Online Safety & Security Tips Australia | MATE

Internet & Mobile Security Blog | MATE | 21 June 2026

TL;DR — Quick Takeaways

• A passphrase (four random words strung together) is easier to remember and harder to crack than a complex short password.
• Use a different password for every account — a password manager makes this practical, not painful.
• Turn on multi-factor authentication (MFA) on every account that offers it, especially email and banking.
• Scammers now use AI to make phishing emails and calls sound convincingly real — slow down before you click or respond.
• Public Wi-Fi is unsafe for anything sensitive — use mobile data or a VPN instead.
• Keep devices and apps updated — most successful hacks exploit software that hasn’t been patched.
• If you’re targeted by a scam, report it to Scamwatch and your bank immediately.

Why Online Safety Matters More Now Than It Did Five Years Ago

The average Australian household manages somewhere between 50 and 100 online accounts — streaming services, banking, government portals, shopping sites, email. Each one is a potential entry point.

Scammers have also gotten significantly more sophisticated. AI-generated voice calls can now convincingly impersonate your bank. Phishing emails are grammatically correct and visually indistinguishable from the real thing. Fake parcel delivery texts arrive moments after you’ve actually ordered something online.

The good news: the fundamentals of staying safe haven’t changed. Strong passwords, MFA, software updates, and a healthy dose of scepticism will protect you from the vast majority of threats. The rest of this guide walks through each of them practically.

1. Use a Passphrase Instead of a Password

The standard advice — use a mix of uppercase, lowercase, numbers, and symbols — produces passwords that are hard for humans to remember and often not as secure as they look. A short complex password like T!g3r$ is much easier for a computer to crack than a long passphrase like purple-kettle-rain-seventeen.

The Australian Cyber Security Centre recommends passphrases: four or more random words strung together. They’re long enough to be genuinely difficult to brute-force, and easy enough to actually remember.

A few rules regardless of which approach you use:

• Never use the same password across multiple accounts.
• Never base passwords on personal details — birthdays, pet names, street addresses.
• Never share a password with anyone, including people claiming to be from tech support or your ISP.

2. Use a Password Manager

If “use a different password for every account” sounds impossible to maintain, a password manager is the answer. It’s software that generates and stores strong, unique passwords for every site you use — and auto-fills them when you log in.

You only need to remember one master password to unlock the manager itself. Everything else is handled for you.

Well-regarded options include Bitwarden (free), 1Password, and the built-in password managers in Apple devices and Google Chrome. Any of these is dramatically safer than reusing passwords or keeping them in a notes app.

One important rule: make your master password — the one that unlocks the manager — genuinely strong. A long passphrase works well here.

3. Turn On Multi-Factor Authentication

Multi-factor authentication (MFA) — sometimes called two-factor authentication or 2FA — adds a second check after your password. Typically it’s a code sent to your phone, or generated by an authenticator app.

Even if someone gets hold of your password, they can’t get into your account without also having your phone. That alone stops the vast majority of account takeover attempts.

Turn it on for, at minimum:

• Email accounts (your email is the master key — reset links for everything else go there)
• Online banking and financial services
• myGov and government portals
• Social media accounts
• Your password manager

Authenticator apps (like Google Authenticator or Microsoft Authenticator) are more secure than SMS codes, because SIM-swapping attacks can intercept texts. But SMS MFA is still far better than no MFA at all.

4. Spot Scams Before They Get You

Scams cost Australians over $2.7 billion in 2023, and the numbers have only grown since. The most common types targeting Australians right now:

Phishing emails and texts

A message that appears to be from your bank, Australia Post, myGov, or the ATO — asking you to click a link and verify your details. The link goes to a fake site that looks identical to the real one. Red flags: urgency (“your account will be suspended”), unexpected requests, links that don’t quite match the real domain.

Phone and voice scams

Callers claiming to be from the NBN, your internet provider, the ATO, or the police. Some now use AI-generated voices. If you’re not expecting the call, hang up and call the organisation back on a number from their official website — not the number the caller gives you.

