Help to avoid scams

It can be very hard to spot a scam but some of the warning signs to watch out for are urgent requests, suspicious links, emotional stories, or deals that seem too good to be true. Here’s what to do if you receive a suspicious message or request:

Stop

Take some time to think about whether the request is genuine. Real companies or government departments won’t pressure you to make a payment.

Check

Search the person or company online and look for any reviews or experiences others may have had. Call them using a number from their official website to confirm.

Protect

If something feels wrong, act fast. Contact your bank, change passwords, and report to ScamWatch. Always access your account via official CFS channels.

Confident charming mature old lady with gray hair and glasses is dressed in a stylish jacket in an urban environment.

What to do if you’ve been scammed

If you think you’ve been targeted by scammers:

  • Call us on 13 13 36 or your financial provider straight away.
  • Change your passwords and PINs immediately. 
  • Report the scam to scamwatch.gov.au. For fraud, contact the police.
  • Visit IDCARE or call 1800 595 160 for support with identity or cyber-related issues.
  • Apply for a Commonwealth victims’ certificate if you’re a victim of identity crime. 
  • Get more tips at cyber.gov.au

How we help protect your accounts

We use strong security measures, strict policies, and regular reviews to protect your account and personal information from misuse, loss, or unauthorised access. Our approach ensures your data stays safe and up to date with cybersecurity best practices.

Multi-Factor Authentication (MFA)

Colonial First State uses MFA to help prevent unauthorised access. You’ll be asked to verify your identity with a one-time PIN sent to your registered mobile or email.

Monitor for suspicious activity

We monitor your accounts for suspicious activity, especially following recent scam reports targeting super funds. If you're concerned, change your passwords.

Data security measures

Only authorised staff can access our systems. Data is protected by firewalls, intrusion detection, and virus scanners. Physical records are stored securely or safely destroyed.

Latest scams, frauds and security alerts

We’re aware that scams and fraud attempts continue to target our members, and we’re committed to keeping you informed so you can stay protected.

  • A scam involves someone gaining your trust to steal your money or personal information. 
  • Fraud is when someone accesses your money without your knowledge or permission.
Latest scams and alerts

Visit ScamWatch for all scam alerts

Check out scam tips, news and alerts through the Australian Government’s Scamwatch website

You can also subscribe to Scamwatch email alerts to keep up to date with the latest scams. 

Frequently asked questions

Scams can be hard to spot, but there are some warning signs to look out for: 

 

It sounds too good to be true

Scammers often promise big savings or easy money. They’ll push you to act fast, so you don’t “miss out.” If it feels like an unbelievable deal, it probably is. 

 

A stranger needs your help and your money

Scammers prey on your kindness. They’ll share emotional stories to convince you to send money. If you can’t verify the story independently, don’t send more than you’re willing to lose.

 

There’s a link or attachment in the message

Be cautious with unexpected links or files. Scammers use them to steal your personal info or money. If you’re unsure, go directly to the website or app instead of clicking.

 

You’re being rushed

Scammers rely on urgency. Whether it’s a “limited-time offer” or a threat that something bad will happen, they want you to act before you think. Take a moment to pause and assess.

 

They want you to pay in unusual ways

If someone asks for payment via gift cards, preloaded debit cards, or cryptocurrency, it’s a major red flag. These methods are hard to trace, and impossible to recover.

 

They ask you to open new accounts or set up a PayID

If you're asked to create a new bank account or PayID to send or receive money, stop and check who you're dealing with. This could be a scam, or even money laundering. Your bank will never ask you to do this to “keep your money safe.”

 

For more information visit ScamWatch 

There will always be scammers out there, but just as you might lock your front door when leaving the house, here are some simple steps you can take to help  keep them away from your savings and investments. 


 

1. Update your passwords regularly
Ensure that the passwords for your MyGov, bank, and your email accounts are strong and unique, and change them every three months at least.  

 

2. Enable Multi Factor Authentication (MFA)
MFA strengthens security by requiring you to verify your identity through multiple methods, which may include something you know (like a password), something you have (like a phone or hardware token) and something you are (like a fingerprint or facial recognition). This makes it much harder for scammers to gain access to your money. You’re protected by MFA when you use the CFS mobile app and FirstNet. 
 


 

3. Install the latest software update
Install the latest software updates to ensure your computer and devices are protected against security vulnerabilities and run smoothly with the newest features and improvements.

