Our systems are secure but there are some things you should know and do to help keep you and your information safer in the digital world.


Watch out for hoaxes, phishing and scams.

Online hoaxes are getting more sophisticated, making it tough to know whether an email, SMS or website is real. It’s important you learn how to spot the fakes so you stay safer online.


Hoax websites.

Hoax websites often look like the real thing.

  • When logging in to banking, shopping or email sites, always look for 'https' at the beginning of the URL – the 's' stands for secure
  • But be aware that the presence of 'https' itself isn’t always a guarantee a site is legitimate. Some clever phishers have realized that people look for the 'https' indicator and lock icon, and may go out of their way to disguise their websites.
  • Check for the padlock symbol in your browser’s address bar
  • Make sure the URL is genuine. Phishers often create fake websites with URLs similar to the real one
  • Enter site URLs straight into your browser’s address bar. Don’t rely on links in emails as they could be fake

Phishing emails.

The people behind phishing emails are experts in manipulation. Look out for:

  • Generic greetings, like “Dear user”
  • False links. Hover over a link or tap and hold it on a mobile device to see its destination
  • Wrong, out of date or out of place logos or design
  • Upsetting or urgent statements demanding you react immediately
  • Bad spelling and grammar
  • Requests for financial or personal information

Think you’ve received a 'Master Builders' phishing email? Forward it to phishing@mbansw.asn.au and we'll let you know if it's really coming from us.


Create safer passwords and PINs.
  • Make sure your password is at least 8 characters long and includes a mix of upper and lowercase letters, numbers and symbols
  • Don’t use “password”, everyday words, your name, postcode, car registration number or any other easily guessed password or PIN
  • Keep login, password and PIN details private; memorise them immediately and never write them down, don’t tell anyone what they are (not even family or friends), and don’t let anyone else see you entering them
  • Change your password and PIN regularly and don’t use the same one on multiple sites
  • Don’t let your browser save passwords or PINs for you
  • Use multi-factor authentication where possible. Multi-factor authentication requires users to provide multiple pieces of information to authenticate themselves – for example, a text message sent to your phone when logging in to a website. 

Security on the move.

Smartphones and tablets need to be protected, just like your computer.

  • Use a PIN or password to lock access to your device and ensure it locks automatically when not in use 
  • Turn on automatic updates for software and apps
  • When installing new apps, review permissions and decide whether you’re comfortable granting the access being asked for
  • Check your mobile bill for unusual charges
  • Enable “Find My Device” so you can recover it or delete its content remotely if it’s lost or stolen