What are you looking for?
ClientFirst: 1800 517 124
Helping you keep your super and investments secure online
Your super and investment savings represent years of hard work for a secure future. Unfortunately, they can be a prime target for scammers, causing significant financial loss and emotional distress.
Financial scams are on the rise and becoming more sophisticated, making them harder to detect. The following information will help you recognise common types of super and investment scams, how to identify them, and how to protect yourself and your loved ones.
Click here to learn the best steps to take immediately.
These scams usually involve individuals or companies pretending to be from a super fund or regulatory body seeking your personal information. They may claim they need it to update your super account or verify your identity. Or they could offer to help you access your super before you’re eligible to under law. They may claim that doing this can, for example, help you pay off debts or purchase a house. But accessing your super early can result in significant penalties. In addition, these scams may involve high fees or charges which can eat into your super savings.
We recommend that:
Investment scams can come in various forms, all aimed at tricking you out of your money. Here are some common ones to watch out for:
Fake investment websites
that vanish once you’ve put your money in.
Phony brokers
who lock you out of your account after receiving funds.
The promise of huge returns
and lock you out of your account after receiving your funds.
Romance or friendship scams
that then lead to bogus investment opportunities.
(See Romance section for more.)
If you suspect you’re being targeted:
Impersonation scams mimic authorities like police, government, banks and well-known businesses to gain your trust.
For example, we have seen scammers pretending to be from Insignia Financial (MLC’s parent company) use cold calls to offer high-return investment accounts, or term deposits with “special one-time rates”. They may direct victims to legitimate websites to appear credible. These scams often feature genuine Insignia Financial logos/images to deceive victims, but upon closer inspection reveal discrepancies.
For instance:
Addresses used are not actual Insignia Financial locations.
Website/domain name have variations such as additional symbols like ‘-’ or additional letters. Examples include:
Scammers may email details about these investments. Please note that MLC (and Insignia Financial) employees do not make unsolicited (cold) calls to promote products or business offerings.
Impersonation scams constantly evolve and exploit trusted brands to deceive victims. Visit Scamwatch for more information on impersonation scams.
The cryptocurrency craze has always felt like the Wild West. Now, with its growing popularity, scammers are eager to exploit it. They might pose as investment managers or brokers, promising sky-high returns, but ultimately leave you with nothing.
Here are common crypto scams to watch out for:
Fake recommendations
from compromised social media accounts or unsolicited messages with links to fake crypto sites or apps.
Fake crypto platforms
that appear legitimate but actually divert your funds to scammers.
Initial coin offerings (ICOs)
offering discounted coins to investors which are left worthless once scammers cash out.
Fake job offers
involving setting up bank and crypto accounts to assist in money laundering, putting you at risk of prosecution.
Scammers posing as recovery services
promising to recover lost funds for a fee but failing to deliver results.
If you suspect a crypto scam:
These scams involve criminals stealing your personal information (name, date of birth and Tax File Number). With this data, they can open bank accounts, credit cards and other financial accounts in your name, leaving you with the debt and a damaged credit score.
We recommend that you:
If you suspect that your identity has been stolen, contact your bank or financial institution immediately and report the fraud to the Australian Cyber Security Centre
While Self-Managed Super Funds (SMSFs) are a legitimate way to manage your super, there’s an increasing risk of scams. Scammers may pretend to be financial advisers or SMSF businesses, urging you to:
Appearing trustworthy and patient, they gradually convince you to transfer your super into their control.
They may also offer to help you access your super early, asking for personal details to withdraw funds or set up an SMSF for a fee. However, accessing super before you’re allowed can result in significant fines and taxes.
We recommend that you:
If you suspect an SMSF scam:
Romance scammers often reach out through social media, gaming or dating apps, trying to build a connection by pretending to share your interests. They may then coerce you into financial transactions, such as opening bank accounts, unknowingly getting involved in money laundering or investing in risky schemes like cryptocurrency.
Their tactics typically include:
Rushing the relationship
to make you feel special quickly and lower your guard.
Moving the conversation
off the dating app to a chat app to maintain secrecy.
For example, to WhatsApp.
Avoid meeting in person
and discouraging you from telling friends or family.
Requesting personal information
including coercing you to comply and threats if you resist.
If you suspect a romance scam:
Visit scamwatch.gov.au/types-of-scams/romance-scams for additional resources.
What is Credential Stuffing and how can you protect yourself against it?
Cyber-attacks are evolving and becoming more sophisticated every day. One of the latest attacks allows hackers to access members’ accounts using their stolen passwords, via a method known as Credential Stuffing.
Credential stuffing is a type of cyber-attack whereby cyber criminals collect stolen usernames and passwords available on the dark web from previous data breaches, and then attempt to use those credentials on other websites or services. If an affected user uses the same password across multiple accounts, a successful credential stuffing attack could compromise all of their accounts.