 

4. Keep your passwords and devices secure
Keep your devices, PIN, and passwords secure by memorising your codes and deleting any records of them. Never share your passwords or PINs, even with friends, family or someone claiming to be from your bank or financial institution, and avoid using easily guessed information such as birthdays, names, your phone number, numbers that form a pattern, or your pet's name. Consider using a password manager to securely store and generate strong, unique passwords for each account.

 

5. Install Internet security apps
Protect your mobile and computer with Internet security apps, such as anti-malware and anti-virus software, which can detect and block malicious activities.

 

6. Guard against physical access
Shred any personal documents you no longer need and secure your mailbox with a lock to stop identity thieves from accessing sensitive information in discarded documents or stolen mail.

 

7. Sign up to a credit bureau
Monitoring your credit profile can help you spot signs of identity theft early. Consider placing a freeze or proactive alert on your profile to prevent fraudsters from opening accounts in your name.

 

8. Avoid clicking on links
Always manually enter business websites and phone numbers from their official websites to reduce your risk of falling victim to phishing scams. 
 

 

9. Pause before you act
Take a moment to verify the legitimacy of any urgent requests. Use the ASIC scam register or Scamwatch to check if you could be the target of a known scam. Scammers often use urgency to pressure people into making hasty decisions. 
 

 

10. Don’t offer easy access
Public Wi-Fi networks are often insecure, so don’t use them for sensitive transactions and always log out of browser windows on your devices when you are finished.



 

If at any time you think you may have been targeted by scammers or the subject of fraud, please contact us on 13 13 36 and change your passwords. 

The easiest way for someone to access your personal information is by guessing or stealing your passwords. To help stay safe online, follow these password tips. 

 

Length

The longer the password is, the better, as it becomes harder to guess. 

 

Complex 

Use a mix of upper and lowercase letters, numbers and special characters like: !, & and *. Avoid using personal information like your date of birth or pet’s name. 

 

Unique

Use different passwords for different websites and online services.

 

Password checklist

1. Whenever you can, use a passphrase instead of a password. Passphrases are generally four or more random words of at least 14 characters in total with numbers and special characters (for example, RedHouseSkyTrain88*). The aim is to create something unpredictable using unrelated words, which is easy for you to remember and hard for someone else to guess.

 

2. Don't write your passwords down or store them on your computer. If you must record it somewhere, make sure it’s disguised. You may want to use a reputable password manager if you have trouble memorising complex passwords and passphrases.

 

3. Enable multi-factor authentication wherever you can for an added layer of security to prove your identity. 

 

4. Never share your password with anyone, even family members.

 

Learn more about setting secure passwords and passphrases by visiting the Australian Cyber Security Centre

Email is a fast and convenient way to receive communications, but it’s also a common way for cybercriminals to target people with scams, phishing (which is when scammers trick you into giving out personal information) or malicious software (malware).  

 

Take a moment to think about whether an SMS, email or attachment seems genuine before you open it. Here are some other things you should know about.

 

Bank details

Your bank will never send you an email asking for your online banking details. Most Australian banks have announced that they will not send a link in a text message.

 

Looks can be deceiving

Cybercriminals often use a company’s name and logo. Contact the company by phone if you suspect the email is a scam.

 

Check the details

Phishing emails may contain bad spelling and grammar or come from a peculiar email address. Sometimes a giveaway may also be an unusual link that may be included within the email or which you might notice when hovering over any hyperlinked terms.

 

Verification

Don't open an attachment if you can't verify who sent it to you.

 

Follow your instincts

Your anti-virus software mightn’t always be able to scan an attachment for viruses or spyware.

 

Trust

Only open links if you recognise and trust the web address it will take you to.

 

Email security checklist

1. Make sure your firewall and security software are running the latest updates.

 

2. Check if spam filtering is activated on your email account.

 

3. Consider setting up a separate email address for mailing lists, online shopping and marketing emails.

 

4. Turn off the 'automatic download' function in your email settings to ensure malicious attachments aren't infiltrating your computer without your knowledge.

 

For more insights, check out Scamwatch’s info page on email scams

Whether you’re shopping, catching up with the news, or connecting with friends online, it’s important to take precautions to protect your personal information. Here are some things to consider. 

 

Look carefully 

Check that the website has correct spelling, grammar and consistent design. 

