Help icon

Need help? If you have any concerns about the security of your account, please contact us.

What's identity theft?

Identity theft is when someone uses your personal information to steal your money or get other benefits. For example, they might try to get into your super account to withdraw your super or change your details.

We have cyber security in place to prevent this. But you can help protect your accounts, too. 

7 ways to keep your data safe

We’ll never contact you for the login details for your super account. And we'll only ever ask for the personal details of your account by email if you've emailed us first, and we need more information to verify your identity.

You should never share your super account or myGov login details with anyone.

  • Never reply to, or click on, a link in an email that looks suspicious.
  • If you get any suspicious emails, phone calls, or text messages about your QSuper account, please call us.
  • If you've clicked on a suspicious link or given your details somewhere you shouldn't have, please call us.

Make it harder for scammers

  • Delete emails that contain your personal details from your 'sent' and 'deleted' folders.
  • Get rid of unwanted documents securely.
  • Check your browser settings (such as Internet Explorer, Chrome, Safari) and enable fraudulent website warnings.
  • Check ACCC Scamwatch for updates when there's a higher chance of seeing scams, like during the holiday season, or a natural disaster or pandemic.

Find out more about common online scams, and what to do if you think you've been scammed, at the Australian Cyber Security Centre.

Checking your super balance and personal details regularly can help you keep track of your super. And you’ll be more likely to notice unusual activity on your account.

It's easy to do this in our mobile app or Member Online.

Use a Member Online password that’s easy to remember, but hard for others to guess. Don't base it on personal information. It should be at least 8 characters long, a mix of numbers and letters, and, for added strength, contain a special character (like a punctuation mark or symbol).

  • Don’t use the same password for everything.
  • Change your password regularly.
  • Don’t keep it anywhere or share it with anyone - including your family, accountant, or financial adviser.
  • Use a dedicated password manager with a good reputation to securely store passwords.
  • If you need to reset your password, you can change it quickly online or call us on 1300 360 750.

You can also contact us to turn on extra security checks on your account.

To protect yourself on other websites, you can often choose 2-factor authentication or 2-step verification for emails, online storage, and social media.

Make sure your financial adviser's authority to access information about your QSuper account is up-to-date.

This will end if you've set an expiry date. But it's also worth cancelling any access when you stop working with an adviser or firm.

Check your social media account settings regularly to make sure you're not sharing any data (including photos) in public. Always think about what a hacker might find out from a public post.

Never give out your full name, date of birth, or address unless you legally have to. Some organisations want it – such as Facebook or Spotify – but don’t need it.

It’s important to keep your smartphone, tablet, computer, software, and apps updated to protect your personal details from hackers.

  • Set your devices to automatically update against the latest security threats. Or set a regular reminder in your phone to check for updates.
  • Microsoft isn’t issuing any more security updates for Windows XP. So if you still use XP, think about upgrading. Install security and antivirus apps for your mobile phone and other devices.
  • Use up-to-date antivirus software, spam filters, and security software for your computer. This protects against viruses and other malicious software.

To keep your home network secure, use wireless network security (WPA2 with a long password) and a personal firewall.

Avoid using public wi-fi. And be careful if you have to use public internet facilities (like internet cafes or libraries). They may have hacking viruses or software designed to get your username and passwords.

If you use public internet services:

  • Make sure the website address (URL) starts with https://
  • Check the web security certificate is valid (you can usually do this by clicking on the padlock near the website address).
  • Lock your computer if you have to leave it briefly.
  • Never leave your personal information where others can see it in a public place.
  • Remember to always log off – your personal information is valuable to fraudsters who commit identity theft.

You can also use a VPN (virtual private network) to create a secure network when using a public internet connection.

Alert icon
How to spot a scam

Here are some common tricks that scammers use.

  • Try to gain your trust by claiming to be from a well-known business or impersonating someone you know.
  • Suggest verification steps like going to websites they have created or calling numbers they give you.
  • Know how to appeal to your emotions to get what they want.
  • Create a sense of urgency to get you to make decisions without thinking.

Test your skills at spotting scams on Scamwatch.

What to do if you've been scammed

If you think you've been scammed and your QSuper account is at risk, follow these 3 steps.

Contact us

We'll check your account's security and help you with next steps.

Change your password

Lock your scammer out, particularly if you're reusing a password.

Report the scam

Help fight crime and warn others. And get the support you need.

How we're protecting your super

We have cyber security measures to keep your super account safe. It's our priority.

Here's what you can expect from us.

  • Automatic checks of your password's strength and security for Member Online and our app.
  • All messages you get from Member Online are encrypted.
  • If you want to reset your password, we use multi-factor authentication via SMS or email to make sure it's really you.

We also:

  • Protect your privacy when we collect data from you.
  • Do independent security audits, check your accounts, and keep track of your high-risk transactions
  • Let you know if we suspect fraud and investigate it for you.

And we make sure we have the right systems and processes in place. To do this, we work with governing bodies such as ASIC (Australian Securities and Investments Commission) and APRA (Australian Prudential Regulation Authority).

alt-text

Add extra security to your account

We've launched multi-factor authentication (MFA) in Member Online. Once you've set it up, you'll need to enter a code every time you log in.