To protect against this type of attack, it is important to follow the cyber security advice as given by the Australian Government with 3 easy steps:
Please refer to the Australian Government’s best cyber practices and protect yourself online at cyber.gov.au
These scams usually involve individuals or companies pretending to be from a super fund or regulatory body seeking your personal information. They may claim they need it to update your super account or verify your identity. Or they could offer to help you access your super before you’re eligible to under law. They may claim that doing this can, for example, help you pay off debts or purchase a house. But accessing your super early can result in significant penalties. In addition, these scams may involve high fees or charges which can eat into your super savings.
We recommend that:
Investment scams can come in various forms, all aimed at tricking you out of your money. Here are some common ones to watch out for:
Fake investment websites
that vanish once you’ve put your money in.
Phony brokers
who lock you out of your account after receiving funds.
The promise of huge returns
and lock you out of your account after receiving your funds.
Romance or friendship scams
that then lead to bogus investment opportunities.
(See Romance section for more.)
If you suspect you’re being targeted:
Impersonation scams mimic authorities like police, government, banks and well-known businesses to gain your trust.
For example, we have seen scammers pretending to be from Insignia Financial (MLC’s parent company) use cold calls to offer high-return investment accounts, or term deposits with “special one-time rates”. They may direct victims to legitimate websites to appear credible. These scams often feature genuine Insignia Financial logos/images to deceive victims, but upon closer inspection reveal discrepancies.
For instance:
Addresses used are not actual Insignia Financial locations.
Website/domain name have variations such as additional symbols like ‘-’ or additional letters. Examples include:
Scammers may email details about these investments. Please note that MLC (and Insignia Financial) employees do not make unsolicited (cold) calls to promote products or business offerings.
Impersonation scams constantly evolve and exploit trusted brands to deceive victims. Visit Scamwatch for more information on impersonation scams.
The cryptocurrency craze has always felt like the Wild West. Now, with its growing popularity, scammers are eager to exploit it. They might pose as investment managers or brokers, promising sky-high returns, but ultimately leave you with nothing.
Here are common crypto scams to watch out for:
Fake recommendations
from compromised social media accounts or unsolicited messages with links to fake crypto sites or apps.
Fake crypto platforms
that appear legitimate but actually divert your funds to scammers.
Initial coin offerings (ICOs)
offering discounted coins to investors which are left worthless once scammers cash out.
Fake job offers
involving setting up bank and crypto accounts to assist in money laundering, putting you at risk of prosecution.
Scammers posing as recovery services
promising to recover lost funds for a fee but failing to deliver results.
If you suspect a crypto scam:
These scams involve criminals stealing your personal information (name, date of birth and Tax File Number). With this data, they can open bank accounts, credit cards and other financial accounts in your name, leaving you with the debt and a damaged credit score.
We recommend that you:
If you suspect that your identity has been stolen, contact your bank or financial institution immediately and report the fraud to the Australian Cyber Security Centre
While Self-Managed Super Funds (SMSFs) are a legitimate way to manage your super, there’s an increasing risk of scams. Scammers may pretend to be financial advisers or SMSF businesses, urging you to:
Appearing trustworthy and patient, they gradually convince you to transfer your super into their control.
They may also offer to help you access your super early, asking for personal details to withdraw funds or set up an SMSF for a fee. However, accessing super before you’re allowed can result in significant fines and taxes.
We recommend that you:
If you suspect an SMSF scam:
Romance scammers often reach out through social media, gaming or dating apps, trying to build a connection by pretending to share your interests. They may then coerce you into financial transactions, such as opening bank accounts, unknowingly getting involved in money laundering or investing in risky schemes like cryptocurrency.
Their tactics typically include:
Rushing the relationship
to make you feel special quickly and lower your guard.
Moving the conversation
off the dating app to a chat app to maintain secrecy.
For example, to WhatsApp.
Avoid meeting in person
and discouraging you from telling friends or family.
Requesting personal information
including coercing you to comply and threats if you resist.
If you suspect a romance scam:
Visit scamwatch.gov.au/types-of-scams/romance-scams for additional resources.
What is Credential Stuffing and how can you protect yourself against it?
Cyber-attacks are evolving and becoming more sophisticated every day. One of the latest attacks allows hackers to access members’ accounts using their stolen passwords, via a method known as Credential Stuffing.
Credential stuffing is a type of cyber-attack whereby cyber criminals collect stolen usernames and passwords available on the dark web from previous data breaches, and then attempt to use those credentials on other websites or services. If an affected user uses the same password across multiple accounts, a successful credential stuffing attack could compromise all of their accounts.
To protect against this type of attack, it is important to follow the cyber security advice as given by the Australian Government with 3 easy steps:
Please refer to the Australian Government’s best cyber practices and protect yourself online at cyber.gov.au
Stop, Reflect, Protect, Report
Given the variety of scams out there, following these four steps can help prevent you falling victim to a scam.
