Take some time to think about whether the request or opportunity is genuine.
Remember, a legitimate company or government department will never pressure you to make a payment.
If you think you may have been targeted by scammers, contact us on 13 13 36 and change your passwords. Also visit Australia and New Zealand’s national identity and cyber support service IDCARE which can help you if you’ve been hacked or scammed.
Please check that your mobile number and email address are up to date in your online account. You'll need to action this ahead of the new security measures we are introducing to provide extra protection against unauthorised access. You can now update your email or change your mobile number online, or contact us on 13 13 36 if you need further help.
See the Australian Cyber Security Centre’s online glossary for a full list of cyber related terms and what they mean.
Remember, if it sounds too good to be true, it probably is a scam.
A scam is when somebody gains your confidence in order to steal your money or personal information. Fraud is when somebody accesses your money without your knowledge or permission. In this case, you mightn’t even be aware anything has happened.
Scammers and fraudsters play on emotions like loneliness, fear and compassion. They can identify vulnerabilities such as isolation, age, and low computer skills to trick you into making decisions. They may make offers of money or other rewards, or they could use threats and intimidation.
If you’re concerned about the safety of your accounts, contact us on 13 13 36 immediately.
In the meantime, here’s what to do if you receive a suspicious message or request.
Take some time to think about whether the request or opportunity is genuine.
Remember, a legitimate company or government department will never pressure you to make a payment.
Search online for the person or company and look for any reviews or experiences others may have had.
Contact the organisation directly using a phone number from their website (not the email or number in the message you received).
Talk to someone you trust and get their opinion or seek independent financial advice.
Remember, if you’re a victim of a scam, there may be little chance you’ll get your money back.
Check out scam tips, news and alerts through the Australian Government’s Scamwatch website.
You can also subscribe to Scamwatch email alerts to keep up to date with the latest scams.
If you think a phone call sounds suspicious, hang up.
Never share passwords or personal information, especially with someone you don’t know.
Don’t open SMS or email links or attachments unless you know who they’re from.
Protect your computer with antivirus software.
Don’t send money or personal details to people from unusual locations.
Don't accept a message or friend request on social media from someone you don't know.
Update your privacy settings on your social media accounts.
Be wary of unexpected contact, particularly if you’ve replied to something online.
Do your own checks on any investment opportunity to make sure it's real.
Beware of promises of low risks with high returns.
Consider seeking independent financial advice before you invest.
Check your bank account and statements regularly to watch out for unusual activity.
The ACCC’s Scamwatch has a range of information on the below if you’d like to find out more.
The easiest way for someone to access your personal information is by guessing or stealing your passwords. To help stay safe online, follow these password tips.
The longer the password is, the better, as it becomes harder to guess.
Use a mix of upper and lowercase letters, numbers and special characters like: !, & and *. Avoid using personal information like your date of birth or pet’s name.
Use different passwords for different websites and online services.
1. Whenever you can, use a passphrase instead of a password. Passphrases are generally four or more random words of at least 14 characters in total with numbers and special characters (for example, RedHouseSkyTrain88*). The aim is to create something unpredictable using unrelated words, which is easy for you to remember and hard for someone else to guess.
2. Don't write your passwords down or store them on your computer. If you must record it somewhere, make sure it’s disguised. You may want to use a reputable password manager if you have trouble memorising complex passwords and passphrases.
3. Enable multi-factor authentication wherever you can for an added layer of security to prove your identity.
4. Never share your password with anyone, even family members.
Learn more about setting secure passwords and passphrases by visiting the Australian Cyber Security Centre.
Email is a fast and convenient way to receive communications, but it’s also a common way for cybercriminals to target people with scams, phishing (which is when scammers trick you into giving out personal information) or malicious software (malware).
Take a moment to think about whether an SMS, email or attachment seems genuine before you open it. Here are some other things you should know about.
Your bank will never send you an email asking for your online banking details. Most Australian banks have announced that they will not send a link in a text message.
Cybercriminals often use a company’s name and logo. Contact the company by phone if you suspect the email is a scam.
