Staying safe online

Scams can be hard to spot, but there are some warning signs to look out for: 

It sounds too good to be true

Scammers often promise big savings or easy money. They’ll push you to act fast, so you don’t “miss out.” If it feels like an unbelievable deal, it probably is. 

A stranger needs your help and your money

Scammers prey on your kindness. They’ll share emotional stories to convince you to send money. If you can’t verify the story independently, don’t send more than you’re willing to lose.

There’s a link or attachment in the message

Be cautious with unexpected links or files. Scammers use them to steal your personal info or money. If you’re unsure, go directly to the website or app instead of clicking.

You’re being rushed

Scammers rely on urgency. Whether it’s a “limited-time offer” or a threat that something bad will happen, they want you to act before you think. Take a moment to pause and assess.

They want you to pay in unusual ways

If someone asks for payment via gift cards, preloaded debit cards, or cryptocurrency, it’s a major red flag. These methods are hard to trace, and impossible to recover.

They ask you to open new accounts or set up a PayID

If you're asked to create a new bank account or PayID to send or receive money, stop and check who you're dealing with. This could be a scam, or even money laundering. Your bank will never ask you to do this to “keep your money safe.”

For more information visit ScamWatch 

There will always be scammers out there, but just as you might lock your front door when leaving the house, here are some simple steps you can take to help  keep them away from your savings and investments. 


1. Update your passwords regularly
Ensure that the passwords for your MyGov, bank, and your email accounts are strong and unique, and change them every three months at least.  

2. Enable Multi Factor Authentication (MFA)
MFA strengthens security by requiring you to verify your identity through multiple methods, which may include something you know (like a password), something you have (like a phone or hardware token) and something you are (like a fingerprint or facial recognition). This makes it much harder for scammers to gain access to your money. You’re protected by MFA when you use the CFS mobile app and FirstNet. 
 


3. Install the latest software update
Install the latest software updates to ensure your computer and devices are protected against security vulnerabilities and run smoothly with the newest features and improvements.

4. Keep your passwords and devices secure
Keep your devices, PIN, and passwords secure by memorising your codes and deleting any records of them. Never share your passwords or PINs, even with friends, family or someone claiming to be from your bank or financial institution, and avoid using easily guessed information such as birthdays, names, your phone number, numbers that form a pattern, or your pet's name. Consider using a password manager to securely store and generate strong, unique passwords for each account.

5. Install Internet security apps
Protect your mobile and computer with Internet security apps, such as anti-malware and anti-virus software, which can detect and block malicious activities.

6. Guard against physical access
Shred any personal documents you no longer need and secure your mailbox with a lock to stop identity thieves from accessing sensitive information in discarded documents or stolen mail.

7. Sign up to a credit bureau
Monitoring your credit profile can help you spot signs of identity theft early. Consider placing a freeze or proactive alert on your profile to prevent fraudsters from opening accounts in your name.

8. Avoid clicking on links
Always manually enter business websites and phone numbers from their official websites to reduce your risk of falling victim to phishing scams. 
 

9. Pause before you act
Take a moment to verify the legitimacy of any urgent requests. Use the ASIC scam register or Scamwatch to check if you could be the target of a known scam. Scammers often use urgency to pressure people into making hasty decisions. 
 

10. Don’t offer easy access
Public Wi-Fi networks are often insecure, so don’t use them for sensitive transactions and always log out of browser windows on your devices when you are finished.



If at any time you think you may have been targeted by scammers or the subject of fraud, please contact us on 13 13 36 and change your passwords. 

The easiest way for someone to access your personal information is by guessing or stealing your passwords. To help stay safe online, follow these password tips. 

Length

The longer the password is, the better, as it becomes harder to guess. 

Complex 

Use a mix of upper and lowercase letters, numbers and special characters like: !, & and *. Avoid using personal information like your date of birth or pet’s name. 

Unique

Use different passwords for different websites and online services.

Password checklist

1. Whenever you can, use a passphrase instead of a password. Passphrases are generally four or more random words of at least 14 characters in total with numbers and special characters (for example, RedHouseSkyTrain88*). The aim is to create something unpredictable using unrelated words, which is easy for you to remember and hard for someone else to guess.

2. Don't write your passwords down or store them on your computer. If you must record it somewhere, make sure it’s disguised. You may want to use a reputable password manager if you have trouble memorising complex passwords and passphrases.

3. Enable multi-factor authentication wherever you can for an added layer of security to prove your identity. 

4. Never share your password with anyone, even family members.

Learn more about setting secure passwords and passphrases by visiting the Australian Cyber Security Centre. 

