Security and fraud

Nowadays, a password is required for nearly everything. With so many accounts to keep track of, it's tempting to rely on familiar words and phrases. 

However, as tempting as it might be, using your birthday or your pet’s name won’t be sufficient if you want to keep your account secure. 

Here are our top tips for creating ultra-secure passwords. 

Use a minimum of 12 characters 

There’s no strict rule about the ideal password length, but 12-14 characters is a good general guideline. 

Include a mix of numbers, symbols, uppercase, and lowercase letters 

Websites don’t ask for complicated passwords just for the sake of it – using a variety of character types makes your password harder to crack by fraudsters' software. 

Avoid personal information 

In the digital age, details like your birthdate, place of birth, or pet’s name are easy to find online. Passwords based on personal information are much easier to guess than those using random words or phrases. 

Even if your passwords don’t contain personal details, it's important to control what information is available about you online. Check the privacy settings on your social media accounts, review privacy policies on sites you visit, and be cautious when participating in online surveys or quizzes that request access to your social media profiles. 

Make it strong 

When creating a password, think outside the box and use an unexpected combination of words, replacing letters with special characters or numbers that don’t resemble the original letter. 

For example, bLuesWan37?? meets all these criteria and would take a computer 63,000 years to crack. Two random words make a decent password, but three are even stronger. bLuesWan37??Guit@r would take 380 quadrillion years to break! 

Check your password strength 

If you’re unsure about your password's strength, test it using a secure, reputable online checker. It will estimate how long it would take to crack your password, giving you the chance to try different combinations until you’ve created a near-impossible password. 

Use unique passwords 

Creating secure passwords and trying to remember them can be overwhelming, but using one password for multiple platforms undermines all your efforts. If a fraudster gains access to one of your accounts, they could access many others. 

Use different passwords for each account to reduce the risk of widespread damage if one account is compromised. 

Don’t share your password 

Never share your password with anyone. One common issue with complicated passwords is that people are tempted to write them down so they don’t forget them. Resist this urge and try to memorise your new passwords instead. 

Set a reminder to change your password regularly. 

At TorFX, we will never ask for your password, and you should never share it with us – even if it seems like we've requested it. 

If you believe your password is no longer secure, change it immediately. 

Changing your password is easy – just follow this link. 

Everyday internet use can expose you to opportunistic fraudsters if you don’t take the necessary steps to protect yourself. 

Here are some simple tips to help keep your computer, mobile, and tablet secure. 

Keep your computer secure 

Ensure that you have active anti-virus software and that your software and apps are regularly updated. Updates and patches often fix security vulnerabilities. 

The P-word 

Make sure your home Wi-Fi is password-protected and use the password tips provided in our security section to make it strong. 

Log out when finished 

If you're using a computer that isn't yours, avoid ticking the 'Remember me' option, and always log out once you're done. 

Public Wi-Fi safety 

When connecting to public networks (like those in bars or cafés), ensure they are ones you trust. We recommend avoiding public Wi-Fi whenever possible, as these networks are often targeted by cybercriminals. If in doubt, it's safer to use mobile data instead of public Wi-Fi. 

Also, when logging into secure sites in public, make sure to check your surroundings to ensure no one is watching you.

Beware of suspicious links

While browsing the web, be cautious about clicking on links or pop-ups that seem suspicious. Fraudsters often use tactics such as offering prizes, creating urgency, or making threats to lure you into clicking malicious links. Typical messages might include: "You’ve won $2000! Click here to claim," "Your computer is under attack! Click here...," "Do this or your account will be restricted...," or "You’ve accessed illegal content, click here to avoid legal action..."

Choose your security questions wisely

When setting security information (such as answers to security or password recovery questions), be aware that any personal information you've shared on social media or other online platforms could be accessible to hackers and fraudsters. Choose questions that only you are likely to know the answer to whenever possible.

Check for authenticity

When visiting TorFX's website, always type the address directly into the browser or select it from a trusted search engine. Look out for these signs to confirm that the site is legitimate: 

• If you see invalid security certificates in your browser, this could be a sign that the site is untrustworthy. Our certificates are always valid. 

• Double-check the URL. Fraudsters often use subtle variations in spelling, characters, or punctuation to lead you to fake websites. We recommend navigating directly from the address bar or using a reputable search engine. 