 

Secure web addresses 

Look for a green padlock icon and https (rather than http) in the web address bar before transacting.  

 

Credibility 

Look online for feedback from other users about the service to verify that it’s credible. 

 

Extra security 

Use 'two-step verification' where you provide another form of ID as well as your password or PIN. 

 

Secure Wi-Fi 

Don't log on to online banking or other websites and apps that contain your personal information if you’re connected to public Wi-Fi (for example, at a shopping centre). 

 

Close your browser 

Always log out of secure sites when you've finished using them, and close the browser window. 

 

Secure web browsing checklist

  • Use anti-virus software and regularly update it.
  • Make sure you’re across the privacy and security settings in your web browser. 
  • Avoid saving passwords in your browser and logout of accounts when you’re finished.
  • Manage your cookies (these are files that gather details about you when you visit a website). To turn these off, go to settings or tools, or set up your browser to do it automatically.  
  • Clear your browsing history. While it makes it easy to return to websites you’ve visited previously, it also makes it easier for other people to see your history too.
  • If you notice suspicious activity on your accounts, contact your financial providers straight away and make sure they have your correct details on file so they can contact you too.

Understand more about how your actions can be tracked online

If you're an adviser working with Colonial First State, it's important to understand the basic steps to safeguard your business against common cyber threats. Here’s what you need to know: 

 

1. Use security software  

Install reputable antivirus and anti-malware software to protect your devices. 

  • Microsoft Windows: Modern versions include free Windows Security to scan for suspicious files and programs. Microsoft also allows the installation of third-party security software for users looking for a higher standard of protection. 
  • Mac: Apple Mac computers don't include security software by default, so it’s important to install reputable third-party software. 

In selecting security software such as anti-virus or anti-malware, be sure to first read reviews to assess its reputation.  Keep software updated and enable automatic updates to patch vulnerabilities. 

 

2. Install software from trusted sources 

Only download software from official stores (e.g., Microsoft Store, Apple App Store, Google Play). Avoid pirated or unofficial sources to reduce the risk of malware. 

 

3. Limit administrative access to your computers  

Restrict administrative rights to essential users only. This reduces the risk of accidental or malicious changes to system settings. 

 

4. Encrypt your hard drives  

Use disk encryption (Bitlocker for Windows, FileVault for Mac) to protect data if a device is lost or stolen. 

 

5. Back-up your data regularly  

Regular back-ups can help you recover your information if it’s lost or compromised.  

  • Create and implement a plan to regularly back up your information 
  • Test your back-ups to ensure you can recover information successfully 

6. Secure your network 

  • Take these steps to protect your office network: 
  • Change default router passwords and disable remote configuration. 
  • Hide your network SSID to prevent unauthorized access. 
  • Enable WPA2 encryption with a strong password. 
  • Create a guest network for visitors. 
  • Disable unused features like FTP or UPnP. 
  • Maintain a device inventory and remove unknown devices. 
  • Use cloud security

For more information, check out the Australian Cyber Security Centre’s Small Business Cyber Security Guide. If your clients are looking for tips relevant to them, point them to our Staying safe online hub for tips and resources. 

We're here to help

Get in touch

Get in touch with us online or call us 8:30am to 6pm AEST Monday to Friday.

Find the right advice option

Our dedicated team can help you choose from a range of different financial advice options.

Download mobile app

Track your balance and see your transactions history from anywhere.

Avanteos Investments Limited ABN 20 096 259 979, AFSL 245531 (AIL) is the trustee of the Colonial First State FirstChoice Superannuation Trust ABN 26 458 298 557 and issuer of FirstChoice range of super and pension products. Colonial First State Investments Limited ABN 98 002 348 352, AFSL 232468 (CFSIL) is the responsible entity and issuer of products made available under FirstChoice Investments and FirstChoice Wholesale Investments.

 

Information on this webpage is provided by AIL and CFSIL. It may include general advice but does not consider your individual objectives, financial situation, needs or tax circumstances. You can find the target market determinations (TMD) for our financial products at  https://www.cfs.com.au/tmd which include a description of who a financial product might suit. You should read the relevant Product Disclosure Statement (PDS) and Financial Services Guide (FSG) carefully, assess whether the information is appropriate for you, and consider talking to a financial adviser before making an investment decision. You can get the PDS and FSG at www.cfs.com.au or by calling us on 13 13 36.