Email is a fast and convenient way to receive communications, but it’s also a common way for cybercriminals to target people with scams, phishing (which is when scammers trick you into giving out personal information) or malicious software (malware).  

Take a moment to think about whether an SMS, email or attachment seems genuine before you open it. Here are some other things you should know about.

Bank details

Your bank will never send you an email asking for your online banking details. Most Australian banks have announced that they will not send a link in a text message.

Looks can be deceiving

Cybercriminals often use a company’s name and logo. Contact the company by phone if you suspect the email is a scam.

Check the details

Phishing emails may contain bad spelling and grammar or come from a peculiar email address. Sometimes a giveaway may also be an unusual link that may be included within the email or which you might notice when hovering over any hyperlinked terms.

Verification

Don't open an attachment if you can't verify who sent it to you.

Follow your instincts

Your anti-virus software mightn’t always be able to scan an attachment for viruses or spyware.

Trust

Only open links if you recognise and trust the web address it will take you to.

Email security checklist

1. Make sure your firewall and security software are running the latest updates.

2. Check if spam filtering is activated on your email account.

3. Consider setting up a separate email address for mailing lists, online shopping and marketing emails.

4. Turn off the 'automatic download' function in your email settings to ensure malicious attachments aren't infiltrating your computer without your knowledge.

For more insights, check out Scamwatch’s info page on email scams. 

Whether you’re shopping, catching up with the news, or connecting with friends online, it’s important to take precautions to protect your personal information. Here are some things to consider. 

Look carefully 

Check that the website has correct spelling, grammar and consistent design. 

Secure web addresses 

Look for a green padlock icon and https (rather than http) in the web address bar before transacting.  

Credibility 

Look online for feedback from other users about the service to verify that it’s credible. 

Extra security 

Use 'two-step verification' where you provide another form of ID as well as your password or PIN. 

Secure Wi-Fi 

Don't log on to online banking or other websites and apps that contain your personal information if you’re connected to public Wi-Fi (for example, at a shopping centre). 

Close your browser 

Always log out of secure sites when you've finished using them, and close the browser window. 

Secure web browsing checklist

• Use anti-virus software and regularly update it.
• Make sure you’re across the privacy and security settings in your web browser. 
• Avoid saving passwords in your browser and logout of accounts when you’re finished.
• Manage your cookies (these are files that gather details about you when you visit a website). To turn these off, go to settings or tools, or set up your browser to do it automatically.  
• Clear your browsing history. While it makes it easy to return to websites you’ve visited previously, it also makes it easier for other people to see your history too.
• If you notice suspicious activity on your accounts, contact your financial providers straight away and make sure they have your correct details on file so they can contact you too.

Understand more about how your actions can be tracked online. 

If you're an adviser working with Colonial First State, it's important to understand the basic steps to safeguard your business against common cyber threats. Here’s what you need to know: 

1. Use security software  

Install reputable antivirus and anti-malware software to protect your devices. 

• Microsoft Windows: Modern versions include free Windows Security to scan for suspicious files and programs. Microsoft also allows the installation of third-party security software for users looking for a higher standard of protection. 
• Mac: Apple Mac computers don't include security software by default, so it’s important to install reputable third-party software. 

In selecting security software such as anti-virus or anti-malware, be sure to first read reviews to assess its reputation.  Keep software updated and enable automatic updates to patch vulnerabilities. 

2. Install software from trusted sources 

Only download software from official stores (e.g., Microsoft Store, Apple App Store, Google Play). Avoid pirated or unofficial sources to reduce the risk of malware. 

3. Limit administrative access to your computers  

Restrict administrative rights to essential users only. This reduces the risk of accidental or malicious changes to system settings. 

4. Encrypt your hard drives  

Use disk encryption (Bitlocker for Windows, FileVault for Mac) to protect data if a device is lost or stolen. 

5. Back-up your data regularly  

Regular back-ups can help you recover your information if it’s lost or compromised.  

• Create and implement a plan to regularly back up your information 
• Test your back-ups to ensure you can recover information successfully 

6. Secure your network 

• Take these steps to protect your office network: 
• Change default router passwords and disable remote configuration. 
• Hide your network SSID to prevent unauthorized access. 
• Enable WPA2 encryption with a strong password. 
• Create a guest network for visitors. 
• Disable unused features like FTP or UPnP. 
• Maintain a device inventory and remove unknown devices. 
• Use cloud security

For more information, check out the Australian Cyber Security Centre’s Small Business Cyber Security Guide. If your clients are looking for tips relevant to them, point them to our Staying safe online hub for tips and resources.