The Australian Federal Police (AFP) are investigating claims up to 150 potential victims have had more than $100,000 stolen after a third-party system with personal details such as tax file numbers was seemingly “intruded” upon.
The theft of approximately $120,000 was identified last week, with the attacked accounts now frozen and the AFP working with the ATO, the Financial Crimes Taskforce and financial intelligence agency AUSTRAC.
AFP commissioner Reece Kershaw said a potentially “sophisticated” scheme involving organised or offshore crime cells posing as “intermediaries” may be responsible, with five search warrants issued.
ATO systems were not hacked or compromised, and people affected are being contacted, according to a statement from the ATO.
Almost $10 billion in superannuation savings has already been requested through the scheme for the 2019/20 financial year. The Australian Government expects around 1.6 to 1.7 million Australians will apply, equating to about $27 billion out of our $3 trillion super industry.
→ Related story: Coronavirus: Can I withdraw my super early to pay off debt?
Australian Prudential Regulation Authority (APRA) data showed for the first week of the scheme alone, ending 26 April, superannuation trustees processed over 160,000 applications, paid members $1.3 billion and received over 650,000 application requests.
APRA anticipates about 5% of requests made through the ATO system will trigger safeguards against fraudulent applications.
Labor’s financial services spokesman, Stephen Jones, has raised concerns of “potential for fraud” in the scheme, including that it could to be a “honey pot” for such attempts.
The incident follows recent major scams, including a “multi-layered cybercrime activity” revealed in September, after a year-long investigation by the AFP and financial regulator ASIC into a major fraud and identity theft syndicate.
Accounts with HESTA, Hostplus, Club Plus Super, AustralianSuper, and LUCRF Super were targeted in the scam, with the syndicate allegedly making off with over $1.5 million and seeking to steal an extra $7 million.
A Melbourne woman was charged with 53 offences, with the AFP’s Manager of Cyber Crime Operations, acting Commander Chris Goldsmid, explaining at the time that the breaches discovered could be traced back to cybercrime offences that impact everyday Australians.
“From identity theft, where innocent victims have their personal details stolen and sold online in dark net marketplaces, to hacking and phishing, this investigation has illustrated the devastating impacts that compromise of your identity can have,” he said.
COVID-19 super scams
The Australian Competition & Consumer Commission’s (ACCC) Scamwatch has revealed over 2,000 coronavirus-related scam reports, with reported losses of over $700,000 so far. This includes superannuation scams, online shopping and personal information scams.
For super scams, the majority are starting with a call claiming to be from a financial or super service, and a variety of excuses might be given to request information, according to Scamwatch.
“For most people, outside of their home, superannuation is their greatest asset and you can’t be too careful about protecting it,” said ACCC Deputy Chair Delia Rickard.
Scamwatch has identified common COVID-19 super scams, with fraudsters using a range of “excuses” including:
- offering to help you access the money in your super
- checking whether your super is eligible for deals or benefits
- ensuring you aren’t locked out under new rules.
With many of us more isolated than usual during COVID-19, and higher uptake of online services, being diligent about protecting yourself and others from internet scams and spam is vital. Ms Rickard stresses “there is no need to involve a third party or pay a fee to get access” under the new scheme.
“Never follow a hyperlink to reach the myGov website. Instead, you should always type the full name of the website into the browser yourself,” she said.
How much super have Australians lost to scammers?
In 2019, Aussies lost over $6 million to super scams, with people aged 45-54 losing the most money, according to the ACCC. Identity theft is a popular method of choice for some scammers targeting Australians’ retirement savings.
When it comes to the scope of the risk, the ACCC warns of serious financial implications if your information falls into the wrong hands. It says identity thieves could use your personal details to transfer your superannuation.
The Australian Criminal Intelligence Commission (ACIC) warns that criminal targeting of superannuation could have a significant impact on both individuals and the wider economy. It says sophisticated and well-resourced international organised crime groups are known to actively target the Australian superannuation sector.
→ Related story: The long-term cost of taking $20,000 out of your super fund
How could you lose your super through a scam?
Here are some of the methods criminals have been known to use in order to scam individuals out of their superannuation:
Many superannuation funds these days make use of either security questions or two-step verification (e.g. sending a text to your phone or emailing you with a code) to make their online log-in process more secure. In some cases, fraudsters may be able to use your personal details to game these measures and access your super.
