It can be very hard to spot a scam but some of the warning signs to watch out for are urgent requests, suspicious links, emotional stories, or deals that seem too good to be true. Here’s what to do if you receive a suspicious message or request:
Take some time to think about whether the request is genuine. Real companies or government departments won’t pressure you to make a payment.
Search the person or company online and look for any reviews or experiences others may have had. Call them using a number from their official website to confirm.
If something feels wrong, act fast. Contact your bank, change passwords, and report to ScamWatch. Always access your account via official CFS channels.
If you think you’ve been targeted by scammers:
We use strong security measures, strict policies, and regular reviews to protect your account and personal information from misuse, loss, or unauthorised access. Our approach ensures your data stays safe and up to date with cybersecurity best practices.
Colonial First State uses MFA to help prevent unauthorised access. You’ll be asked to verify your identity with a one-time PIN sent to your registered mobile or email.
We monitor your accounts for suspicious activity, especially following recent scam reports targeting super funds. If you're concerned, change your passwords.
Only authorised staff can access our systems. Data is protected by firewalls, intrusion detection, and virus scanners. Physical records are stored securely or safely destroyed.
We’re aware that scams and fraud attempts continue to target our members, and we’re committed to keeping you informed so you can stay protected.
Check out scam tips, news and alerts through the Australian Government’s Scamwatch website.
You can also subscribe to Scamwatch email alerts to keep up to date with the latest scams.
Scams can be hard to spot, but there are some warning signs to look out for:
Scammers often promise big savings or easy money. They’ll push you to act fast, so you don’t “miss out.” If it feels like an unbelievable deal, it probably is.
Scammers prey on your kindness. They’ll share emotional stories to convince you to send money. If you can’t verify the story independently, don’t send more than you’re willing to lose.
Be cautious with unexpected links or files. Scammers use them to steal your personal info or money. If you’re unsure, go directly to the website or app instead of clicking.
Scammers rely on urgency. Whether it’s a “limited-time offer” or a threat that something bad will happen, they want you to act before you think. Take a moment to pause and assess.
If someone asks for payment via gift cards, preloaded debit cards, or cryptocurrency, it’s a major red flag. These methods are hard to trace, and impossible to recover.
If you're asked to create a new bank account or PayID to send or receive money, stop and check who you're dealing with. This could be a scam, or even money laundering. Your bank will never ask you to do this to “keep your money safe.”
For more information visit ScamWatch
There will always be scammers out there, but just as you might lock your front door when leaving the house, here are some simple steps you can take to help keep them away from your savings and investments.
1. Update your passwords regularly
Ensure that the passwords for your MyGov, bank, and your email accounts are strong and unique, and change them every three months at least.
2. Enable Multi Factor Authentication (MFA)
MFA strengthens security by requiring you to verify your identity through multiple methods, which may include something you know (like a password), something you have (like a phone or hardware token) and something you are (like a fingerprint or facial recognition). This makes it much harder for scammers to gain access to your money. You’re protected by MFA when you use the CFS mobile app and FirstNet.
3. Install the latest software update
Install the latest software updates to ensure your computer and devices are protected against security vulnerabilities and run smoothly with the newest features and improvements.
4. Keep your passwords and devices secure
Keep your devices, PIN, and passwords secure by memorising your codes and deleting any records of them. Never share your passwords or PINs, even with friends, family or someone claiming to be from your bank or financial institution, and avoid using easily guessed information such as birthdays, names, your phone number, numbers that form a pattern, or your pet's name. Consider using a password manager to securely store and generate strong, unique passwords for each account.
5. Install Internet security apps
Protect your mobile and computer with Internet security apps, such as anti-malware and anti-virus software, which can detect and block malicious activities.
6. Guard against physical access
Shred any personal documents you no longer need and secure your mailbox with a lock to stop identity thieves from accessing sensitive information in discarded documents or stolen mail.
7. Sign up to a credit bureau
Monitoring your credit profile can help you spot signs of identity theft early. Consider placing a freeze or proactive alert on your profile to prevent fraudsters from opening accounts in your name.
8. Avoid clicking on links
Always manually enter business websites and phone numbers from their official websites to reduce your risk of falling victim to phishing scams.
9. Pause before you act
Take a moment to verify the legitimacy of any urgent requests. Use the ASIC scam register or Scamwatch to check if you could be the target of a known scam. Scammers often use urgency to pressure people into making hasty decisions.
10. Don’t offer easy access
Public Wi-Fi networks are often insecure, so don’t use them for sensitive transactions and always log out of browser windows on your devices when you are finished.
If at any time you think you may have been targeted by scammers or the subject of fraud, please contact us on 13 13 36 and change your passwords.
The easiest way for someone to access your personal information is by guessing or stealing your passwords. To help stay safe online, follow these password tips.
The longer the password is, the better, as it becomes harder to guess.
Use a mix of upper and lowercase letters, numbers and special characters like: !, & and *. Avoid using personal information like your date of birth or pet’s name.
