Protect your account

We work hard to protect your account and personal information. Know what to look for and take some simple steps to better prepare yourself against online fraud.

Alleged scammers acting as 'ASAL Group'

29 July 2021

We’re aware that a group of alleged scammers acting as the ASAL Group (also known as Australian Securities Administration Pty. Ltd. or Australian Securities Administration Ltd.) are targeting our members and the broader community.

The group claims to operate as a financial services group, including offering financial advice. It’s understood that they use a falsified website that features the branding and trading licence details of the ASAL Group.

It’s alleged that this is not a legitimate service.

We recommend practicing extreme caution if someone contacts you offering to help you access your super by withdrawing it or moving it to a self-managed super fund (SMSF).

Call us on 1800 331 685 if you believe you’ve been targeted by a scam, or if you’re unsure about an email or call you’ve received about your super.

Reporting fraud or suspicious behaviour

If you think someone has accessed your account or you’ve received a suspicious email or phone call from someone claiming to be UniSuper, please call us on 1800 331 685 (+61 3 8831 7901 from outside Australia).

How we protect you

Security certificates

These certificates confirm that the website is authentic and that your data is encrypted. When logged in to your account:

Always make sure the URL is correct. The URL when accessing your online account will always start with ‘https://memberonline.unisuper.com.au’
Check for a lock icon either at the top or bottom of your browser window. If you click on this, it should display the SSL (Secure Sockets Layer) certificate details.

Login and session timeouts

We restrict access to your online account if there are a number of failed login attempts. Your session will also timeout after 10 minutes of inactivity.

Emails

We send our emails through a secure provider.

We may use information like your age, balance (e.g. higher or lower balances), account type, employer or location to ensure we send information that is relevant and useful to you. Other than your first name, we never include your personal information in the body of our emails, nor is it stored with our provider. We will never request financial or personal information from you in our emails.

Our Privacy Policy (PDF, 95 KB) sets out how and why we use and collect personal information in more detail.

What you can do

Your online account makes it easier for you to manage your super but online transactions do carry a small risk, so you should take steps to protect yourself.

Use a password that is difficult for others to guess.
Change your password regularly.
Never give your password to another person.
Avoid doing any transactions or submitting confidential details while using a public Wi-Fi network.
Use devices you trust and that are protected with the latest anti-virus and security software.
Log in to your online account from either unisuper.com.au or type unisuper.com.au/memberonline or memberonline.unisuper.com.au into your browser.
Check the security certificate to confirm that the site is authentic. When logged in, the web address should start with ‘https://memberonline.unisuper.com.au’. Also look for a lock icon either at the top or bottom of your browser window. If you click on this, it should display the SSL (Secure Sockets Layer) certificate details.
Don’t leave your computer unattended while you are logged in.
Beware of people who might look over your shoulder to watch you enter your password or see your personal information on your screen.
Don’t share your personal information in public—people may be listening for this information. If you need to call us, for example, make the call from home or a private room.
Always log out when you’re finished.

Check your balance, login and transaction history regularly

You may not realise immediately if someone has accessed your super account. Checking your balance, transaction and login history regularly will help you to spot any unusual activity.

What to look for

Phishing

Phishing is the practice of posing as a trustworthy person or business in communications like email, texts or instant messages to gain your personal information, such as passwords and credit card details.

Signs of a phishing communication can include:

not addressing you by your name, or using unusual forms of address
misspellings and inconsistent graphics/ images
asking you for sensitive information such as financial or personal information
creating a sense of urgency—scammers may try to test your better judgment by stating that something needs your immediate attention
sender address that looks unfamiliar or peculiar
unfamiliar or unexpected attachments contained in the email—don’t open them as they may contain malicious software.

We won’t send you emails asking you to confirm, update or disclose your confidential financial information. If you receive an email that you believe may be a hoax, don't click on any links and email it as an attachment to enquiry@unisuper.com.au.

Suspicious phone calls

If you receive a call from someone who claims to be from your bank or any other organisation, don't give them your details. Call the organisation in question on their publicly listed number to check it’s really them calling.

What to do if you suspect fraudulent activity

If you think someone has accessed your account, call us immediately on 1800 331 685.
If you think someone has your account password, change it immediately.
If you receive a suspicious email or phone call from someone claiming to be from UniSuper, call us or forward the email as an attachment to enquiry@unisuper.com.au. Don’t click any links in the email.