Tips to outsmart cyber criminals and protect your finances

    More than 31,000 passwords belonging to Australian banking customers have been stolen and shared by cyber criminals using infostealer malware – while AMP bank customers have not been impacted, here's how to help protect yourself and keep your money safe.

    5 min read
    A young girl sits at a desk in a modern home office setting, pointing at a computer screen. Beside her, a man leans over the desk, observing the screen.

    In today’s digital world, cyber criminals are more active than ever, making it essential to protect your hard-earned money.  

    With news that more than 31,000 passwords belonging to Australian customers of the Big Four banks are being shared among cyber criminals online via infostealer malware1 and at least 3.9 billion passwords stolen globally2, it’s crucial to make sure your digital hygiene is up to scratch and you have the tools and strategies to protect your finances. Let's dive into how you can stay one step ahead of these cyber gangs.

    What is infostealer malware?

    This malicious software infiltrates your devices, targeting passwords, credit card details, cryptocurrency wallets and other sensitive data, then offers it up to cyber criminals on dark web marketplaces. It’s important to remember, this is not a vulnerability with the financial institutions’ security systems, but an infection on users’ devices. For example, if your device is exposed to the malware, it is harvesting your information whenever you log on to your banking app or other accounts.

    What are some of the warning signs of malware on my device? 

    • Unusual account activity, like unexpected logins or data transfers.

    • Passwords changed without your input, locking you out.

    • Slow network speeds or sudden outages.

    • Unexpected scripts, software installs or admin tool usage. 

    • Unrecognised or inaccessible files and programs.

    • Slow performance, errors, crashes or overheating issues.

    • Browser redirects to unintended websites.

    • Suspicious pop-up ads for software updates. 

    • Others knowing private info from your device.

    How can I help protect myself from cyber criminals?

    1. Crime-proof your devices 

    Ensuring your operating system and antivirus software are always up to date is your first line of defence against cyber threats. Regular updates help patch vulnerabilities that cyber criminals love to exploit.

    2. Avoid the family computer 

    The most common way of infostealer malware infiltrating a device is from unsafe downloads, which can often come from games, torrents or pirated software. If you share a computer with your kids or other family members who take part in these kinds of activities, it’s best to keep your banking and other sensitive activity on another device and educate the whole family on safe downloads.

    3. Browse and download with caution 

    Avoid dodgy links and downloads that could be laced with malware – it often infects via ‘cracked’ software (unofficial software shared for free). Stick to reputable sites, be mindful of what you click on and don’t download files if they have a different file extension than what you were expecting.

    4. Leverage Multi-Factor Authentication (MFA) 

    MFA is like having a bouncer for your online accounts, adding additional steps to gain initial access to your device, like security codes texted or emailed to you or via an authenticator app.  While MFA isn’t bulletproof, it makes it harder for unauthorised users to access your accounts.

    5. Sign up and stay alert

    To stay informed and protect yourself from emerging cyber threats and scams, consider subscribing to official newsletters and alert services. The Australian Cyber Security Centre (ACSC) offers alerts via Cyber.gov.au, providing timely updates on cyber threats. Scamwatch allows you to subscribe to scam alert emails, keeping you informed about new scams. Additionally, Have I Been Pwned is a website that lets you check if your email has been part of a data breach and offers a "Notify Me" service that alerts you if your email appears in future breaches, prompting password changes when necessary. Best of all, these valuable resources are free, enabling you to stay proactive in safeguarding your digital security.

    What can I do if I think my device has malware?

    If you suspect that your device has been compromised by malware, it's important to act quickly to minimise potential damage. 

    • Disconnect your device from the internet to prevent further data theft. 

    • Run a thorough scan with reliable antivirus software to detect and remove any malicious programs. 

    • Consider seeking professional IT support to safely clean your device. 

    • Change all your passwords on a different, trusted device to prevent unauthorised access to your accounts. 

    • Keeping backups of your important data on external drives or secure cloud services can also help protect against data loss due to malware corruption.

    • Report your malware issue to the ACSC.

    How can small businesses help protect themselves?

    For small businesses, staying vigilant against infostealer malware is crucial, as a single breach can compromise sensitive customer data, disrupt operations and damage hard-earned trust and reputation.

    1. Secure your servers

    Use secure Wi-Fi connections and ensure your network is protected with strong passwords. Consider using a virtual private network (VPN) to encrypt data transmissions.

    2. Invest in a trusted cybersecurity software

    Bring in comprehensive cybersecurity solutions, including firewalls, antivirus programs, and intrusion detection systems. 

    3. Regular data backups

    Schedule regular backups of critical business data to secure locations, such as encrypted cloud storage or external hard drives. This ensures that your business can recover quickly in the event of a cyber incident.

    4. Migrate to cloud services

    Consider using online or cloud services that offer built-in security, instead of managing your own. For example, use online services for things like email or website hosting.

    5. Employee training and awareness

    Educate your team about cybersecurity best practices, including recognising phishing scams and using secure passwords. Regular training sessions help employees stay alert to potential threats.

    6. Restrict administrator privileges 

    Perform network administration and other privileged tasks using a dedicated locked-down workstation only (i.e. a secure admin workstation). 

     

    AMP is not aware of any AMP banking customers being impacted by this instance of infostealer malware from May 2025. For more information on infostealer malware, visit cyber.com.au or call the Australian Cybersecurity Hotline on 1300 292 371 if you need cybersecurity assistance. The ACSC has published guidance for a variety of platforms and business sizes including: Small business cybersecurity guide, Small business cloud security guides and Strategies to mitigate cybersecurity incidents.

     

    1Banking passwords stolen from Australians are being traded online by cybercriminals; ABC; April 29 2025

    2State of Cybercrime 2025 Report; Kela

    Important information

    AMP Bank Limited ABN 15 081 596 009, AFSL and Australian Credit Licence 234517. Any advice and information is provided is general in nature. It hasn’t taken your financial or personal circumstances into account.

    AMP Bank is a member of the Australian Banking Association (ABA) and is committed to the standards in the Banking Code of Practice. 

    All information on this website is subject to change without notice.