• Ensure the URL begins with "https://" – this means the site and any links are secure. 

• Look for the locked padlock symbol in the address bar. This indicates that the data exchanged between you and the website is encrypted and secure. Some fraudsters may also use encryption, so always verify all signs of authenticity. 

Sending funds securely

When making an international payment, it’s essential to have full confidence in the legitimacy of the recipient. Verify the recipient's details and the reason for the transfer and never feel pressured to send funds if you're not entirely sure or comfortable with the payment. 

When you receive an email it’s important to verify that it’s from a legitimate source. 

We send several different types of emails to make sure you have access to all the information you need to plan your currency transfers at the right time, and there are points you can check to ensure the email you’ve received is from our team. 

Give any email you receive from us a proper scan before clicking any of the links within it. 

If there’s anything unusual about the communication or anything you would like to check, contact your account manager directly or email [email protected]. 

What should you look out for? 

• Branding/design – All our emails contain certain characteristics, like our logo and brand colours. 

• Alternative instructions – Receiving two emails in quick succession which provide alternative instructions – always get in touch with us if that happens. 

• Unusual requests – If you receive an unusual or unexpected communication always get in touch to confirm it’s legitimate. 

• Spelling and grammar – The occasional typo does happen, but an email from us should never be riddled with spelling or grammatical errors. 

• Tone – We aren’t pushy or threatening in our emails, and we’ll never try to scare you into acting quickly. 

• Email signature and address – Our sender’s email addresses end in ‘@torfx.com.au’. 

• Links take you to unexpected places – Our email links typically take you to our website, our online service or our app listings. If you aren’t sure where a link is going to take you and you’re using your computer, hover over it with your mouse and check the URL. If you aren’t confident in the link within the email type in the URL manually or go directly to the online service/app. 

• Attachments – Strange instructions to open attachments or download software could be a fraudster trying to sneak malware onto your device. 

• Unexpected prizes – If you receive a communication that claims you’ve won a completely unexpected prize don’t click any links in the email or reply to it directly. Contact your account manager or email [email protected] and we’ll let you know if it’s a genuine prize. 

• Check it before you click it – Don’t click on email links or attachments unless you’re completely confident that the email is from a trusted source. 

Receiving unsolicited phone calls and texts is something we’ve all had experience of, but some scam calls can sound very convincing. 

These simple steps can help protect you from fraudulent calls and texts. 

Before answering a call 

Fraudsters can make themselves appear genuine using legitimate caller IDs. 

Enter the number into a search engine to check whether it belongs to a real company/a company you’re comfortable talking to. 

If you think a call is from us but you aren’t sure, check the numbers listed on the contact section of our website. You can also add your account manager’s number to your address book, so you always know it’s them calling. 

After you’ve picked up 

When on a call never ever give out passwords or key security information, no matter who the person on the other end of the phone claims to be. 

Text messages

We will send you occasional texts under very specific circumstances, for example if you’ve set a rate alert or have requested a one-time PIN. If you receive a text message asking you to reply with a password, to call an unfamiliar number, or to click on a link, ignore it and contact your account manager by phone or email.

Tactics to prepare for

With any unsolicited calls or emails look out for these particular traits and tactics: 

• Creating panic – Warnings about suspicious behaviour or the implication that ‘an unknown device has accessed your account’. 

• Urgency – Never respond to pressure to make you do something quickly. 

• Language and attitude – The person you’re speaking to may appear helpful, friendly or professional, but this could be their attempt to make you feel that they’re credible and trustworthy. 

• Following up a text with a phone call – Fraudsters use this tactic to add credibility.

Our online service and app have a number of inbuilt features to protect your transactions. 

Online service and app 

• PIN entry – We’ll ask you to enter your PIN at crucial points in the transfer process (like adding a recipient or making a transfer). 

• Transactional emails – We’ll send you an email confirming any transactions you make, so you’ll have a record of the latest activity on your account. 

• Your activity – You can view your recent and historic activity within the app and our online service. 

• Devices – You can also check all the devices that have accessed your account. 

App only 

• Biometric authentication – Depending on the handset you own, you can secure your app with touch or face ID. 

Reporting fraud 

If you notice something suspicious or think you may have been a victim of fraud, please let us know as soon as possible by contacting us on 1800 507 480 or [email protected]. 

