Share this article on:
Powered by MOMENTUMMEDIA
Breaking news and updates daily.
The Australian National Cyber Security Coordinator has warned of scammers making the most of the fallout following the nation’s major superannuation funds suffering a major cyber attack.
Last week, a number of Australia’s largest superannuation funds reportedly suffered a breach, with thousands of user accounts compromised.
So far, the super funds affected by the incident include Rest, Hostplus, Australian Retirement Trust, AustralianSuper, and Insignia, the owner of major super fund brand MLC.
While the breadth of the cyber incident is still unknown, Insignia said that the incident was the result of a credential stuffing attack.
Now, in a statement posted to LinkedIn, National Cyber Security Coordinator Lieutenant General Michelle McGuinness, CSC warned of scammers taking advantage of the superannuation fund cyber attacks to launch scams.
“Scammers are taking advantage of reports of cyber attacks on superannuation funds to target Australians’ finances and personal information,” she said.
“Don’t click on links or respond to unsolicited communications claiming to be from your superannuation fund or offering third party assistance to recover your money – scammers looking to steal your money or personal information could be lurking at the other end.
“Members should follow the advice of their superannuation funds. You should only get in touch with your superannuation fund through official, verified channels, like a phone number or email address that you have sourced yourself.”
Scammers often target victims of major cyber incidents to leverage their desperation to recover information and in some of the superannuation cases, lost funds, to secure even more data and money.
While both Rest and Insigina have confirmed no financial losses, AustralianSuper said that $500,000 was stolen in the cyber attack. Those superannuation customers who have lost money are most definitely pensioners whose accounts are in the pension drawdown phase, as those accounts can request lump-sum withdrawals.
Additionally, an anonymous finance expert speaking with Cyber Daily said that normal superannuation accounts are extremely difficult to withdraw from, resulting in pensioners becoming a likely target for the threat actors.
This is a demographic that research has shown is disproportionately targeted by scammers due to a number of factors including a lower computer literacy, loneliness, and in some cases, decreased cognitive function.
“In 2021, Australians 65 and older lost more money to scams than any other age group – about $82 million of the $1.8 billion reported to the ACCC’s Scamwatch, as well as to ReportCyber, financial institutions and other government agencies,” said CHOICE.
“It was more than double the amount lost in 2020, when scammers made off with $38 million from older Australians.”
In regard to the superannuation fund cyber attack, the Australian Prudential Regulation Authority (APRA) has instructed superannuation funds that have not come forward as affected by the cyber incident to do so.
Speaking at a Sydney press event, Treasurer of Australia, Jim Chalmers, said government agencies are working with the funds and are co-ordinating with regulators, stakeholders, and industry.
“APRA and ASIC are engaging with all of the potential impacted super funds to support safe outcomes for members,” he said.
“On Friday, we convened the Council of Financial Regulator agencies to get an update on their ongoing response to this incident as well. That’s working around the clock in response to the incident and it’s all about protecting fund members and improving security measures.”
However, when asked whether those affected would be compensated, he said that was currently not being considered.
“Don’t read too much into my answer before, which was to say our focus right now is working with the authorities and with the regulators. That’s our focus,” he said.
Be the first to hear the latest developments in the cyber industry.