We're asking members to share their views about ESSSuper, so you may have received an email from us about participating in an Investment Trends survey. Please click the button in that email if you're comfortable to do so, otherwise please email us at research@esssuper.com.au
Beware of fraudulent emails, phone calls, and SMSs

Protecting your personal information

February 22 2025

LATEST NEWS

Fire Rescue Victoria cyber-security incident
Updated: 20 December 2022

At ESSSuper, we take cyber security very seriously and regularly review our technologies and processes to ensure high security standards are maintained. We've been advised of the cyber-security incident at Fire Rescue Victoria (FRV) and are taking extra steps to reinforce the security of your account.

Please remember, ESSSuper will never send you an email or SMS asking you for your personal information. If you receive an email, phone call or SMS you're unsure about, please call us on 1300 650 161 (Emergency Services members) between 8:00am and 5:00pm Monday to Friday, or email us at info@esssuper.com.au

MORE INFORMATION

Keeping your superannuation and personal information secure is a responsibility we don't take lightly

Please refer to our More information webpage for details such as:

  • The terms and conditions that apply to the use of ESSSuper's website and app
  • Our Privacy Policy, which explains how we handle your personal information, and
  • Our Privacy Collection Statement, which explains how ESSSuper will store, record, and use your information.

Beware of fraudulent emails, phone calls, and SMSs

From time to time, we may contact you about your account. For example, you may receive an email from ESSSuper letting you know there's a document (e.g. your Annual Benefit Statement) available in your Members Online inbox, which directs you to log into Members Online. If you receive an email, phone call, or SMS you're unsure about, contact us directly – never use the contact details provided by an email, phone call or SMS.

Email and SMS

ESSSuper will never send you an email or SMS asking you for your personal information. However, fraudsters may send you a fake email or SMS that can be very convincing and contain harmful links or malicious attachments, in an attempt to steal your personal information. This is known as phishing, and you can recognise these emails or SMSs by:

  • An unfamiliar email address or other contact details for ESSSuper
  • Requests for your personal information
  • Suspicious attachments – don't open any!
  • Bad grammar or spelling (English)
  • Links that seem to take you directly to Members Online
  • Images that don't look quite right.

Genuine ESSSuper email addresses include "esssuper.com.au" – you can check this by hovering over the address.

Over the phone

Some things you can do if you suspect you've received a fraudulent phone call:

  • If the caller claims to be an ESSSuper employee and you have reason to doubt their identity, end the call and contact us directly – don't use the contact details the caller provided – to continue the discussion with our Member Service Centre. If talking to a suspicious caller, it may be wise to:
    • Ensure you only use simple words that can't be re-edited to misrepresent you if recorded (e.g. don't say your name)
    • Make a note of why they're calling, their name, and their contact number.
  • Be aware of voice recorded messages that dial automatically and ask you to call a number back. These are generally fake and designed to get your personal information.

What about the security of Members Online?

While cybercrimes such as identity theft, malicious attacks, data breaches, and phishing are still happening through the internet, we'll do everything we can to keep your ESSSuper account(s) safe online.

We take protecting your privacy online very seriously and use a variety of security features and processes to ensure the security of your personal information. You can read our Terms of use, Privacy Policy, and Privacy Collection Statement to learn how ESSSuper collects and holds your personal information.

Importantly, you can be confident that Members Online is secure through two key features:

1. Two-factor authentication

  • When is it required? When you register for access to Members Online, reset your password, and make significant requests within Members Online (e.g. changing Income Stream payment amounts or frequency).
  • How does it work? Two-factor authentication (2FA) requires a unique, randomly-generated PIN in addition to your login details. 2FA is most effective when the PIN is provided to you through a separate application, such as a text message (SMS) to your mobile phone. If we don't have your mobile phone number on file, please contact us.

2. reCAPTCHA

  • When is it required? When you register for access to Members Online, reset your password, or if you attempt to log in more than twice within one minute.
  • How does it work? reCAPTCHA helps by asking you to complete a simple test that proves you are human and not a computer trying to break into a password protected account.

As usual, some requests will need you to prove who you are. Read our Proof of identity web page for more information, including how you can do this through Members Online.

You can help us protect your privacy and identity by creating a secure password and changing it regularly – refer below to learn more.

Create a secure password and change it regularly

Set up a Members Online password that is:

  • Based on a phrase that only you know, is at least eight characters long, and contains:
    • One lower case letter – Example: a
    • One upper case letter – Example: A
    • One number – Example: 1
  • Easy to remember, but difficult for someone else to guess
  • Unique to Members Online (don't reuse passwords from other websites or apps)
  • Is only known to you, not shared with family or friends.

Remember to change your password regularly and keep your ESSSuper account details confidential.

External resources about identity fraud

We encourage you to review information about identity fraud at:

Providing proof of your identity

You can provide proof of your identity via electronic ID verification in Members Online or by sending certified copies of your identity documents to ESSSuper. Learn more about this on our Proof of identity webpage.

RECENT NEWS

Optus, AHM, and Medibank cyber attacks
Updated: 26 October 2022

There's been no impact to ESSSuper's systems from the cyber attack that resulted in the release of the Optus, AHM, and Medibank customers' details, however we continue to monitor the situation closely.

If you're a current or previous Optus customer or a customer of AHM or Medibank that has been impacted by a data breach:

  • Affected Optus customers should contact Optus via the My Optus App or by calling 133 937 for advice on any actions you may need to take
  • Affected Medibank and AHM customers should visit the Cyber incident updates and support page on Medibank's website or call Medibank on 132 331 for advice on any action you may need to take
  • We encourage you to log into our Members Online system to monitor your ESSSuper account(s) for any unusual activity and contact us immediately if you see something suspicious.