Cyber Scams Target Unsuspecting SMSF Trustees

Shelley Banton
Shelley Banton
May 04, 2020
SMSF trustees targeted by cybercriminals

The early access to Superannuation programme assists SMSF trustees in need of financial assistance due to the impact of COVID-19. But the stark reality is that an alarming increase in the number of COVID-19 cyber scams may target unsuspecting SMSF trustees during this time of crisis.

The Australian Cyber Security Centre (ACSC) has received reports about a range of different COVID-19 themed scams, online frauds and phishing campaigns designed to steal from unsuspecting individuals, businesses and government departments.

Common Scams

One of the most common scams is where cybercriminals register several COIVD-19 themed websites to conduct widespread phishing campaigns that distribute malicious software (malware) or harvest personal information from unsuspecting SMSF trustees.

Once the phishing campaign obtains the user’s credentials, cybercriminals can bypass security controls to gain access to account and networks belonging to individuals and businesses.

The ACSC has reported that those engaged in cybercrime activities continue to rapidly adapt their techniques in response to changes in the current environment. New phishing campaigns that align with breaking developments, such as government relief payments, within days, and even hours, of these announcements, are occurring.

Banking Themed SMSF Phishing Campaigns

SMS phishing campaigns intend to trick recipients into clicking on a malicious link contained in the message. The links appear to come from legitimate organisations, such as one of the major banks or the Australia Government, that directs the recipient to divulge personal financial information to unblock access to their accounts.

Fake Australian Government Email Phishing Campaign

Fake emails purporting to be from the Australian Government is part of a COVID-19 themed phishing campaign designed to steal sensitive information such as SMSF banking usernames and passwords.

Other emails impersonating official Australian Government correspondence invites the recipient to provide their tax file number and to attach identity documents, such as drivers license or passport, to access an early release benefit payment.   

Unwittingly providing cybercriminals with this type of information will enable them to open bank accounts or take out loans using the recipient’s name.

How to Spot Phishing Scams

The ASCS has identified several key details to look out for to help determine if a text message or email is phishing:

  • Read the message very carefully, look for anything that isn’t quite right, such as spelling, tracking numbers, names, attachment names, sender, message subject and URLs
  • On a PC or laptop, hover your mouse over links to see if the embedded URL is legitimate, but don’t click
  • Google information such as sender address or subject line, to see if others have reported it as malicious
  • Call the organisation on their official number as it appears on their website (separate to any contact details in the received message) and double-check the details or confirm the request is legitimate. Do not contact the phone number or email address contained in the message, as this most likely belongs to the scammer
  • Use sources such as the organisation’s mobile phone app, web site or social media page to verify the message

Most importantly, do not open attachments from unknown sources or click on links in unsolicited emails. Never divulge personal information to unverified sources and never provide remote access to your computer.

Using two-factor authentication on all essential services and employing email, SMS or social media providers that offer spam and message scanning can also minimise SMSF cybercrime.


The threat of cybercriminals taking advantage of the COVID-19 pandemic may see SMSF trustees becoming victims of malicious cyber activity during this challenging period.

At a time when SMSF trustees are working from home through remote systems, the number of reported scams to the ACSC means being on high alert against the threat of COVID-19 themed cybercrime activity.

As 1.1 million SMSF trustees have an average balance of $678,621 in their SMSFs, there is no doubt that SMSFs are high on the radar of cybercriminals. While the ACSC continues to focus on protecting Australians against cyber scams, the best advice for SMSF trustees is to stay safe online and limit the risk of being attacked.

Independent SMSF audits by Australia’s most trusted team. Find out more
Return to our Blog