After growing to $4.5 trillion, super faces its next big challenge: scammers

The biggest long-term story in Australia’s financial system is the meteoric rise of superannuation: a $4.5 trillion asset pool that’s on track to rival the size of our banks by the end of this decade.

While far from perfect, this massive pool of savings is shaking up capital markets, shifting power dynamics in the corporate world, and most importantly giving millions of people a more comfortable retirement.

But with such growth, it’s hardly surprising scammers and fraudsters are also eyeing off all that money.

Last year the super industry was reminded this is not some abstract risk, when about half a million dollars was stolen in cyberattacks on funds. The corporate watchdog says the super industry had about $22 million in scam-related losses last year.

Funds say they’re making significant efforts to try and protect their members from this grim threat. However, the two key watchdogs for super funds recently made it clear they see definite room for improvement.

Simone Constant, a commissioner at the Australian Securities and Investments Commission (ASIC), has been warning super funds for more than a year about the risk of scams. Last week she gave the industry a blunt reminder there’s more to be done on this front.

Constant pointed out that by 2030 the super pool is projected to approach $6 trillion, which is more or less where the banks are today. As super swells, the regulators worry about the sector being a “soft target” to scammers for a number of reasons.

Apart from the sheer amount of money in super, there’s the fact that other parts of finance (such as banks) have tightened up their anti-scammer defences, which can push the scammers to look elsewhere for opportunities.

As well, most of us rarely check our super balances, unlike our bank balances, which means we’re less likely to notice something untoward. People in the retirement phase of super – a cohort that’s getting much bigger as the population ages – also tend to be more attractive for scammers because this group can access super money much more easily than those still saving for retirement.

In calling out the risk, ASIC is trying to push funds to get ahead of the threat. So, how are funds dealing with the dangers of scammers? At least on some measures, ASIC seems to think many funds need to lift their game.

There’s no doubt last year’s cyberattacks prompted funds to tighten their security – in some cases introducing measures like two-factor authentication. But this is only part of the battle against scammers.

Funds also need to talk to members about these risks and how to avoid them – and be available to help them if they have been scammed. However, ASIC last week warned of “significant gaps” in how funds communicated with members about scams, after it reviewed the websites of 47 super funds and compared them with the major banks.

The study found many super funds had limited or poor quality information about scams, and only about a third of websites gave members “actionable information” to prevent or report scams and fraud.

It also found only one in five super fund websites had a dedicated telephone or email contact for members to report potential scams or fraud.

Now, a lack of email addresses or phone numbers may not sound like a big deal in the scheme of things. But to a scam victim, it can matter a lot. If someone realises, to their horror, they’ve been scammed out of thousands of dollars, one of the first things they’ll want to do is call the fraud hotline at financial institution to try to stop it.

In response to ASIC’s report, the Association of Superannuation of Australia wrote to its members suggesting better wording of the material on their websites, and vowed to work with the watchdog as it provides more detail about what funds should be doing.

The group added funds had strengthened their authentication and monitoring of unusual activity, and said it would work with government on “the potential for tighter oversight of higher-risk transactions.”

However, poor website content wasn’t Constant’s only concern. She also provided an early update on an ASIC review of how super fund trustees use customer complaints to detect where whey might improve. While she stressed that the results were mixed across the industry, Constant appeared surprised with what some funds had (or rather, hadn’t) found.

“Incredibly, five of the 10 trustees we are looking at in depth have not identified a single systemic issue from analysis of their complaints data over our period of review,” she said.

“These trustees received thousands of complaints but told us they haven’t identified one single systemic issue through regular review of complaint data? Really?”

While data about complaints may sound pretty unexciting, it’s an important way companies can find out what’s upsetting their customers, and therefore how they might improve.

Constant, a former bank executive, saidd the importance of listening to customer complaints was one of the top lessons from the 2018 banking royal commission into financial misconduct.

“Those organisations that really failed at the royal commission and were found so wanting, if they’d paid better attention to their complaints, they would have seen the data pointing them to where the problems were – to where customers were being failed,” Constant said.

As well as ASIC, the Australian Prudential Regulation Authority’s deputy chair Margaret Cole also sent funds a message last week that it was time to lift their game on scam protection. Speaking alongside Constant, Cole described the super sector’s losses in last year’s cyberattacks as a “serious wake-up call” that occurred six years after the regulator had introduced obligations on IT security.

And it’s not just on scam protection where some big super funds have copped blunt criticism lately. There have also been high-profile court cases against Cbus and AustralianSuper over delays in paying out death benefits, while HESTA was slapped in late 2025 for an outage that left members unable to access their accounts for about six weeks.

Granted, funds have taken steps to address these problems, including hiring more staff instead of relying on outsourcing. ASIC’s outgoing chair Joe Longo said last month he thought funds had got the message about the need for improvement in member services, though it would take time.

Even so, the recent warnings from APRA and ASIC over scam protections are the latest signs that one of the super sector’s biggest tests in years to come may not be accumulating assets – something it’s been pretty good at so far.

Instead, as more people start drawing on their super, the big challenges are more likely to be around serving customers, and that includes fighting the scammers eyeing off a slice of the super pie.

The Market Recap newsletter is a wrap of the day’s trading. Get it each weekday afternoon.