In addition to taking advantage of Vanguard's security features, here are some general tips and best practices for keeping your personal and financial information safe online.



Take these important steps to protect yourself:
  • Review and update your security settings to ensure you've taken all the steps available to you to safeguard your accounts.
  • Beware of "robocalls" from unknown numbers.
  • Don't share personal information (i.e., passwords, or logon credentials) with anyone over the phone if you haven't initiated the contact.
  • To reduce unwanted calls, register your home or mobile phone number on the National Do Not Call Registry at
  • Beware of "phishing" emails and clicking or tapping on links in any unsolicited email message.
  • Never send money to someone you haven't met in person. 


Keep your operating systems up to date and be sure to install security software. Set up the screen lock feature on any mobile devices to prevent unauthorised access. Always log off the website and close your internet browser or mobile app when you finish viewing your account information online.

Most device manufacturers release operating system updates regularly and you need to keep your device current. Check your device's settings to see if you need to update its operating system.

If you're using a Windows operating system, go to Microsoft's website.

If you're using Apple's operating systems, go to Apple's website.

You should also download security software and keep it current to protect your computer, as well as your Android™ or Apple® mobile device. And, you should monitor your computer and browser settings as well. 

High-speed internet access is very convenient and "always on." But this continuous connection exposes your computer to online threats. You should install and use personal firewall software and keep it updated. Read your computer's operating manual or search the internet for help on installing firewalls. Also, look for included firewalls if you're purchasing home networking equipment such as a router.

Personal firewall software takes its name from the barriers built into cars and buildings that separate potentially hazardous environments from protected areas. Similarly, firewall software protects computers by monitoring the types of activity or attempted activity between the personal device and a network. Firewalls can refuse attempted connections that aren't initiated by you or that the software deems suspicious.

Malicious code such as viruses, worms, and Trojan horses can wreak havoc on your computer. Bad code can even capture your logon information and take control of your computer.

You need to install and regularly update antivirus software to protect against, detect, and repair attacks from most viruses.

Even if your computer has a firewall and antivirus software, it still could be susceptible to spyware. Spyware is software that appears to offer some tangible benefit, but actually monitors your behaviour online. This illegal access is often used to intercept your usernames and passwords to your online accounts. You should install anti-spyware software and configure it to scan your personal device weekly. You should also:

  • Verify any software you install on your computer. If you see a Security Warning window when installing a program that reads "Do you want to install and run [name of program] issued by [name of company]?" and you don't recognize the company, select "No" to stop the installation.
  • Install a popup blocker to prevent spyware popup windows. (Spyware is often installed after clicking or tapping deceptive links in popup windows.) Note: You may want to change the settings in your popup blocker program to allow for popup windows on and other reputable sites you trust.
  • Log off after accessing your accounts online and close your web browser. Some of your account information can stay in your browser's memory until the browser is closed. You should do this on all computers and for all websites you log on to.
  • Do not open, click, or tap links in, or open attachments in any email you think is suspicious. Vanguard won't send emails with logon links or attachments unless you're expecting such an email based on a conversation with one of our crew members.

Enable biometrics or password lock on your mobile device so nobody else can access your account. A password protects your device so nobody else can use it or view it.

Lost your mobile phone? Consider using anti-theft apps or services that may help you remotely wipe, lock, or locate your phone if it’s lost or stolen.

Use apps carefully. Take care when installing apps on your device by following these tips:

  • Download apps securely. Always get your apps from reputable sources like the Apple App Store® or Google Play™ store to minimize the chance the apps contain malware.
  • Research apps before downloading. Review what an app can read and change on your device before downloading it to make sure that the app's access to your device is appropriate.
  • Update apps, especially security-related ones. Speaking of updates, it's usually safer to disable the "automatic update" feature on apps and your devices and update your apps manually. This way, you can review each update and determine if you want to proceed.

Sync your device safely. Syncing your mobile device "in the cloud" allows you to access files and content on any of your devices anywhere there's an internet connection. But you need to sync carefully.

Use a reputable service. Make sure that you use a cloud service provider that offers strong security and encryption services, including an SSL connection, to keep your information protected.

Sweat the details. Research the security features of cloud computing services on the internet or contact the vendors' customer service areas to learn what they do and don't provide.

Protect your password. Periodically change your syncing service password if the provider offers that service. And never store your syncing password unencrypted on your device.

Avoid using public wi-fi networks or unfamiliar hotspots. These networks are much more vulnerable than secure networks to malicious software that can install malware on your device to capture your username, password, and other security credentials when you go online.

If you didn't ask for it, you should decline the offer and close the window. Before installing any software on your device, always take a few minutes to research it.

Use common sense and caution when sharing personal information on social media, and make sure you know exactly how to control the privacy settings for every site you use.

Beware of fraudulent ("phishing") emails. At first glance, these may appear to be coming from a legitimate sender, with an urgent request for you to click a link and/or update personal information. Always inspect a message carefully before you open any links.

Your Vanguard account password should be reasonably complex and preferably at least 8 characters long. You should also update your password regularly and ensure it's different from the passwords you use to log on to other websites. 

Vanguard sends confirmation SMS or emails when changes occur on your account. If you see a change or transaction you didn't authorise, or you suspect fraud for any reason, contact us immediately at 1300 655 101 or via email at

And, if you've been a victim of identity theft within the past 12 months, please let us know.

  • Your password/logon credentials.
  • A security code you received via text.

You should never disclose this information to anyone over the phone. If you suspect someone has gained access to this information, contact our fraud team immediately. We won’t send emails with logon links or attachments unless you’re expecting such an email from us based on a conversation with one of our crew members.

You should remain vigilant as we have observed a notable rise in investment scams targeting Australian investors using brands of well-known investment managers.

Fraudsters often try to mimic genuine companies. They will use logos, addresses, telephone numbers and the names of real company employees to make themselves seem legitimate. They may also use paper or online forms to try to capture your personal details for fraud.

The Australian Competition & Consumer Commission’s ScamWatch website provides information on how you can protect your privacy and prevent identity theft.

You can also contact IDCare on 1800 595 160 or via their website for support if you believe your personal information has been put at risk.

You can also find useful information on the Australian Security and Investment Commissions (ASIC) MoneySmart website which provides details on investment seminar scams, how superannuation works and companies you shouldn’t deal with.