Keeping your super safe

You may have seen recent news of a series of coordinated cyberattacks affecting the members of several major Australian superannuation funds.  

Please be assured that smartMonday has not currently been impacted by the current cyber attacks.  

We have been monitoring (and are continuing to monitor) the situation carefully and are committed to keeping our members updated and protected.  

Here’s what happened and what you need to do.  

Last week, several major super funds were targeted in coordinated cyberattacks where attackers used passwords previously involved in unrelated data breaches to fraudulently access members’ accounts and make a limited number of withdrawals. When passwords are reused across different logins, they are much easier for hackers to access.  

As a result of these cyberattacks, most super funds are currently seeing a high volume of calls and logins from concerned members.  

smartMonday members have not been impacted by these cyberattacks to date.  

However, the issue highlights the ongoing need to use multi-factor-authentication (MFA) and strong passwords in all your online accounts that handle financial transactions.  

Your account is protected by: 

We use authentication technology to monitor login patterns and flag any unusual activity in our members’ accounts. This advanced technology uses multiple layers of verification, analyses requests to change passwords or bank details, and blocks suspicious login attempts to continuously monitor and protect your account.  

We use mandatory multi-factor-authorisation during login to protect your accounts. When combined with a strong and unique password, this is the best protection against unauthorised logins.  

We strongly encourage you to review your login security and ensure that you:  

To keep your account safe, we use multi-factor authentication (MFA) login, replacing SMS and email authentication. This is in line with Australian Prudential Regulation Authority (APRA) advice and is your best defence against cyberattack.  

There are various third-party apps you can use to set this up, such as Google Authenticator, LastPass Authenticator, Microsoft Authenticator and Authy Authenticator.  

We introduced MFA last year so if you haven’t logged in for a while, please follow these steps to ensure you have maximum protection.  

The accounts affected by these attacks were targeted mainly through credential stuffing - a type of cyberattack where hackers use previously stolen usernames and passwords from unrelated data breaches to attempt to log in to other platforms.  

In other words, the same password has been used for something else. Please ensure you use a unique and strong password that you’ve never used anywhere else.  

There are various third-party apps that can help you store and retrieve strong unique passwords, via biometric protection. You can find advice about this at the Australian Signals Directorate.  

With scammers currently active, please be on the lookout for fraudulent emails or messages. To help you check that communication is genuine, please follow this advice to keep your account safe from phishing emails or texts.  

• Check the sender's email address - Look for misspellings, unusual domains, or anything that seems out of place. 

• Do not click on links in suspicious emails (go directly to the website in your browser or app) 

• We will never ask for your password or pin number via email or unsolicited communication. 

• If you need to contact us, do not use contact details provided in suspicious communications. Always obtain contact information directly from our official website or app 

• Exercise extreme caution with email attachments. Do not open attachments if you have any doubts about their legitimacy. 

• If something seems suspicious, it likely is. When in doubt, contact us via a trusted method. 

If you are concerned about any unusual activity on your account or have any questions, please call us on 1300 614 644 or email enquiry@smartmonday.com.au