Protecting yourself from fraud 

We’re confident in the security systems we have in place but it’s vital that you stay vigilant too. 

Our Fraud FAQs provide lots of useful information about protecting yourself from fraud, while our Help with fraud section (below) has links to useful organisations. 

Remember, an offer being too good to be true, being asked to send money out of the blue or being put under time pressure can all be warning signs. Never send a payment if you have any concerns and contact us immediately if you do – we’re here to help. 

We can accept no responsibility for funds being sent to the wrong account based on the content of a fraudulent email, so always verify that any payment details sent or received by email are genuine, using a trusted source. 

Scams to watch out for 

The red flags and warning signs to look out for can differ depending on the reason for your payment. Below are some of the main things to be wary of. 

Payments to friends, family, or someone you’re in a relationship with 

Be particularly careful about sending money to someone you’ve never met in person, especially if you made contact via a dating app. Are they now asking for help with medical fees, housing or travel costs? Are they genuine? 

Also beware impersonation scams, where you’re asked to send money to a family member who’s in trouble. Always contact that relation independently to check that a fraudster hasn’t got hold of their phone or hacked their social media accounts. 

Making payment for goods or services 

Have you checked that the goods exist, and that the supplier is genuine? 

Be wary if you’re asked to pay a deposit or a big fee up-front as this could be an advance fee scam. Where possible, always check online reviews and get an invoice before paying anything. 

Have you met the supplier? Do they have a registered business address? Are the contact details given by the supplier vague (maybe just a PO Box and a mobile or premium number)? Always verify that the person or business you’re dealing with is legitimate before sending a payment. 

Paying estate agent or legal fees or some other bill 

Fraudsters can intercept payments and redirect money to their own accounts, often by sending out a false invoice or email featuring their own account details. Make sure that the account details you’re paying into are genuine and think about sending a small payment first to check that the money has gone to the right place. This type of fraud is a particular risk in the property and real estate sector. 

Funding an investment 

If an investment sounds too good to be true (high returns and low risk), it could turn out to be a scam. 

Be wary of dealing with any company that approaches you out of the blue and always check that the property or investment you’re buying exists. 

Is the broker willing to supply his/her copy ID? Does the company promoting the investment have a registered business address? Are the contact details vague (maybe just a PO Box and a mobile or premium number)? What do the online reviews say? 

Are you being put under pressure to buy? Always check the ASIC Register to see if there are any warnings about the individual or company you’re dealing with and look at Moneysmart’s Warning List. Seek advice from an ASIC-licensed firm before going ahead.

Where the company that has approached you is based outside of Australia, have you checked the local register to see if they are regulated in the country they claim to be in?

You can get additional help and advice on fraud from the following organisations: 

• Scamwatch 

• ReportCyber 

• Moneysmart - unlicensed companies 

• Australian Federal Police (AFP) 

Contact us as soon as possible on 1800 507 480 or [email protected]. 

You can also report fraud to the police via Cyber.gov.au using their online reporting tool or by calling 1300 CYBER1 (1300 292 371). 

You can also report fraud to the police or relevant anti-fraud authorities. 

These are some key actions you can take: 

1. Keep all your personal ID documents (passport etc.) locked away and secure. The details in these documents can be used to steal your identity. Be extremely careful about who you share your personal details with as they can be used to set up accounts in your name. 

2. Never share answers to security questions or passwords with anyone and don’t write them down. 

3. If you’re sending money to us or to anyone else, double-check the bank account details before making the payment. Do this by getting the details direct from a trusted source. You can access our bank details securely through our online service and app. Consider sending a small payment first to check that the money has gone to the correct account. 

4. If you’re buying property or making an investment, check the validity of the property or investment opportunity. Be wary of glossy brochures, celebrity endorsements and big promises. 

5. Visit the ScamWatch website and read their advice on protecting yourself from scams. 

The above isn’t a full list but it gives you an idea of the type of questions you should be asking. You’ll find more on this in our Scams to watch out for section under the 'Keeping yourself safe from fraud' tab above.

We’ve listed a range of red flags based on different transfer requirements in our Scams to watch out for section, under the 'Keeping yourself safe from fraud' tab above. It’s crucial that you take the time to check that your payment isn’t falling into the wrong hands.