If you receive a suspicious call, email or text, pause and assess. Genuine organisations like Insignia Financial Group who own Expand will never pressure you to ‘act immediately’ or ask you to disclose your password via email or over the phone.
Malware can target you through:
To spot malware, watch out for:
Take a moment to reflect on what you’re being asked to do, and be careful about sharing personal information online. Scammers piece together details from various sources to exploit or create accounts in your name.
Email safety tips:
Be wary of unknown senders
Always stop and think before opening attachments, clicking links or replying to suspicious emails.
Never send personal information via email
Use secure document-sharing software like DocuSign instead.
Avoid using public Wi-Fi
It’s vulnerable to cyber attacks.
Whether it’s personal or work, staying vigilant is crucial. When in doubt, reject contact, delete suspicious messages and avoid opening unknown links.
Key scam prevention tips:
.svg)
Avoid sharing your superannuation information
Never share information about your superannuation with someone who contacts you, even if they seem to be from a trusted organisation. Always verify their identity by calling the organisation directly.
.svg)
Be cautious with hyperlinks
Avoid clicking hyperlinks in messages or emails. MLC will never ask for your password or provide a link to a login page for your account.
.svg)
Thoroughly research investment opportunities
Be wary of high-return, low-risk investment opportunities – if it sounds too good to be true, it probably is.
Check against the ASIC website
If you’re speaking with a financial adviser, verify their registration on the ASIC website. Anyone offering advice about financial products must hold an Australian Financial Services licence from ASIC.
Take your time
Don’t rush into investments without independent legal or financial advice.
If you receive a suspicious email, do not click on any links or attachments or provide any information.
If you have responded to a phishing email, contact us immediately on 1800 517 124 (or +61 3 8614 4967 from outside Australia) between 8am and 6pm AEST/AEDT, Monday to Friday.
You can report suspicious Expand emails by forwarding them to clientfirst@myexpand.com.au.
We investigate every email reported. Where possible, please send the suspicious email as an attachment on a new email.
If you receive a suspicious email not related to Expand, you can report it to the Australian Cyber Security Centre (ACSC).
If you receive a suspicious call, email or text, pause and assess. Genuine organisations like Insignia Financial Group who own Expand will never pressure you to ‘act immediately’ or ask you to disclose your password via email or over the phone.
Malware can target you through:
To spot malware, watch out for:
Take a moment to reflect on what you’re being asked to do, and be careful about sharing personal information online. Scammers piece together details from various sources to exploit or create accounts in your name.
Email safety tips:
Be wary of unknown senders
Always stop and think before opening attachments, clicking links or replying to suspicious emails.
Never send personal information via email
Use secure document-sharing software like DocuSign instead.
Avoid using public Wi-Fi
It’s vulnerable to cyber attacks.
Whether it’s personal or work, staying vigilant is crucial. When in doubt, reject contact, delete suspicious messages and avoid opening unknown links.
Key scam prevention tips:
Avoid sharing your superannuation information
Never share information about your superannuation with someone who contacts you, even if they seem to be from a trusted organisation. Always verify their identity by calling the organisation directly.
Be cautious with hyperlinks
Avoid clicking hyperlinks in messages or emails. MLC will never ask for your password or provide a link to a login page for your account.
Thoroughly research investment opportunities
Be wary of high-return, low-risk investment opportunities – if it sounds too good to be true, it probably is.
Check against the ASIC website
If you’re speaking with a financial adviser, verify their registration on the ASIC website. Anyone offering advice about financial products must hold an Australian Financial Services licence from ASIC.
Take your time
Don’t rush into investments without independent legal or financial advice.
If you receive a suspicious email, do not click on any links or attachments or provide any information.
If you have responded to a phishing email, contact us immediately on 1800 517 124 (or +61 3 8614 4967 from outside Australia) between 8am and 6pm AEST/AEDT, Monday to Friday.
You can report suspicious Expand emails by forwarding them to clientfirst@myexpand.com.au.
We investigate every email reported. Where possible, please send the suspicious email as an attachment on a new email.
If you receive a suspicious email not related to Expand, you can report it to the Australian Cyber Security Centre (ACSC).
Amy, intrigued by a cryptocurrency investment promising high returns using her super, fell victim to a scam that led to the loss of her savings and her involvement in criminal activity.
Her story highlights the dangers of crypto scams. It will help you to recognise and avoid such fraudulent schemes, and the potential consequences, including financial loss and legal repercussions, that victims may face.
Read full storyMore information and resources
Responsible disclosure
Here’s some useful information about how MLC and Insignia Financial protects your online security.
MoneySmart website
Spot the warning signs of financial scams with MoneySmart’s in-depth coverage of different scam types.
Government websites
The Federal Government also has several useful resources with information on how to protect yourself.
EXPERIENCE EXPAND TODAY
Where big tech meets personal support, our team is committed to partnering with advisers to understand your needs and provide valuable support.
