Online security tips to protect you from scams

Contact us if you’re concerned

If you think you may have been targeted by scammers, contact us on 13 13 36 and change your passwords. Also visit Australia and New Zealand’s national identity and cyber support service IDCARE which can help you if you’ve been hacked or scammed.

New line of defence

Please check that your mobile number and email address are up to date in your online account. You'll need to action this ahead of the new security measures we'll be introducing to provide extra protection against unauthorised access. Update your email online and contact us on
13 13 36 to change your mobile number.

Understand the technical terms

See the Australian Cyber Security Centre’s online glossary for a full list of cyber related terms and what they mean.

What you need to know about scams

Remember, if it sounds too good to be true, it probably is a scam.

What is a scam?

A scam is when somebody gains your confidence in order to steal your money or personal information. Fraud is when somebody accesses your money without your knowledge or permission. In this case, you mightn’t even be aware anything has happened.

Scammers and fraudsters play on emotions like loneliness, fear and compassion. They can identify vulnerabilities such as isolation, age, and low computer skills to trick you into making decisions. They may make offers of money or other rewards, or they could use threats and intimidation.

If you’re concerned about the safety of your accounts, contact us on 13 13 36 immediately.

In the meantime, here’s what to do if you receive a suspicious message or request.

Pause

Take some time to think about whether the request or opportunity is genuine.

Remember, a legitimate company or government department will never pressure you to make a payment.
Review

Search online for the person or company and look for any reviews or experiences others may have had.

Contact the organisation directly using a phone number from their website (not the email or number in the message you received).
Reflect

Talk to someone you trust and get their opinion or seek independent financial advice.

Remember, if you’re a victim of a scam, there may be little chance you’ll get your money back.
Find out more

Check out scam tips, news and alerts through the Australian Government’s Scamwatch website.

You can also subscribe to Scamwatch email alerts to keep up to date with the latest scams.

What to do if you're a victim of a scam or fraud

Let your financial providers know straight away.
Change your passwords and PINs immediately.
Report the scam to the relevant authorities. For fraud, contact the police.
Call IDCARE (a government-funded service for identity and cyber security) on 1800 595 160
Apply for a Commonwealth victims’ certificate if you’re a victim of identity crime.

Tips to help you avoid scams

If you think a phone call sounds suspicious, hang up.
Never share passwords or personal information, especially with someone you don’t know.
Don’t open SMS or email links or attachments unless you know who they’re from.
Protect your computer with antivirus software.
Don’t send money or personal details to people from unusual locations.
Don't accept a message or friend request on social media from someone you don't know.
Update your privacy settings on your social media accounts.
Be wary of unexpected contact, particularly if you’ve replied to something online.
Do your own checks on any investment opportunity to make sure it's real.
Beware of promises of low risks with high returns.
Consider seeking independent financial advice before you invest.
Check your bank account and statements regularly to watch out for unusual activity.

Common scams to watch out for

The ACCC’s Scamwatch has a range of information on the below if you’d like to find out more.

Tips for creating strong passwords

The easiest way for someone to access your personal information is by guessing or stealing your passwords. To help stay safe online, follow these password tips.

Length

The longer the password is, the better, as it becomes harder to guess.

Complex

Use a mix of upper and lowercase letters, numbers and special characters like: !, & and *. Avoid using personal information like your date of birth or pet’s name.

Unique

Use different passwords for different websites and online services.

Password checklist

1. Whenever you can, use a passphrase instead of a password. Passphrases are generally four or more random words of at least 14 characters in total with numbers and special characters (for example, RedHouseSkyTrain88*). The aim is to create something unpredictable using unrelated words, which is easy for you to remember and hard for someone else to guess.

2. Don't write your passwords down or store them on your computer. If you must record it somewhere, make sure it’s disguised. You may want to use a reputable password manager if you have trouble memorising complex passwords and passphrases.

3. Enable multi-factor authentication wherever you can for an added layer of security to prove your identity.

4. Never share your password with anyone, even family members.

Learn more about setting secure passwords and passphrases by visiting the Australian Cyber Security Centre.

How to keep your email secure

Email is a fast and convenient way to receive communications, but it’s also a common way for cybercriminals to target people with scams, phishing (which is when scammers trick you into giving out personal information) or malicious software (malware).

Take a moment to think about whether an SMS, email or attachment seems genuine before you open it. Here are some other things you should know about.

Bank details

Your bank will never send you an email asking for your online banking details. Most Australian banks have announced that they will not send a link in a text message.

Looks can be deceiving

Cybercriminals often use a company’s name and logo. Contact the company by phone if you suspect the email is a scam.

Check the details

Phishing emails may contain bad spelling and grammar or come from a peculiar email address. Sometimes a giveaway may also be an unusual link that may be included within the email or which you might notice when hovering over any hyperlinked terms.

Verification

Don't open an attachment if you can't verify who sent it to you.

