Understanding Superannuation Scams in Australia


Superannuation is your retirement nest egg, and with over $3.5 trillion under management across Australia, it’s an attractive target for scammers. In recent months, some of the country’s largest funds—including REST and AustralianSuper—have been caught up in coordinated cyber-fraud campaigns. Understanding what happened, and how to protect yourself, is crucial for every member, regardless of technical know-how.

Recent Incidents: REST and AustralianSuper Targeted

In early April 2025, a sophisticated credential-stuffing attack affected multiple major super funds, including REST, AustralianSuper, Hostplus, Australian Retirement Trust and Insignia. Cyber-criminals used passwords and personal information stolen from other breaches to gain unauthorised access to member accounts. While most attempts were repelled, around 600 accounts saw suspicious activity, with at least A$500,000 siphoned off from just four confirmed victims.

One high-profile case involved a 74-year-old pensioner who lost A$406,000 from her AustralianSuper account. She first noticed unauthorised withdrawals via postal notifications on 28 March 2025, but funds were only frozen—and reimbursement confirmed—after 18 days and extensive media coverage. This delay highlighted gaps in incident response and communication protocols at one of Australia’s largest super funds.

How the Scams Worked

  • Credential Stuffing: Fraudsters automate login attempts using username/password pairs leaked from unrelated breaches.
  • Lack of Multifactor Authentication (MFA): Many affected members had not enabled MFA, making it easier for attackers to compromise accounts.
  • Delayed Detection: Funds detected irregular transactions via manual reconciliation rather than real-time monitoring, allowing criminals to move money quickly.

Practical Advice for Non-Technical Members

  • Enable Multifactor Authentication
    Nearly all major super funds now support MFA. Turn it on—using SMS codes, authenticator apps or hardware tokens—to add a vital second lock on your account.
  • Use Strong, Unique Passwords
    Avoid re-using passwords across sites. Consider a password manager to generate and store complex passwords so you don’t have to memorise them.
  • Monitor Your Account Regularly
    Log in monthly—or after receiving any notification—to check for unfamiliar transactions. Early detection is key to stopping fraud before losses mount.
  • Beware of Phishing
    Scammers may send emails or texts impersonating your fund, asking you to “verify your account” via a malicious link. Always access your super account by typing the official website into your browser rather than clicking unsolicited links.
  • Keep Your Devices Secure
    Run up-to-date antivirus software, apply operating system updates promptly, and avoid using public Wi-Fi for sensitive transactions.
  • Report Suspicious Activity Immediately
    If you notice anything odd—unexpected password-reset emails, unexplained withdrawals—contact your super fund’s fraud team right away. Most funds have dedicated 24/7 hotlines for these incidents.

Key Learnings

  • Funds Must Accelerate Security Upgrades: The industry is under pressure from regulators (APRA, ASIC) to mandate MFA and real-time fraud monitoring across all super funds.
  • Member Vigilance Matters: Technology can only do so much; your personal security practices are the final defence line.
  • Communication Transparency: Funds are reviewing incident response procedures to minimise delays in detection, account freezes, and member reimbursements.

By staying informed and adopting these simple precautions, you can significantly reduce your risk of falling victim to superannuation scams. Your retirement savings deserve the highest level of protection—both from your fund and from your own good cyber-hygiene practices.

Comments

Post a Comment

Popular posts from this blog

Justice Served: The Arrest of Ferruccio Borsone for Alleged $1.3 Million Fraud

Image
In a significant development that underscores the unwavering commitment of law enforcement to uphold justice, NSW Police have arrested 68-year-old Ferruccio Borsone of Five Dock for allegedly defrauding acquaintances of approximately $1.3 million over an eight-year period. This arrest brings to light a complex web of deception that exploited the goodwill of individuals aiming to support a grieving father. The Alleged Scheme The allegations trace back to a tragic incident in 2003 when Borsone's three-year-old son died in an accident at Burwood shopping centre. Subsequently, Borsone initiated a lawsuit against the centre, purportedly seeking justice for his son's untimely death. To fund this legal battle, he solicited financial assistance from friends and acquaintances, who contributed under the belief that they were aiding a father in his pursuit of justice. In 2007, the lawsuit was settled, resulting in a $400,000 payout to Borsone. However, it is alleged that instead of reimb...
Read more

A Cautionary Tale: Understanding Advanced Fee Scams – The Case of Mr Borsone

Image
Local Community Member Under Investigation for Alleged Financial Misconduct Five Dock, NSW – Authorities have launched an investigation into allegations of fraudulent activity involving a local resident, Mr Borsone. Over several decades, Borsone is alleged to have borrowed significant sums of money from members of the community, promising repayment from a purported legal settlement or court case payout. This investigation marks a turning point for a matter that has remained largely under the radar for years. While no charges have been laid at this time, law enforcement has confirmed they are looking into claims that Borsone’s actions may constitute what is commonly referred to as an “advanced fee scam.” This is a photo of Ferruccio Busoni, the composer & pianist who died in 1924 and not Mr Borsone: The Allegations in Question According to individuals familiar with the matter, Borsone is alleged to have approached various community members with requests for financial loans. The fun...
Read more

New Subreddit Launch: r/frank_borsone – A Community for Scam Victims

Image
The internet can be a dangerous place, and unfortunately, scammers continue to exploit trust for personal gain. If you've been scammed by Frank Borsone or have information that could help others avoid falling victim, we’ve created a dedicated space for you: r/frank_borsone . Why This Subreddit Exists Scammers thrive on deception, misinformation, and the isolation of their victims. By sharing information, we can help prevent others from falling into the same traps and, where possible, work together to seek justice. r/frank_borsone is a place where: Victims can share their experiences. People can post warnings and red flags. Discussions about potential legal actions or recovery options can take place. Resources and advice can be shared on how to protect yourself from similar scams. Have You Been Scammed? Here’s What to Do Join the Subreddit – Click here to become a part of the community. Share Your Story – Detail your experience so others can learn from it. Report...
Read more