Get your free and exclusive 80-page Banking Passkey Report

What measures to protect super accounts from cyberattacks?

Learn the top security measures to protect your superannuation account from cyberattacks and credential stuffing. Expert tips for all Australians.

Vincent Delitz

Vincent

Created: April 4, 2025

Updated: August 13, 2025

protect superannuation account cybersecurity

Blogpost Title Image

Read the full article

Discover why superannuation funds are vulnerable and how regulations, including FSC Standard No. 29, recommend MFA and phishing-resistant authentication.

Read the full article

Read by 5,000+ security leaders.

What security measures should I take to protect my superannuation account from cyberattacks?#

To protect your superannuation account from cyberattacks, use a strong, unique password, enable multi-factor authentication (MFA) and regularly check your account for suspicious activity. Most recent super fund breaches - including AustralianSuper, Rest, and Insignia - used credential stuffing, meaning attackers logged in using passwords leaked in past breaches.

WhitepaperEnterprise Icon

60-page Enterprise Passkey Whitepaper:
Learn how leaders get +80% passkey adoption. Trusted by Rakuten, Klarna & Oracle

Get free Whitepaper

Top security measures#

  • Use a unique password that’s long, random, and never reused across services.
  • Enable multi-factor authentication (MFA) if your super fund supports it.
  • Review account activity and update details regularly.
  • Avoid clicking on links in emails or SMS claiming to be from your fund.
  • Use a password manager to store and generate secure logins.

These small habits can prevent massive financial loss—especially since super accounts often go unchecked for long periods.

  • Protect your super account by using strong, unique passwords and enabling MFA.
  • Review your login history and account details regularly for unauthorized changes.
  • Avoid phishing by accessing your super fund only through official websites.
  • Use a password manager to prevent password reuse across services.

Why Super Accounts Are High-Value Targets#

Superannuation accounts are attractive to cybercriminals because:

  • They contain large balances, especially for retirees.
  • Users don’t log in frequently, giving hackers time to act unnoticed.
  • Super funds often allow bank detail changes and withdrawals online, making them vulnerable without MFA.

How Hackers Access Accounts#

In the April 2025 attack, criminals didn’t hack the systems of AustralianSuper or Rest - they simply logged in using stolen passwords from previous data breaches. This method is known as credential stuffing.

They then attempted to:

  • Change email and mobile numbers
  • Update bank account details
  • Initiate withdrawals (particularly for users aged 60+)

1. Use a Password Manager#

These tools help you:

  • Generate unique passwords for each account
  • Store them securely
  • Avoid password reuse (a major risk factor)

2. Enable Multi-Factor Authentication (MFA)#

MFA is one of the most effective ways to block unauthorized access—even if your password is stolen. Many super funds now offer:

  • SMS codes
  • Authenticator apps
  • Passkeys or biometric options (rare but increasing)

If your fund doesn’t offer MFA, consider contacting them or even switching funds.

3. Stay Alert for Phishing#

Cybercriminals may follow up on breaches with phishing messages. Don’t:

  • Click suspicious links
  • Enter credentials on unknown sites
  • Call numbers from emails or texts

Instead, always visit your super fund’s site directly or use official app stores.

4. Monitor Account Regularly#

  • Log in at least once a month
  • Check for contact or bank detail changes
  • Review transaction history for unauthorized actions

5. Report Issues Promptly#

If you suspect a breach:

  • Contact your fund immediately
  • Report it to Scamwatch, IDCARE, or AFCA
  • Consider a temporary account lock

Read the full article#

Blogpost Title Image

Read the full article

Discover why superannuation funds are vulnerable and how regulations, including FSC Standard No. 29, recommend MFA and phishing-resistant authentication.

Read the full article

Read by 5,000+ security leaders.

Learn more about our enterprise-grade passkey solution.

Learn more

Share this article


LinkedInTwitterFacebook

Related FAQs

Related Terms