Follow your instincts

Your anti-virus software mightn’t always be able to scan an attachment for viruses or spyware.

Trust

Only open links if you recognise and trust the web address it will take you to.

Email security checklist

Make sure your firewall and security software are running the latest updates.
Check if spam filtering is activated on your email account.
Consider setting up a separate email address for mailing lists, online shopping and marketing emails.
Turn off the 'automatic download' function in your email settings to ensure malicious attachments aren't infiltrating your computer without your knowledge.

For more insights, check out Scamwatch’s info page on email scams.

Ways to browse the web safely

Whether you’re shopping, catching up with the news, or connecting with friends online, it’s important to take precautions to protect your personal information. Here are some things to consider.

Look carefully

Check that the website has correct spelling, grammar and consistent design.

Secure web addresses

Look for a green padlock icon and https (rather than http) in the web address bar before transacting.

Credibility

Look online for feedback from other users about the service to verify that it’s credible.

Extra security

Use 'two-step verification' where you provide another form of ID as well as your password or PIN.

Secure Wi-Fi

Don't log on to online banking or other websites and apps that contain your personal information if you’re connected to public Wi-Fi (for example, at a shopping centre).

Close your browser

Always log out of secure sites when you've finished using them, and close the browser window.

Secure web browsing checklist

Use anti-virus software and regularly update it.
Make sure you’re across the privacy and security settings in your web browser.
Avoid saving passwords in your browser and logout of accounts when you’re finished.
Manage your cookies (these are files that gather details about you when you visit a website). To turn these off, go to settings or tools, or set up your browser to do it automatically.
Clear your browsing history. While it makes it easy to return to websites you’ve visited previously, it also makes it easier for other people to see your history too.
If you notice suspicious activity on your accounts, contact your financial providers straight away and make sure they have your correct details on file so they can contact you too.

Understand more about how your actions can be tracked online.

How CFS protects your data

We use a range of means to make sure the personal information you give us is safe, so it can't be misused, changed, lost or accessed without authorisation.

Our comprehensive approach encompasses strong security measures, strict guidelines and policies, and regular review of policies to make sure we keep up with the latest developments in cybersecurity.

How we keep your information safe

Only authorised people can access our computer systems.
Users can only access the information they need.
Our employees use unique passwords that are changed regularly.
Sensitive data is stored and transmitted in an encrypted form.
Firewalls, intrusion detection systems, and virus scanning tools are in place.
Secure networks and encryption when we outsource data is used.
Secure storage for physical records is provided.
When information is no longer needed, it is safely destroyed.

If you’re a supplier or contractor to CFS, you should refer to your legal agreement which covers your obligations to appropriately protect our information and reach out to your primary business contact if you have specific questions.

CFS staff members and all partners of CFS are required to be familiar with their obligations relating to classified information.

Pointers for advice practices

If you’re an adviser working with CFS, here’s what you need to know about basic security measures to help protect your business against common cyber security threats.

Use security software

Security software such as antivirus and malware protection are a good first line of defence in protecting your devices.

Modern versions of Windows include free Windows Security to scan for suspicious files and programs, and detect and remove malware from your devices. Microsoft also allows the installation of third-party security software for users looking for a higher standard of protection.

Apple Mac computers don't include security software by default, so it’s important to install reputable third-party software.

Good security software can help protect your business from phishing attacks, ransomware (which is a type of malicious software designed to block access to a computer system until a sum of money is paid) and other threats.

In selecting security software (such as anti-virus or anti-malware), be sure to first read reviews to assess its reputation. The Australian government also provides guidance around antivirus software if you’d like more information.

Remember, it’s important to update your software regularly to reduce the chance of a cybercriminal using a known weakness or hack your device.

You may also want to turn on automatic updates for your devices and software. If your device or software is too old and updates aren’t available, consider upgrading to a newer product.

Only install software from reputable developers

Cyber criminals are known to embed malicious code into software that appears legitimate as a way to infect their targets with malware, which is designed to disrupt, damage, or gain unauthorised access to a computer system. Often, this software is pirated or available via unauthorised or unofficial sources.

The safest way to avoid downloading malicious code is to only download software from official stores.

The Microsoft Windows Store is the official online marketplace for purchasing and downloading software for Windows. For Macs and Apple iOS devices, it’s Apple’s App Store. Google Play is the official online marketplaces for Android devices.

Limit administrative access to your computers

Each user account has rights to perform specific functions. In small businesses, it’s often the case that all users are given full online administrative rights by default. That means they can install new programs, change security settings, and choose personalised colour schemes and wallpapers.

Restricting administrative access greatly reduces the number of infections and security breaches. Most users simply don't need administrative access, even if they want it.

Encrypt your hard drives

Disk encryption ensures that if a computer is stolen, the thief is unable to access the data.

The only way disk encrypted-data can be accessed is if the drive is powered on and the thief has the user’s account login details.