Additionally, some super funds may still send their members physical correspondence containing details like their member number or other pieces of personal information which could be useful to identity thieves. The ACIC reports that “fraudsters may also steal superannuation-related correspondence from mailboxes”, which means letters your super fund sends to you could be a fraudster’s key to your super.
According to super fund First State Super, scammers may also use a technique known as ‘phishing’ to trick people into providing personal information. It says scammers often do this by sending bogus emails that give the false impression that the email is coming from a legitimate business.
If you receive a text asking you to contact the @ato_gov_au in relation to a change in myGov details or early access to your superannuation, only use phone numbers found on the official website https://t.co/IqBTKoxxGT. If you never made the request call the ATO immediately pic.twitter.com/klCNWQINv8
— Scamwatch_gov_au (@Scamwatch_gov) April 29, 2020
Another kind of super scam cited by the ACIC is investment fraud. This often involves individuals with self-managed super funds being convinced by scammers to invest in non-existent or illegal companies or sectors.
The ACIC specifically points to the example of Trio Capital, which carried out what the Parliamentary Joint Committee on Corporations and Financial Services described as “the largest superannuation fraud in Australian history”, conning Australians out of around $176 million all up. The number of individuals affected was over 6,000, including nearly 700 who had invested either directly or through a self-managed super fund (SMSF).
While the government provided upwards of $55 million to more than 5,000 individuals who had invested through their APRA-regulated super fund, no such compensation was provided to individuals who had invested through their SMSF.
Early release scams
According to the ACIC, this is where fraudsters offer consumers access to retirement savings before their legal release age. The victims’ superannuation funds are typically transferred into a self-managed fund and the fraudster can then either access the entire amount, or take a portion of it as a “fee”.
The ACCC also notes that it’s not uncommon for scammers to first gain the trust of their victim by developing a romantic or other type of relationship with them.
Having built up a level of trust, the scammer convinces individuals to either send them small amounts from their super, or even move the entirety of their super balance into the scammer’s SMSF.
What can I do to secure my superannuation against identity theft?
Here are some ways you could help protect your identity and keep your super safe from scams, compiled using advice from ASIC’s MoneySmart and super funds Nationwide Super and First State Super.
- Don’t follow or click links in suspicious-looking emails – manually type the URL you wish to visit into your address bar instead.
- If you receive correspondence which is supposedly from your super fund but doesn’t look legitimate, call your fund directly to check.
- Make sure your computer has antivirus software installed, and that it’s working and up to date.
- Ensure that all your personal and contact details are up to date through your online super account.
- Secure your letterbox – mail theft is a common way in which scammers gain access to people’s personal details.
- Be careful about how you dispose of old documents that could contain sensitive personal information.
- Don’t give any personal information to someone you don’t know or trust – if someone claims to be from your super fund or bank, check directly with the relevant institution to verify their identity.
- Regularly check your bank and superannuation statements for suspicious or fraudulent activity.
- Make sure to log out of your online banking or super services across all your devices and apps after using them.
- Stay up to date with the latest scam prevention advice from credible and reputable sources, such as government regulators, as cyber crime can evolve and change rapidly.
Superannuation is something many Australians can’t afford to lose, and while there may not be a way to make yourself completely immune to scammers, following these steps could reduce the chances of your super account becoming compromised by identity theft.
What can I do if I think I’ve been scammed?
If you think your super has been targeted or that you have had money taken by a scammer, taking immediate action could help prevent the scam or limit its impact. You should contact your super fund ASAP and ask them to take a look at your account for signs of fraudulent activity. Depending on the situation, ASIC is often the next port of call, as it’s the agency responsible for handling financial and investment scams, including superannuation scams. You can also lodge a complaint with ASIC.
Additionally, you can report certain types of scams, including phishing and fake-billing scams, to the ACCC’s Scamwatch. ASIC’s MoneySmart advises that you may want to consider taking the following steps if you believe a scammer has managed to access some of your super money:
- Freeze any bank accounts linked to the potentially compromised super account
- Stay vigilant against follow-up scams, e.g. someone calling you offering to recover your losses for a fee
And make sure to get support if you need it. Falling victim to a scam can have a serious impact on your mental health and relationships, and both Lifeline and beyondblue may be able to help you. You can call beyondblue’s 24/7 support line on 1300 22 4436, and Lifeline can be contacted via phone 24/7 on 13 11 14.
You can also contact IDCARE, a free Government-supported service which will work with you to develop a specific response plan to your situation and support you through the process.