Use different passwords for different websites and online services.
1. Whenever you can, use a passphrase instead of a password. Passphrases are generally four or more random words of at least 14 characters in total with numbers and special characters (for example, RedHouseSkyTrain88*). The aim is to create something unpredictable using unrelated words, which is easy for you to remember and hard for someone else to guess.
2. Don't write your passwords down or store them on your computer. If you must record it somewhere, make sure it’s disguised. You may want to use a reputable password manager if you have trouble memorising complex passwords and passphrases.
3. Enable multi-factor authentication wherever you can for an added layer of security to prove your identity.
4. Never share your password with anyone, even family members.
Learn more about setting secure passwords and passphrases by visiting the Australian Cyber Security Centre.
Email is a fast and convenient way to receive communications, but it’s also a common way for cybercriminals to target people with scams, phishing (which is when scammers trick you into giving out personal information) or malicious software (malware).
Take a moment to think about whether an SMS, email or attachment seems genuine before you open it. Here are some other things you should know about.
Your bank will never send you an email asking for your online banking details. Most Australian banks have announced that they will not send a link in a text message.
Cybercriminals often use a company’s name and logo. Contact the company by phone if you suspect the email is a scam.
Phishing emails may contain bad spelling and grammar or come from a peculiar email address. Sometimes a giveaway may also be an unusual link that may be included within the email or which you might notice when hovering over any hyperlinked terms.
Don't open an attachment if you can't verify who sent it to you.
Your anti-virus software mightn’t always be able to scan an attachment for viruses or spyware.
Only open links if you recognise and trust the web address it will take you to.
1. Make sure your firewall and security software are running the latest updates.
2. Check if spam filtering is activated on your email account.
3. Consider setting up a separate email address for mailing lists, online shopping and marketing emails.
4. Turn off the 'automatic download' function in your email settings to ensure malicious attachments aren't infiltrating your computer without your knowledge.
For more insights, check out Scamwatch’s info page on email scams.
Whether you’re shopping, catching up with the news, or connecting with friends online, it’s important to take precautions to protect your personal information. Here are some things to consider.
Check that the website has correct spelling, grammar and consistent design.
Look for a green padlock icon and https (rather than http) in the web address bar before transacting.
Look online for feedback from other users about the service to verify that it’s credible.
Use 'two-step verification' where you provide another form of ID as well as your password or PIN.
Don't log on to online banking or other websites and apps that contain your personal information if you’re connected to public Wi-Fi (for example, at a shopping centre).
Always log out of secure sites when you've finished using them, and close the browser window.
Understand more about how your actions can be tracked online.
If you're an adviser working with Colonial First State, it's important to understand the basic steps to safeguard your business against common cyber threats. Here’s what you need to know:
1. Use security software
Install reputable antivirus and anti-malware software to protect your devices.
In selecting security software such as anti-virus or anti-malware, be sure to first read reviews to assess its reputation. Keep software updated and enable automatic updates to patch vulnerabilities.
2. Install software from trusted sources
Only download software from official stores (e.g., Microsoft Store, Apple App Store, Google Play). Avoid pirated or unofficial sources to reduce the risk of malware.
3. Limit administrative access to your computers
Restrict administrative rights to essential users only. This reduces the risk of accidental or malicious changes to system settings.
4. Encrypt your hard drives
Use disk encryption (Bitlocker for Windows, FileVault for Mac) to protect data if a device is lost or stolen.
5. Back-up your data regularly
Regular back-ups can help you recover your information if it’s lost or compromised.
6. Secure your network
For more information, check out the Australian Cyber Security Centre’s Small Business Cyber Security Guide. If your clients are looking for tips relevant to them, point them to our Staying safe online hub for tips and resources.
Get in touch with us online or call us 8:30am to 6pm AEST Monday to Friday.
Our dedicated team can help you choose from a range of different financial advice options.
Track your balance and see your transactions history from anywhere.
Avanteos Investments Limited ABN 20 096 259 979, AFSL 245531 (AIL) is the trustee of the Colonial First State FirstChoice Superannuation Trust ABN 26 458 298 557 and issuer of FirstChoice range of super and pension products. Colonial First State Investments Limited ABN 98 002 348 352, AFSL 232468 (CFSIL) is the responsible entity and issuer of products made available under FirstChoice Investments and FirstChoice Wholesale Investments.
Information on this webpage is provided by AIL and CFSIL. It may include general advice but does not consider your individual objectives, financial situation, needs or tax circumstances. You can find the target market determinations (TMD) for our financial products at https://www.cfs.com.au/tmd which include a description of who a financial product might suit. You should read the relevant Product Disclosure Statement (PDS) and Financial Services Guide (FSG) carefully, assess whether the information is appropriate for you, and consider talking to a financial adviser before making an investment decision. You can get the PDS and FSG at www.cfs.com.au or by calling us on 13 13 36.