Phishing emails may contain bad spelling and grammar or come from a peculiar email address. Sometimes a giveaway may also be an unusual link that may be included within the email or which you might notice when hovering over any hyperlinked terms.
Don't open an attachment if you can't verify who sent it to you.
Your anti-virus software mightn’t always be able to scan an attachment for viruses or spyware.
Only open links if you recognise and trust the web address it will take you to.
Make sure your firewall and security software are running the latest updates.
Check if spam filtering is activated on your email account.
Consider setting up a separate email address for mailing lists, online shopping and marketing emails.
Turn off the 'automatic download' function in your email settings to ensure malicious attachments aren't infiltrating your computer without your knowledge.
For more insights, check out Scamwatch’s info page on email scams.
Whether you’re shopping, catching up with the news, or connecting with friends online, it’s important to take precautions to protect your personal information. Here are some things to consider.
Check that the website has correct spelling, grammar and consistent design.
Look for a green padlock icon and https (rather than http) in the web address bar before transacting.
Look online for feedback from other users about the service to verify that it’s credible.
Use 'two-step verification' where you provide another form of ID as well as your password or PIN.
Don't log on to online banking or other websites and apps that contain your personal information if you’re connected to public Wi-Fi (for example, at a shopping centre).
Always log out of secure sites when you've finished using them, and close the browser window.
Understand more about how your actions can be tracked online.
We use a range of means to make sure the personal information you give us is safe, so it can't be misused, changed, lost or accessed without authorisation.
Our comprehensive approach encompasses strong security measures, strict guidelines and policies, and regular review of policies to make sure we keep up with the latest developments in cybersecurity.
How we keep your information safe
If you’re a supplier or contractor to CFS, you should refer to your legal agreement which covers your obligations to appropriately protect our information and reach out to your primary business contact if you have specific questions.
CFS staff members and all partners of CFS are required to be familiar with their obligations relating to classified information.
If you’re an adviser working with CFS, here’s what you need to know about basic security measures to help protect your business against common cyber security threats.
Security software such as antivirus and malware protection are a good first line of defence in protecting your devices.
Modern versions of Windows include free Windows Security to scan for suspicious files and programs, and detect and remove malware from your devices. Microsoft also allows the installation of third-party security software for users looking for a higher standard of protection.
Apple Mac computers don't include security software by default, so it’s important to install reputable third-party software.
Good security software can help protect your business from phishing attacks, ransomware (which is a type of malicious software designed to block access to a computer system until a sum of money is paid) and other threats.
In selecting security software (such as anti-virus or anti-malware), be sure to first read reviews to assess its reputation. The Australian government also provides guidance around antivirus software if you’d like more information.
Remember, it’s important to update your software regularly to reduce the chance of a cybercriminal using a known weakness or hack your device.
You may also want to turn on automatic updates for your devices and software. If your device or software is too old and updates aren’t available, consider upgrading to a newer product.
Cyber criminals are known to embed malicious code into software that appears legitimate as a way to infect their targets with malware, which is designed to disrupt, damage, or gain unauthorised access to a computer system. Often, this software is pirated or available via unauthorised or unofficial sources.
The safest way to avoid downloading malicious code is to only download software from official stores.
The Microsoft Windows Store is the official online marketplace for purchasing and downloading software for Windows. For Macs and Apple iOS devices, it’s Apple’s App Store. Google Play is the official online marketplaces for Android devices.
Each user account has rights to perform specific functions. In small businesses, it’s often the case that all users are given full online administrative rights by default. That means they can install new programs, change security settings, and choose personalised colour schemes and wallpapers.
Restricting administrative access greatly reduces the number of infections and security breaches. Most users simply don't need administrative access, even if they want it.
Disk encryption ensures that if a computer is stolen, the thief is unable to access the data.
The only way disk encrypted-data can be accessed is if the drive is powered on and the thief has the user’s account login details.
Microsoft Windows disk encryption is called Bitlocker. Microsoft provides step-by-step instructions for using Bitlocker on its website.
For an Apple Mac, a program called FileVault is used to protect hard drive content. Apple’s instructions for using FileVault are available from Apple’s support website.
Regular back-ups can help you recover your information if it’s lost or compromised.
