Need to know
- Scammers may try to access your super through phishing or encouraging you to open a self-managed super fund
- Super Consumers Australia is calling on all funds to do more to protect people from scammers, including using two-factor authentication to protect accounts
- Consumer advocates say super funds should have to pay when scams happen, and the fund hasn't taken appropriate care
In 2022, Australians lost a staggering $377 million to investment scams, and scammers continue to find new ways to steal money from super.
Super Consumers Australia is calling on the industry to do better to ensure scammers don't steal from anyone's retirement income.
"One of the unfortunate things we do hear is when (a scam) occurs in super, the losses are really significant," says Tom Abourizk, a policy officer at Consumer Action Law Centre.
"Last year, we had a couple of clients that lost hundreds of thousands of dollars from their super accounts."
There are some simple steps you can take to help protect your super from scammers.
Phishing or identity theft scams
Some scammers have stolen super by sending Australians a text or email with a hyperlink that directs them to a scam website or asks for your password. They may pose as your super fund or a government department or service, like the Australian Taxation Office (ATO) or MyGov.
These links may download malware (malicious software) onto your computer or let the scammer steal your personal details.
You can safely ignore any links like these. If you need to contact your super fund, financial adviser or a government service, type their full address into your browser rather than following a link.
Remember, your super fund will never contact you asking for your password or personal details.
Tip: Don't click on any unsolicited or suspicious hyperlinks – they could be from a scammer.
Scammers setting up dodgy SMSFs
A self-managed super fund (SMSF) can give you more control over how your super is invested. This greater flexibility can be a strength and a weakness.
There have been reports of scammers stealing from Australians' super accounts by approaching people to set up a SMSF. They may offer higher investment returns than you can make with a super fund managing your money. They may also offer to invest in different types of assets than a traditional super fund, such as cryptocurrency.
The scammers can then use identity documents and personal information they gain from correspondence to roll your super account over into their bank account.
No legitimate super expert needs to cold call strangers to drum up business and you can safely ignore anyone who approaches you out of the blue.
If you want to set up an SMSF, there are many legitimate companies that can help you. Any financial adviser or financial advice business must hold a licence from the Australian Securities & Investments Commission (ASIC). ASIC's Moneysmart website has a register of these licence holders. ARPA also keeps a register of everyone disqualified from giving financial advice.
Tip: Ignore cold calls and make sure any financial adviser you deal with is legitimate by checking the ASIC register.
Scammers offering early access to your super
Another common trick of scammers is to claim they can get you access to your super early. Generally, you need to wait until retirement age to start withdrawing from your super.
There are very strict conditions on accessing your super early, like having a terminal illness or being in severe financial hardship.
Scammers may approach you out of the blue and offer to help you with this process. They may ask you to put your name to a fake story about why you need your super early.
In other cases, they may be simply charging money to help you fill out the official documents you need to request early access. They might also suggest you move your money into a SMSF. In some instances, the scammer tricks your super fund into paying them the money directly.
Another problem here is that you could be fined and have to pay more in tax if you improperly access your super early.
Tip: Ignore anyone offering to help you access your super early.
One simple way to safeguard your super is to enable two-factor authentication for your email, online banking and social media accounts. This authentication offers an extra layer of protection beyond your username (or email address) and password, which means scammers can only sign in to these accounts if they have your phone.
Having a password that's hard to guess, keeping it secure (e.g. not written down on a post-it note) and regularly changing it are also good steps to secure your super.
Moneysmart recommends shredding your personal documents. Some funds suggest locking your mailbox to prevent anyone from stealing your records to use for identity theft.
Moneysmart also suggests being careful about what information you share on social media.
Tip: Protect your account with strong passwords and two-factor authentication.
Scammers may create a fake sense of urgency, saying you must act quickly to take up their offer. But super is a long-term investment, and there's no need to make immediate decisions about your retirement income. Take the time to confirm that any person or company you're dealing with is legitimate – check the register and only deal with people and companies you've approached, rather than cold callers.
Tip: Don't let anyone rush you into changing your super.
If any of your personal documents (like your passport or driver's licence) are lost or stolen, let your super fund know immediately.
If you think a scammer has taken your money, you can make a complaint to the Australian Financial Complaints Authority (AFCA). AFCA can order a super fund to repay your money. Unfortunately, however, not all super scam victims get their money back.
The Australian Competition & Consumer Commission's Scamwatch collects information about scams and helps people avoid getting scammed. You can also report any potential scams to them.
Being scammed can be a distressing experience. If you need someone to speak to, contact Lifeline on 13 11 14.
The onus should be on funds, not members, to stop scams
While Super Consumers Australia policy manager Franco Morelli says it's a good idea to be vigilant, he also stresses that it's ultimately up to banks and super funds to protect against scammers.
"Every fund should have, at the least, two-factor authentication in place to give Australians some peace of mind around the security of their super," says Morelli.
Gerard Brody, chief executive officer at Consumer Action Law Centre, agrees that funds should be required, at a minimum, to use two-factor authentication to ensure payment instructions are coming from the fund member.
"Without this (requirement), super funds are leaving their customers open to substantial risk of frauds and scams. Any payment system needs to be robust and secure, and allowing 'one click' transfers isn't sufficient to protect people."
Case study: Super fund refuses to pay back scam victim
In 2022, Paul* made a complaint to the AFCA about a scammer stealing from his super.
The scammer somehow got his name, date of birth and tax file number and used these details to create a fraudulent second account. The scammer later transferred money to a third account, which they controlled. Overall, the fraudster made three transfers from Paul's second account to their own – the first withdrawal was for more than $14,000.
After Paul discovered someone had stolen his super, he asked his fund to pay him back the lost money. They refused. He then appealed the fund's decision to AFCA, but they found the fund's refusal to compensate him was "fair and reasonable" under the circumstances, given the fund was unaware of the fraud.
Crucially, there is no suggestion in this case that the scammer needed to get through two-factor authentication to access and steal Paul's super. If this authentication were in place, the scammer wouldn't have been able to transfer money out of Paul's account unless they had his phone as well as his personal details.
Super Consumers Australia has chosen not to name the fund.
* Not his real name
Abourizk says that for the most part, where scams occur in banking, the bank will be considered liable when the victim isn't the one who pressed 'send' on the transfer. This situation is considered an unauthorised transaction. But he says tribunals may be treating super scams differently.
"There's been a few AFCA decisions involving super-based scams where you can't clearly say the victim has pressed 'send' or done anything, but they've still lost money."
Brody says funds should be made to refund scam victims when they breached their duties as trustees or failed to act with reasonable care
"The money has gone out of the super account under the control of the super company, yet the super fund isn't liable. That's something we're concerned about; some cases suggest the super fund isn't taking the appropriate level of care."
Abourizk says super funds should proactively monitor and double-check transactions out of accounts.
"That represents years of someone's work going into a bank account. If that's been obtained fraudulently, that's devastating for people."
Brody says funds should be made to refund scam victims when they breached their duties as trustees or failed to act with reasonable care. "Placing liability on super funds is appropriate, as it provides an incentive to improve the safety of their systems, including rollover processes," he says.
This content was produced by Super Consumers Australia which is an independent, nonprofit consumer organisation partnering with CHOICE to advance and protect the interests of people in the Australian superannuation system.
Stock images: Getty, unless otherwise stated.