keeping your super safe

The best way to detect any unusual activity is to monitor your HESTA online account regularly. With an online account, you can:

• regularly track your balance
• check your employer contributions
• review your insurance cover
• download your annual statement
• nominate your beneficiaries
• keep your contact details up to date.

If you want to set up an online account, you can register here.

We’ll send you an SMS confirmation of any changes to your personal details made on your online account.

If you receive a message about a change you didn't make, contact us immediately.

Set up a password or passphrase on your HESTA online account that is:

• difficult for others to guess but easy for you to remember, and is made up of a variety of letters, numbers and symbols
• unique to your HESTA online account (don’t re-use passwords from other websites or apps)
• changed regularly
• known only to you and not shared with family or friends.

Help protect your online account by setting up extra layers of security for additional peace of mind. Multi-factor authentication (MFA) is an effective way to protect your valuable information and accounts against unauthorised access by using more than one way — such as a password — to verify your identity.

As a HESTA member, you might have noticed your online account requires MFA for extra security. We’ll send you a verification code every time you log in to your online account, or the first time you log in to the HESTA App.

Don’t have an online account yet? Register now so you can check in with your super regularly.

We may call you about your super, particularly if:

• we’re getting back to you about a request you’ve made
• you’ve provided feedback on our services.

We do this as part of your membership benefits.

However, unsolicited cold calls are illegal, and you should not engage with these callers as they may be attempting to obtain your personal information as part of a scam.
 

Here are some tips to protect yourself on the phone:

• Never provide your superannuation information to someone who contacts your unexpectedly.
• Don’t be pressured to make financial decisions like transferring your super. Always take the time to check the legitimacy of the person or organisation contacting you. If the caller claims to be a HESTA employee and you have reason to doubt their identity, make a note of their name and contact number before ending the call.
• You can verify the identity of the caller by checking the HESTA service team webpage. HESTA administrative team members may also contact you, and you can confirm their identity by contacting us.
• Report any SMS you receive that has spelling errors, an unfamiliar sender address, suspicious links, or requests for personal information.

If you receive a phone call, SMS or email relating to your super that you’re unsure about:

• don’t click on any links, reply or forward the message on
• contact us immediately (don’t use any contact details mentioned in the SMS or email).

Fraudsters may send you fake emails with harmful links or malicious attachments. This practice is known as phishing and emails like this can be identified by:

• misspelling or images and graphics that don’t look quite right
• unfamiliar sender addresses
• suspicious attachments
• requests for your personal information
• a sense of urgency (scammers may try to test your better judgment by stating that something needs your immediate attention)..

Always be cautious as phishing emails can be hard to detect.

We won’t send you emails asking you to confirm or disclose your personal information.

If you receive an email that you’re unsure about:

• don’t open any attachments or click on any links
• call us immediately on 1800 813 327 (don’t use any phone number mentioned in the email)
• always access your HESTA online account through the HESTA website: https://hesta.com.au or by typing the web address into a new browser window.