Microsoft Windows disk encryption is called Bitlocker. Microsoft provides step-by-step instructions for using Bitlocker on its website.

For an Apple Mac, a program called FileVault is used to protect hard drive content. Apple’s instructions for using FileVault are available from Apple’s support website.

Back-up your data regularly

Regular back-ups can help you recover your information if it’s lost or compromised.

Create and implement a plan to regularly back up your information.
Test your back-ups to ensure you can recover information successfully.

Secure your network

Many small businesses don't have dedicated technology staff to install, configure and update their networks and the job is often left to somebody who mightn't have had formal training.

While networks make it easy to share information within the office and with others, an improperly configured network risks allowing outsiders to disrupt your business activities or steal data.

Here are six essential steps for protecting your business network.

Change the defaults

An important first step when setting up a network is to change the default password for your router. A router’s default password is usually published on the manufacturer’s website, making it easily discoverable by would-be attackers. Choose a new, strong and unique password that is as long as possible, difficult for others to guess, and isn't re-used for any other service your business uses.

It’s also wise to disable ’remote configuration' of your router. Disabling this feature ensures your router can only be managed from a computer within your network rather than from a person logging in from the internet.
Hide your network

Your office network has a name, known as an SSID. These are the network names you typically see when you’re travelling, or are in a public place, and looking for a Wi-Fi network to connect to.

Limit the ability for unauthorised users to find or access your network by disabling the SSID broadcast.

You’ll find the 'disable the SSID broadcast' option in your router’s settings.
Protect your data

To prevent unauthorised access to your networked files, wireless communications between the computers in your network should be encrypted. Encryption scrambles your data so only the devices that are authorised to use the network can read it.

Setting up encryption on your network is usually done through the 'Wireless Security' settings on your router. It typically involves selecting the type of encryption for your network, and creating a network password or key.

WPA2 is currently the most secure type of encryption for small business and home routers, provided it’s combined with a strong password. Users are asked for a password when connecting to the network for the first time, but won't be asked on future occasions.

Less secure encryption options such as WEP should only be used on older routers where WPA2 (or WPA) is unavailable.

It’s a good idea to regularly change your network password. Doing so will prevent staff members that have left the business from having ongoing access to the network.
Create a guest mode for visitors

When guests pop into the office, it’s common to offer them network access so they can use the internet.

Look for options on your router that offer visitors access without granting access to other network resources such as servers or printers. Most routers call this 'Guest Access'.

Routers can usually create a separate network that gives connected devices access to the public internet but nothing else. You’ll find these options within your router’s wireless security settings.
Turn off features you don't use

Most routers come with a range of features. Services like FTP, UPnP and WebDAV are useful for specific applications. But if you don't need these services, don't turn them on.

Each enabled service is a potential opportunity for unauthorised users. It’s what security experts call the ’threat surface’ and the best approach to data defence is to make that surface as small as possible.
Keep an inventory of approved network devices

It’s good practice to maintain an inventory of approved devices and update this list any time a device is added or removed from the network. Regularly comparing your network against this list and removing access to devices that are unknown or not approved will improve the security of your business.

Cloud security

A cloud service can offer small businesses improved productivity, flexibility and reduced costs by delivering data storage services or applications such as accounting packages over the internet. While using these services can create new opportunities for your business, cloud services also introduce some security and privacy risks. Some of the factors to consider when choosing cloud providers is location, their security measures, scalability and flexibility, service level agreements and cost structures.

For more information, check out the Australian Cyber Security Centre’s Small Business Cyber Security Guide. If your clients are looking for tips relevant to them, point them to our Staying safe online hub for tips and resources.

Unleash in ways you never thought possible

Get in touch

Get in touch with us online or call us
8:30am to 6pm AEST Monday to Friday.

Find a financial adviser

Use our tool to find professional financial advice,

local to you.

Search now

Download mobile app

Track your balance and see your  

transactions history from anywhere.

Download app

Avanteos Investments Limited ABN 20 096 259 979, AFSL 245531 (AIL) is the trustee of the Colonial First State FirstChoice Superannuation Trust ABN 26 458 298 557 and issuer of FirstChoice range of super and pension products. Colonial First State Investments Limited ABN 98 002 348 352, AFSL 232468 (CFSIL) is the responsible entity and issuer of products made available under FirstChoice Investments and FirstChoice Wholesale Investments.

Information on this webpage is provided by AIL and CFSIL. It may include general advice but does not consider your individual objectives, financial situation, needs or tax circumstances. You can find the target market determinations (TMD) for our financial products at https://www.cfs.com.au/tmd which include a description of who a financial product might suit. You should read the relevant Product Disclosure Statement (PDS) and Financial Services Guide (FSG) carefully, assess whether the information is appropriate for you, and consider talking to a financial adviser before making an investment decision. You can get the PDS and FSG at www.cfs.com.au or by calling us on 13 13 36.

Staying safe online