SMSFs ‘high on the radar’ for cyber scams
There is no doubt that self-managed super funds are a prime target for cyber criminals as they seek to take advantage of the COVID-19 pandemic, according to an SMSF auditor.
In a blog, ASF Audits executive general manager of technical services Shelley Banton said that at a time when trustees are working from home through remote systems, the number of reported scams to the Australian Cyber Security Centre (ACSC) means being on high alert against the threat of COVID-19-themed cyber-crime activity.
“As 1.1 million SMSF trustees have an average balance of $678,621 in their SMSFs, there is no doubt that SMSFs are high on the radar of cyber criminals,” Ms Banton said.
“While the ACSC continues to focus on protecting Australians against cyber scams, the best advice for SMSF trustees is to stay safe online and limit the risk of being attacked.”
The most common scam to watch for
Ms Banton said the ACSC has received reports about a range of different COVID-19-themed scams, online frauds and phishing campaigns designed to steal from unsuspecting individuals, businesses and government departments.
She noted that one of the most common scams is where cyber criminals register several COVID-19-themed websites to conduct widespread phishing campaigns that distribute malicious software (malware) or harvest personal information from unsuspecting SMSF trustees.
“Once the phishing campaign obtains the user’s credentials, cyber criminals can bypass security controls to gain access to account and networks belonging to individuals and businesses,” Ms Banton said.
“The ACSC has reported that those engaged in cyber-crime activities continue to rapidly adapt their techniques in response to changes in the current environment.
“New phishing campaigns that align with breaking developments, such as government relief payments, within days, and even hours, of these announcements, are occurring.”
Key elements of phishing scams
Ms Banton highlighted several key details identified by the ACSC to look out for to help determine if a text message or email is phishing, such as:
- Read the message very carefully, look for anything that isn’t quite right, such as spelling, tracking numbers, names, attachment names, sender, message subject and URLs.
- On a PC or laptop, hover your mouse over links to see if the embedded URL is legitimate, but don’t click.
- Google information such as sender address or subject line, to see if others have reported it as malicious.
- Call the organisation on their official number as it appears on their website (separate to any contact details in the received message) and double-check the details or confirm the request is legitimate. Do not contact the phone number or email address contained in the message, as this most likely belongs to the scammer.
- Use sources such as the organisation’s mobile phone app, website or social media page to verify the message.
“Most importantly, do not open attachments from unknown sources or click on links in unsolicited emails. Never divulge personal information to unverified sources and never provide remote access to your computer,” Ms Banton said.
“Using two-factor authentication on all essential services and employing email, SMS or social media providers that offer spam and message scanning can also minimise SMSF cyber crime.”
Adrian Flores is the deputy editor of SMSF Adviser. Before that, he was the features editor for ifa (Independent Financial Adviser), InvestorDaily, Risk Adviser, Fintech Business and Adviser Innovation.