We're aware of the recent cyber attacks on super funds. Verve Super is not impacted. Learn how we're keeping your super safe. 

Read more
LogoLogo
Logo

Why Verve?

Learn

Resources & Forms

Log in
Join now
Log in
Join now
Back
Verve updates

Keeping your super safe

How we keep your super safe and some important things we encourage you to review.
April 7, 2025 by Verve
| 3 min read

You may have seen recent news of a series of coordinated cyberattacks affecting the members of several major Australian superannuation funds.  

Please be assured that Verve Super has not currently been impacted by the current cyber attacks.  

We have been monitoring (and are continuing to monitor) the situation carefully and are committed to keeping our members updated and protected.  

Here’s what happened and what you need to do.  

What happened 

Last week, several major super funds were targeted in coordinated cyberattacks where attackers used passwords previously involved in unrelated data breaches to fraudulently access members’ accounts and make a limited number of withdrawals. When passwords are reused across different logins, they are much easier for hackers to access.  

As a result of these cyberattacks, most super funds are currently seeing a high volume of calls and logins from concerned members.   

 Verve Super members have not been impacted by these cyberattacks to date.  

However, the issue highlights the ongoing need to use multi-factor-authentication (MFA) and strong passwords in all your online accounts that handle financial transactions.  

How we protect your account 

Your account is protected by:  

Cyber protection

We use authentication technology to monitor login patterns and flag any unusual activity in our members’ accounts. This advanced technology uses multiple layers of verification, analyses requests to change passwords or bank details, and blocks suspicious login attempts to continuously monitor and protect your account.  

Secure login 

We use mandatory multi-factor-authorisation during login to protect your accounts. When combined with a strong and unique password, this is the best protection against unauthorised logins.  

What you need to do 

We strongly encourage you to review your login security and ensure that you:  

Use multi-factor-authentication (MFA)

To keep your account safe, we use multi-factor authentication (MFA) login, replacing SMS and email authentication. This is in line with Australian Prudential Regulation Authority (APRA) advice and is your best defence against cyberattack.  

There are various third-party apps you can use to set this up, such as Google Authenticator, LastPass Authenticator, Microsoft Authenticator and Authy Authenticator.  

We introduced MFA in 2023 so if you haven’t logged in for a while, please refer to the instructions on our FAQs page to ensure you have maximum protection.   

Use a strong, unique password 

The accounts affected by these attacks were targeted mainly through credential stuffing - a type of cyberattack where hackers use previously stolen usernames and passwords from unrelated data breaches to attempt to log in to other platforms.  

In other words, the same password has been used for something else. Please ensure you use a unique and strong password that you’ve never used anywhere else.  

There are various third-party apps that can help you store and retrieve strong unique passwords, via biometric protection. You can find advice about this at the Australian Signals Directorate.   

Remain alert 

With scammers currently active, please be on the lookout for fraudulent emails or messages. To help you check that communication is genuine, please follow this advice to keep your account safe from phishing emails or texts.  

  •  Check the sender's email address - Look for misspellings, unusual domains, or anything that seems out of place. 

  • Do not click on links in suspicious emails (go directly to the website in your browser or app) 

  • We will never ask for your password or pin number via email or unsolicited communication. 

  • If you need to contact us, do not use contact details provided in suspicious communications. Always obtain contact information directly from our official website or app 

  • Exercise extreme caution with email attachments. Do not open attachments if you have any doubts about their legitimacy. 

  • If something seems suspicious, it likely is. When in doubt, contact us via a trusted method. 

If you are concerned 

If you are concerned about any unusual activity on your account or have any questions, please contact us on 1300 799 482 or at hello@vervesuper.com.au

More about Verve Super