafinancial-clientportal.com
insigniafinancial.com--about-us.com

Scammers may email details about these investments. Please note that IOOF (and Insignia Financial) employees do not make unsolicited (cold) calls to promote products or business offerings.

Impersonation scams constantly evolve and exploit trusted brands to deceive victims. Visit Scamwatch for more information on impersonation scams.

The cryptocurrency craze has always felt like the Wild West. Now, with its growing popularity, scammers are eager to exploit it. They might pose as investment managers or brokers, promising sky-high returns, but ultimately leave you with nothing.

Here are common crypto scams to watch out for:

Fake recommendations from compromised social media accounts or unsolicited messages with links to fake crypto sites or apps.
Fake crypto platforms that appear legitimate but actually divert your funds to scammers.
Initial coin offerings (ICOs) offering discounted coins to investors which are left worthless once scammers cash out.
Fake job offers involving setting up bank and crypto accounts to assist in money laundering, putting you at risk of prosecution.
Scammers posing as recovery services promising to recover lost funds for a fee but failing to deliver results.

These scams involve criminals stealing your personal information (name, date of birth and Tax File Number). With this data, they can open bank accounts, credit cards and other financial accounts in your name, leaving you with the debt and a damaged credit score.

We recommend that you:

Keep your personal information secure and beware of unsolicited messages asking for it.
Regularly check your bank accounts for suspicious activity.

If you suspect that your identity has been stolen, contact your bank or financial institution immediately and report the fraud to the Australian Cyber Security Centre.

While Self-Managed Super Funds (SMSFs) are a legitimate way to manage your super, there’s an increasing risk of scams. Scammers may pretend to be financial advisers or SMSF businesses, urging you to:

Open an SMSF.
Expect high returns with low risk.
Let them handle everything for you.
Invest in unconventional investments like cryptocurrencies.

Appearing trustworthy and patient, they gradually convince you to transfer your super into their control.

They may also offer to help you access your super early, asking for personal details to withdraw funds or set up an SMSF for a fee. However, accessing super before you’re allowed can result in significant fines and taxes.

We recommend that you:

Never give out your personal information unless you’re sure it’s safe.
Seek professional advice if you’re ever in doubt.

If you suspect an SMSF scam:

Research the company thoroughly and seek independent trustworthy financial advice.
Check if the business is licensed by visiting the ASIC Connect website and APRA disqualification register.
Ensure you meet the conditions for accessing super.
Visit moneysmart.gov.au for more on super scams and what to do if you’ve been scammed.
Report it to the police promptly if you think you’ve been scammed.

Romance scammers often reach out through social media, gaming or dating apps, trying to build a connection by pretending to share your interests. They may then coerce you into financial transactions, such as opening bank accounts, unknowingly getting involved in money laundering or investing in risky schemes like cryptocurrency.

Their tactics typically include:

Rushing the relationship to make you feel special quickly and lower your guard.
Moving the conversation off the dating app to a chat app to maintain secrecy. For example, to WhatsApp.
Avoid meeting in person and discouraging you from telling friends or family.
Requesting personal information including coercing you to comply and threats if you resist.

If you suspect a romance scam:

Never send money to someone you haven’t met.
Avoid sharing sensitive documents online.
Avoid transferring funds for others to prevent involvement in illegal activities.
Verify the person’s identity and take things slow.
Search for their name with “scam” to check for warnings.
Be careful when sharing personal details and intimate content.
Don’t keep the relationship a secret; talk to trusted friends or family.
Learn more about staying safe online and on social media platforms.

Visit scamwatch.gov.au/types-of-scams/romance-scams for additional resources.

3 steps to stay safe online

If you receive a suspicious call, email or text, pause and assess. Genuine organisations like IOOF never pressure you to act immediately or ask for your password via email.

Malware can target you through:

Emails or messages with links or attachments.
Malicious websites attempting to install malware.
Exploiting vulnerabilities in outdated software.

To spot malware, watch out for:

Unusual account activity.
Sluggish performance or rapid battery drain.
Unexpected or inaccessible files and frequent errors.
Automatic redirects to web pages you didn’t intend to visit.

Be careful about sharing personal information online. Scammers piece together details from various sources to exploit or create accounts in your name. Always reflect.

Email safety tips:

Be wary of unknown senders. Always stop and think before opening attachments, clicking links or replying to suspicious emails.
Never send personal information via email. Use secure document-sharing software like DocuSign instead.
Avoid using public Wi-Fi. It’s vulnerable to cyber attacks.

Whether it’s personal or work, staying vigilant is crucial. When in doubt, reject contact, delete suspicious messages and avoid opening unknown links.

Key scam prevention tips:

Avoid sharing your superannuation information. Never share information about your superannuation with someone who contacts you, even if they seem to be from a trusted organisation. Always verify their identity by calling the organisation directly.
Be cautious with hyperlinks. Avoid clicking hyperlinks in messages or emails. IOOF will never ask for your password or provide a link to a login page for your account.
Thoroughly research investment opportunities. Be wary of high-return, low-risk investment opportunities – if it sounds too good to be true, it probably is.
Check against the ASIC website. If you’re speaking with a financial adviser, verify their registration on the ASIC website. Anyone offering advice about financial products must hold an Australian Financial Services licence from ASIC. Visit the ASIC website
Take your time. Don’t rush into investments without independent legal or financial advice.

Protect yourself from scams

Outright reject suspicious contacts
Use strong and unique passwords
Avoid using public Wi-Fi
Lock and shield your screen in public
Enable multi-factor authentication (MFA) for additional security
Stay informed about current scams targeting financial services, including super.

Remember, IOOF will never ask for:

Your Online Banking Security login details
Your *product name* details
Help to catch cyber criminals or assist with internal investigations
Your money to be moved to a "safe" account, or to any account with another bank.