Many small businesses don't have dedicated technology staff to install, configure and update their networks and the job is often left to somebody who mightn't have had formal training.
While networks make it easy to share information within the office and with others, an improperly configured network risks allowing outsiders to disrupt your business activities or steal data.
Here are six essential steps for protecting your business network.
An important first step when setting up a network is to change the default password for your router. A router’s default password is usually published on the manufacturer’s website, making it easily discoverable by would-be attackers. Choose a new, strong and unique password that is as long as possible, difficult for others to guess, and isn't re-used for any other service your business uses.
It’s also wise to disable ’remote configuration' of your router. Disabling this feature ensures your router can only be managed from a computer within your network rather than from a person logging in from the internet.
Your office network has a name, known as an SSID. These are the network names you typically see when you’re travelling, or are in a public place, and looking for a Wi-Fi network to connect to.
Limit the ability for unauthorised users to find or access your network by disabling the SSID broadcast.
You’ll find the 'disable the SSID broadcast' option in your router’s settings.
To prevent unauthorised access to your networked files, wireless communications between the computers in your network should be encrypted. Encryption scrambles your data so only the devices that are authorised to use the network can read it.
Setting up encryption on your network is usually done through the 'Wireless Security' settings on your router. It typically involves selecting the type of encryption for your network, and creating a network password or key.
WPA2 is currently the most secure type of encryption for small business and home routers, provided it’s combined with a strong password. Users are asked for a password when connecting to the network for the first time, but won't be asked on future occasions.
Less secure encryption options such as WEP should only be used on older routers where WPA2 (or WPA) is unavailable.
It’s a good idea to regularly change your network password. Doing so will prevent staff members that have left the business from having ongoing access to the network.
When guests pop into the office, it’s common to offer them network access so they can use the internet.
Look for options on your router that offer visitors access without granting access to other network resources such as servers or printers. Most routers call this 'Guest Access'.
Routers can usually create a separate network that gives connected devices access to the public internet but nothing else. You’ll find these options within your router’s wireless security settings.
Most routers come with a range of features. Services like FTP, UPnP and WebDAV are useful for specific applications. But if you don't need these services, don't turn them on.
Each enabled service is a potential opportunity for unauthorised users. It’s what security experts call the ’threat surface’ and the best approach to data defence is to make that surface as small as possible.
It’s good practice to maintain an inventory of approved devices and update this list any time a device is added or removed from the network. Regularly comparing your network against this list and removing access to devices that are unknown or not approved will improve the security of your business.
A cloud service can offer small businesses improved productivity, flexibility and reduced costs by delivering data storage services or applications such as accounting packages over the internet. While using these services can create new opportunities for your business, cloud services also introduce some security and privacy risks. Some of the factors to consider when choosing cloud providers is location, their security measures, scalability and flexibility, service level agreements and cost structures.
For more information, check out the Australian Cyber Security Centre’s Small Business Cyber Security Guide. If your clients are looking for tips relevant to them, point them to our Staying safe online hub for tips and resources.
Get in touch with us online or call us
8:30am to 6pm AEST Monday to Friday.
Use our tool to find professional financial advice,
local to you.
Track your balance and see your
transactions history from anywhere.
Avanteos Investments Limited ABN 20 096 259 979, AFSL 245531 (AIL) is the trustee of the Colonial First State FirstChoice Superannuation Trust ABN 26 458 298 557 and issuer of FirstChoice range of super and pension products. Colonial First State Investments Limited ABN 98 002 348 352, AFSL 232468 (CFSIL) is the responsible entity and issuer of products made available under FirstChoice Investments and FirstChoice Wholesale Investments.
Information on this webpage is provided by AIL and CFSIL. It may include general advice but does not consider your individual objectives, financial situation, needs or tax circumstances. You can find the target market determinations (TMD) for our financial products at https://www.cfs.com.au/tmd which include a description of who a financial product might suit. You should read the relevant Product Disclosure Statement (PDS) and Financial Services Guide (FSG) carefully, assess whether the information is appropriate for you, and consider talking to a financial adviser before making an investment decision. You can get the PDS and FSG at www.cfs.com.au or by calling us on 13 13 36.