At State Super, we take the protection of our members’ personal and financial information very seriously, and you can play a key part in keeping your account information safe and secure.
Typosquatting
Unfortunately, scammers are always finding new ways to target your assets and identity, and superannuation is often a target. You may be wondering what is typosquatting? Typosquatting is what we call it when people - often criminals - register website names of another organisation with common misspellings or ‘typos’ of legitimate websites to trick users who mistype website addresses into visiting malicious sites (scam websites). This can lead to sensitive information being stolen, or the site may be used for spreading malware (software that can compromise your data).
The legitimate website address for the State Super website is www.statesuper.nsw.gov.au.
How it works
The attacker registers a domain name that is a common ‘typo’ of a popular site. Some examples of typosquatting sites mimicking State Super include:
- statesuper.nsw.be
- statesuper.nsw.eu
- statesuper.nsw.co.in
- statesuper.nsw.services
- statesuper.nsw.us
- statesuper.nsw.us.org
These types of website addresses are NOT legitimate and are examples of what we call typosquatting.
Why it is dangerous
Typosquatting can be dangerous as it enables data theft whereby users may enter personal or financial information on the fake site, which the attacker then collects. The fake site can also be used to host malicious software that infects a user’s device. Scammers can also send fraudulent emails that contain links to a fake website, designed to look like a legitimate one. For example, an email claiming to be from your bank and having a link that looks similar to the real one but is misspelled slightly.
How to protect yourself
There are several ways you can protect yourself against typosquatting.
- Use bookmarks: Save the website addresses of your favourite sites and use bookmarks to access them.
- Double-check: Always check the address to ensure the URL is correct. Hover your mouse cursor over the link without clicking to see the actual URL and to check if the website is spelled correctly.
- Carefully check the ‘From’ field in the email address to spot potential fraud attempts.
- Search instead of typing: Use a search engine to find the website rather than typing the address directly.
- Be wary of links: Avoid clicking on links in suspicious emails, texts, or social media posts.
- Use antivirus software: Install and keep security software updated.
If in any doubt, DO NOT CLICK ON LINKS. If you believe you have been targeted by typosquatting you can contact us via the details on our website www.statesuper.nsw.gov.au/contact-us. To learn more about how to spot a scam website and where to report them, visit the ASIC moneysmart government website https://moneysmart.gov.au/online-safety/how-to-spot-a-scam-website.