Cybercrime on the rise: how to protect yourself online
Today’s digital world is convenient and accessible, giving us more freedom and choice than ever before - especially in the current COVID-19 pandemic environment, which has moved even more of our interactions online.
Unfortunately, the growing demand for online delivery of products and services has led to a rise in cybercrime, where criminals or unauthorised users access personal information and use it to steal people's identities – and their money. This has been experienced by many Australians across multiple industries, including super.
Below we outline some common scenarios of how cybercriminals specifically target the super industry through identity fraud. Find out what GESB does to protect our members’ identity when transacting online. We also provide some tips to help you protect your identity by spotting a scam.
How criminals can use identity theft to target fund members
Identity crime is one of the most common types of crime in Australia, leading to billions of dollars’ worth of money stolen from individuals each year. During the 2021 financial year, self-reported losses from cybercrime totalled more than $33 billion1 – and $336 million was reported lost in seven months of 20223.
The most common way criminals gain access to personal information is by stealing mail, phishing or hacking into online accounts. The personal information is often sold to criminal groups, who then use stolen identity documents and personal details to2:
Open new super accounts in the victim’s name
The criminal changes key contact details for the member, such as email address, residential address and contact number, via member services online
Change contact details for existing accounts
The criminal creates a new online account in the member’s name with a different super provider, and requests to roll in funds from the existing fund to this new account
Withdraw funds to these fake accounts
The criminal submits a paper-based application to withdraw the funds using fake or illegally obtained documentation, often ‘certified’ by a fake Justice of the Peace
Case study
An individual’s identification details were compromised and used to change the contact details for their super account online. After changing these details, an application to withdraw the full balance of their super (more than $95,000) was made using counterfeit identification documents, fraudulently certified by a Justice of the Peace.
The individual’s retirement benefit was deposited into a fake bank account two days later, and the funds were quickly used to fund purchases made in Hong Kong.
At GESB, we take cybersecurity very seriously. We are continuously taking measures to protect our online systems, so your information stays safe.
What GESB does to help protect your identity
Like many financial institutions in Australia and around the world, GESB has robust security measures in place to protect your member information. These are in relation to customer identification processes, which help us to identify unusual transactions and behaviour and report suspicious matters where appropriate.
In general, when you call us or otherwise contact us remotely, we:
- Verify three points of personal information to validate you’re the account holder, or are someone authorised to collect information on the account holder’s behalf
- Request valid ID documents where appropriate
These identity verification processes extend to physical security on our premises and staff training in fraud prevention and identification.
We have a number of information security controls in place which help us monitor for external threats and protect member information. We investigate any identified suspicious activity and where appropriate report it to the relevant authorities.
We are always working to improve our security. An example of this is our upcoming Member Online upgrade which will include Multi-Factor Authentication (MFA). This requires members to undertake an additional verification process by entering a code sent to their registered device.
What you can do to help protect your identity
In the past year, 92% of Australians have been exposed to a scam via email, SMS, phone calls and/or social media – with 125,000 scams reported in seven months of 20223. Commonly, people are tricked into opening an email attachment, visiting a website, revealing account login details or sensitive information, or transferring money or gift cards.
These ‘phishing’ messages are made to appear as if they were sent from individuals or organisations you think you know, or you think you can trust. They often include a sense of urgency and attempt to engage you emotionally.
Below we outline some things to keep in mind when reading email messages or taking phone calls, to help you spot a scam before your identity can be stolen4:
- Is the message claiming to be from someone official?
- Are you told you have a limited time to respond?
- Does the message make you panic, fearful, hopeful or curious?
- Is the message offering something in short supply?
- Is this message related to current news stories, big events or specific times of year (like tax reporting)?
If the answer is yes to the above, check the message is legitimate by going back to something you can trust – visit the official website, log into your account, or phone their advertised phone number. Don’t use the links or contact details in the message you’ve been sent or given over the phone.
For more practical tips on keeping your accounts secure and avoiding email scams, read 5 simple steps to help protect your cybersecurity and How to avoid email scams and use email safely.
How to report identity crime
If you believe you’ve been a victim of online identity fraud in relation to your super account, or if there’s been a change to your contact details that you didn’t request, please call your Member Services Centre on 13 43 73. We can flag your account and provide additional support and guidance.
If you have a Self-Managed Super Fund (SMSF), please contact the ATO.
If you think you may have fallen victim to cybercrime, report it to the Australian Cyber Security Centre’s (ACSC) ReportCyber.
More information
- Find out more about identity fraud on the Australian Government’s Office of the Australian Information Commissioner (OAIC) website
- Visit the ATO’s Scam alert page for examples of recent ATO impersonation scams
- Read the ACSC’s ‘Easy steps to secure your devices and accounts’ brochure
- Learn more about COVID-19 coronavirus super scams
1 Annual Cyber Threat Report, 1 July 2020 to 30 June 2021, ACSC
2 Identity crime enabling super and share sale fraud, AUSTRAC, October 2021
3 Scams, Australian Banking Association, September 2021, accessed 22/03/22
4 Easy steps to secure your devices and accounts, ACSC, accessed 22/03/22
Thank you for printing this page. Remember to come back to gesb.wa.gov.au for the latest information as our content is updated regularly. This information is correct as at 12 June 2026.