Online security
At GESB, cyber security is a priority. We are continuously taking measures to protect our online systems, so it’s not just easy for you to perform your employer obligations, but to ensure your information and funds remain secure.
In April 2025, the Australian superannuation industry was targeted by a coordinated cyber attack. The incident was identified as a brute-force attack, which is repeated attempts to guess login details. These attacks use already leaked or stolen passwords, and common or simple passwords, to access accounts.
What we are doing
GESB has stringent protocols in place to protect member and employer data and funds. As a precautionary measure, we have heightened monitoring in response to the current situation and are working closely with our service providers to rigorously monitor all our systems.
Multi-factor Authentication (MFA) for member interactions
MFA is a two-step security check we use when members use the Member Online portal, including when requesting changes to their account. This is designed to make sure only the member can access and make changes to their super.
To increase security, MFA is now mandatory each time a member logs into Member Online. Previously, it was in place for registration; changes and transactions; and if a behavioural change was detected, such as a log in from a different device or location.
Your role in protecting yourself online
GESB encourages our members and employers to use strong and unique passwords that are changed frequently to keep devices secure, and not to reuse the same password across multiple platforms and services.
There are some simple steps you can take to help protect your privacy and identity.
A strong password is at least eight characters long with a combination of numbers, letters and symbols. It’s important to use different passwords for different accounts and keep your passwords protected.
Make sure you have relevant security software and keep it up to date. Enable security options like multifactor authentication (MFA) on as many devices as possible.
When you use an online account, such as Employer Online, don’t use a public computer or public wi-fi internet connection. Always log out of the account and close your browser when you are finished.
For web browser security, use the latest versions of supported web browsers to access and log in to Employer Online.
Don’t click on unsolicited emails, engage on phone calls with someone who can’t verify their identity or respond to suspicious SMS messages.
You can often identify a scam or phishing email by:
- Misspelled words or incorrect grammar
- Links that take you directly to your online account
- Unfamiliar sender or company
- Suspicious attachments
- Requests for your personal information, login credentials or payment information
- Messages ordering you to act urgently or within a limited time
If you receive an email that seems legitimate, go to the company’s website without clicking any links, or call them directly using the number on their website.
We will never contact you asking for personal information or login credentials.
Check your privacy settings on all accounts. Whenever a site asks for your email address, read their privacy policy or statement first.
Our Privacy Statement explains how we protect the privacy of your information.
If you’re concerned about the security of your Employer Online account
If you believe there may be a security issue with your Employer Online, contact Payroll General at payroll.general@gesb.com.au to change your password.
Get help and guidance
There are several organisations that can provide you with support and guidance:
- The Australian Government provides useful information about staying secure online and provide a Cyber Security Awareness Toolkit
- Agencies can find useful information through the Office of Digital Government, including the Western Australian Government Cyber Security Incident Reporting Portal, and Cyber Security Incident Response and Coordination
- IDCARE, Australia and New Zealand’s national identity and cyber support service, connects you to an expert who can provide advice on how to respond to data breaches, scams, identity theft and cybersecurity concerns
- SCAMWatch provides information about new types of identity crime and emerging scams
- The ATO’s Scam alert page provides examples of recent ATO impersonation scams
More information
- Read more employer news and updates
- Learn more about the support we offer employers
We're here to help
Our Relationship Management and Education team are here to help, so if you have any questions, please contact your Relationship Manager.
Thank you for printing this page. Remember to come back to gesb.wa.gov.au for the latest information as our content is updated regularly. This information is correct as at 23 June 2026.