We understand how important your privacy and retirement savings are to you, which is why your online security is really important to us. So we have some suggestions on how you can stay secure online.

Identifying phishing emails

Phishing involves the sending of bogus emails that give the false impression that the email is coming from a legitimate business, such as First State Super. It is an attempt to trick the people into providing personal information.

Report fraud

Contact us
  • They often have bad spelling and grammar or issues with logos and design.
  • Keep an eye out for upsetting or urgent statements demanding you react immediately.
  • They may not address you by name or by a slightly wrong name.
  • They may request financial or personal information.

If it has unfamiliar or unexpected attachments. It is important not to open them as they may contain malicious software.

  • Don't click on links or attachments in emails that you were not expecting.
  • If you’re unsure about an email, contact the company using a phone number from their website (not from the email) before you reply.
  • Don't provide any login details or personal information in response to an email.

Hoax websites

Each and every time you access the internet you are at risk of various threats and hoax websites are becoming increasingly prevalent.

  • Always look for https at the beginning of the URL – the "s" stands for secure.
  • Check for the padlock symbol in your browser’s address bar.
  • Make sure the URL is genuine. Phishers often create fake websites with URLs similar to the real one.
  • Enter site URLs straight into your browser’s address bar. Don’t rely on links in emails as they could be fake.
  • Always access secure sites, such as our member or employer portal, by typing the web address into a new browser window.
  • Ensure that the address bar has the padlock symbol and includes the organisation name in green, for example First State Superannuation Scheme, as this tells you the site has extended validation certificates.
  • When you have finished what you were doing on secure sites, such as our member or employer portals, make sure you log out.
     

Protect yourself and your computer

Reports from the media and the police signal that criminals are deliberately targeting superannuation fund members through illegal early access to super benefits and unauthorised withdrawals from member accounts using identity fraud.
 

  • Install firewall software - You should install or configure a personal firewall on your computer to create a security barrier between your computer and the internet, for example if you are using a Windows operating system, you could enable the Windows Firewall.
  • Install anti-virus software - You should install anti-virus software to protect your computer against malicious software and ensure you keep it updated. You should regularly scan your computer for viruses.
  • Updating your operating system - Computer operating systems are complex and vendors frequently release patches to fix security weaknesses. You should regularly update your computer's software, including your web browsers, from the vendor's website and if possible enable automatic updates.
  1. Check your First State Super account online regularly (like you would for your bank accounts) to ensure that:
    • all the transactions on your account match what you believe should be occurring
    • your address and other personal details are correct.
  2. Update your personal details with us so that we can send you regular updates. Make sure your mobile number and email are up-to-date.
  3. Keep an eye on your letter box and try to keep it secure. Mail theft is a common starting point for identity fraud. 
  4. Take extra care with the security of all your financial documents and protect your identifying information like passwords and PINs.
  5. Be cautious about giving detailed or identifying information about your super accounts to third parties.
  6. Be very wary of offers to release superannuation benefits to you before retirement. These offers could be illegal and you may end up paying heavy tax and legal penalties.
  7. Think about how you throw away old benefit statements and other documents that contain your personal details. Shredding documents may prevent a fraudster or scammer accessing information about you from your rubbish bin.
  8. Don't use a generic work related email address such as 'manager@yourcompany.com.au'.
  9. If something seems odd, report it! If you receive an offer to access your super through an illegal scheme, contact ASIC or the ATO to report your concerns. If you think an unauthorised withdrawal from your account has occurred contact us as soon as possible.
     

We go to great lengths to protect your privacy and funds. Below are some of the ways that we safeguard your information when you are online with us.

Encrypting your data

When you access your account your information is protected by the latest industry standard SSL encryption technology. Simply look for the green padlock and our fund name 'First State Superannuation Scheme' in green when you access our sites.

Additional authentication

For some functions performed online, we may send you an authentication code to your mobile number or email address (this process is called two-factor authentication). Once you get the code, simply enter it into the screen and you can proceed. This extra layer of security is to help ensure that other people can’t login as you.

Please contact us immediately if:

  • you receive an SMS or email security code sent from us and don't know why
  • you receive a request for your account or member number and/or password by email or SMS
  • your access to the secure portal has been suspended.
Session timeouts and lockouts

If you're signed on to one of our sites and haven’t used it for several minutes, your session will time out. To resume your online activity simply re-enter your login details.

We'll automatically disable your online access to our sites if 3 incorrect login attempts are made. This is to stop fraudsters making repeated attempts to get into your account.