Recover a Hacked Super, Pension or Retirement Account

    It can be incredibly distressing to discover your superannuation, pension, or retirement account has been hacked. This guide will walk you through the essential steps to freeze your account, regain control, and ensure your financial future is protected.

    Act quickly! The sooner you address a potential hack, the better your chances of preventing significant financial loss.

    Signs Your Account Might Be Compromised

    Often, the first sign of a hacked account is something out of the ordinary. Keep a close eye on any communications from your superannuation or pension fund, as well as your account statements.

    Catching these unusual activities early is crucial for limiting any potential damage and getting your account secured quickly.

    • Unexpected emails or SMS messages from your fund that seem suspicious.
    • Changes to your contact details (address, phone, email) that you didn't make.
    • Login alerts for activity you don't recognise.
    • Requests for information from your fund that seem unusual or out of character.
    • Transactions or withdrawals you don't remember authorising.

    Freeze Your Account Immediately

    If you suspect your account has been hacked, the very first thing you need to do is contact your superannuation or pension fund directly. They can help you freeze the account to prevent any further unauthorised activity.

    Your fund has procedures in place for these situations and can guide you through the process of securing your funds.

    • Find your fund's official contact number (usually on their website, not from a suspicious email).
    • Explain clearly that you believe your account has been compromised and you need to freeze it.
    • Ask what steps they will take to investigate and how they will keep you updated.
    • Note down the date, time, and name of the person you spoke with.

    Regain Control of Your Login

    Once your account is frozen, the next step is to secure your access. This usually involves resetting your password and setting up stronger security measures.

    Many funds offer multi-factor authentication, which adds an extra layer of protection to your account.

    • Go to your fund's official website and use the 'forgot password' or 'reset password' option.
    • Create a strong, unique password that you haven't used anywhere else.
    • Enable multi-factor authentication (MFA) if your fund offers it. This might involve a code sent to your phone or email.
    • Check your account settings for any unauthorised changes to your linked bank accounts or contact details.

    Audit Your Other Online Accounts

    A hacker who gains access to one account might try to use the same login details or information to access your other online services. It's a good idea to perform a security check on all your important accounts.

    This proactive step can help prevent a single breach from cascading into many more problems.

    • Review your email accounts, banking, and other financial services.
    • Change passwords on any accounts that used the same password as your super fund.
    • Look for any unusual login activity or changes in settings across your accounts.
    • Consider using a password manager to help you create and store strong, unique passwords for all your online services.

    When to Contact the Regulator

    If you feel your superannuation or pension fund isn't responding adequately, or if you're not satisfied with how they're handling your case, you have the right to escalate the issue.

    Australia's financial regulators are there to help ensure financial institutions treat customers fairly.

    • If you're in Australia, the Australian Financial Complaints Authority (AFCA) is the external dispute resolution scheme for financial services.
    • Contact AFCA if your fund hasn't resolved your complaint in a timely manner or to your satisfaction.
    • Gather all your documentation, including dates of contact, names of people you spoke with, and any reference numbers.

    Key takeaway

    Recovering from a hacked superannuation, pension, or retirement account requires swift action and persistence. By immediately freezing your account, securing your logins, checking your other online services, and knowing when to escalate to regulators, you can protect your financial future. Stay vigilant with your account monitoring and always prioritise strong, unique passwords and multi-factor authentication for all your important online accounts.

    More from Financial Recovery

    No image

    Avoid Future Recovery and 'Refund' Scams

    Victim lists are sold and reused — assume more 'agents' will appear.
    No image

    Cut Off and Report a Recovery-Scam Contact

    Engagement is the product; ending the conversation is the win.
    No image

    Spot a Stolen-Funds 'Recovery' Scam

    Recovery-scam pitches all share the same red flags — confirm before doing anything.