SMSFs ‘high on the radar’ for cyber scams

“As 1.1 million SMSF trustees have an average balance of $678,621 in their SMSFs, there is no doubt that SMSFs are high on the radar of cyber criminals,” Ms Banton said.

“While the ACSC continues to focus on protecting Australians against cyber scams, the best advice for SMSF trustees is to stay safe online and limit the risk of being attacked.”

The most common scam to watch for

Ms Banton said the ACSC has received reports about a range of different COVID-19-themed scams, online frauds and phishing campaigns designed to steal from unsuspecting individuals, businesses and government departments.

She noted that one of the most common scams is where cyber criminals register several COVID-19-themed websites to conduct widespread phishing campaigns that distribute malicious software (malware) or harvest personal information from unsuspecting SMSF trustees.

“Once the phishing campaign obtains the user’s credentials, cyber criminals can bypass security controls to gain access to account and networks belonging to individuals and businesses,” Ms Banton said.

“The ACSC has reported that those engaged in cyber-crime activities continue to rapidly adapt their techniques in response to changes in the current environment.

“New phishing campaigns that align with breaking developments, such as government relief payments, within days, and even hours, of these announcements, are occurring.”

Key elements of phishing scams

Ms Banton highlighted several key details identified by the ACSC to look out for to help determine if a text message or email is phishing, such as:

• Read the message very carefully, look for anything that isn’t quite right, such as spelling, tracking numbers, names, attachment names, sender, message subject and URLs.
• On a PC or laptop, hover your mouse over links to see if the embedded URL is legitimate, but don’t click.
• Google information such as sender address or subject line, to see if others have reported it as malicious.
• Call the organisation on their official number as it appears on their website (separate to any contact details in the received message) and double-check the details or confirm the request is legitimate. Do not contact the phone number or email address contained in the message, as this most likely belongs to the scammer.
• Use sources such as the organisation’s mobile phone app, website or social media page to verify the message.

“Most importantly, do not open attachments from unknown sources or click on links in unsolicited emails. Never divulge personal information to unverified sources and never provide remote access to your computer,” Ms Banton said.

“Using two-factor authentication on all essential services and employing email, SMS or social media providers that offer spam and message scanning can also minimise SMSF cyber crime.”