Investment scams

Offers of high-return investments, crypto opportunities, or managed funds — often initiated through social media ads or unsolicited contact. If the return sounds too good to be true, it is. Check any investment platform at ASIC’s MoneySmart before engaging.

Romance scams

Fake profiles on dating sites or social media that build trust over weeks or months before eventually asking for money — typically framed as an emergency, medical expense, or investment opportunity.

What to do if something feels off

Don’t click, don’t call back on a number they gave you, and don’t transfer any money. Contact the organisation directly using contact details from their official website. Report scams to Scamwatch — it helps warn other Australians.

5. Keep Your Software Updated

This one gets skipped constantly and it’s responsible for a huge proportion of successful attacks. Software updates — for your operating system, browser, apps, and router firmware — almost always include security patches fixing known vulnerabilities.

When you delay an update, you’re knowingly leaving a door open that the developer has already built a lock for.

Turn on automatic updates where you can:

• iPhone/iPad: Settings → General → Software Update → Automatic Updates
• Android: Settings → Software Update → Auto Download and Install
• Windows: Settings → Windows Update → Advanced Options → Automatic
• Mac: System Settings → General → Software Update → Automatic Updates
• Router: Check your router’s admin panel — many now update automatically, but it’s worth confirming.

6. Be Careful on Public Wi-Fi

Public Wi-Fi — in cafes, airports, hotels, shopping centres — is generally unsecured. Anyone on the same network can potentially intercept unencrypted data. That’s low risk for casual browsing, but high risk for online banking, logging into accounts, or entering payment details.

Two safer options:

• Use your mobile data instead. Your phone’s 4G or 5G connection is encrypted by default.
• Use a VPN. A virtual private network encrypts your internet traffic before it leaves your device, making it unreadable to anyone on the same network. Reputable paid VPNs include NordVPN, ExpressVPN, and Mullvad. Free VPNs vary significantly in quality and trustworthiness — check reviews carefully.

7. Install Security Software and Keep It Updated

A good security suite protects against malware, ransomware, and phishing sites — catching threats your own judgement might miss. Windows 11 includes Microsoft Defender built in, which is genuinely solid for most users. macOS has built-in protections too, though supplementing with a third-party tool adds an extra layer.

On mobile, stick to downloading apps from the official App Store or Google Play. Sideloaded apps from unknown sources are a significant malware risk.

8. Lock Down Your Social Media Privacy Settings

Default privacy settings on most platforms are permissive — often more public than you’d want. Take 20 minutes to review what’s visible to strangers on each platform you use.

Key things to check:

• Who can see your posts (friends vs. public)
• Whether your profile photo, location, workplace, or phone number are publicly visible
• Which third-party apps have access to your account — revoke any you don’t recognise or no longer use
• Whether location tagging is enabled on photos

Oversharing on social media also makes you an easier target for social engineering — scammers use publicly available personal details to make their approaches more convincing.

9. Secure Your Home Network

Your home Wi-Fi router is the gateway for every connected device in the house — phones, laptops, smart TVs, security cameras. A poorly secured router is an open door.

• Change the default admin password. Every router ships with a default login (usually something like admin/admin). Change it immediately.
• Use WPA3 or WPA2 encryption. Check your router’s wireless settings — WEP is outdated and insecure.
• Set a strong Wi-Fi password. Don’t use your address or phone number.
• Create a guest network for visitors. Keeps their devices separate from yours.
• Update your router firmware. Many routers have an auto-update option in the admin panel.

10. Know What to Do If Something Goes Wrong

Even with good habits, things can go wrong. Here’s what to do:

If you’ve been scammed: Contact your bank immediately — they may be able to reverse a transfer. Report to Scamwatch and, if your identity details were involved, to IDCARE (Australia’s national identity support service).

If an account is compromised: Change the password immediately, revoke any active sessions, check for email forwarding rules that might have been set up by an attacker, and enable MFA if it wasn’t already on.

If your device is infected with malware: Disconnect from the internet, run a full security scan, and if you can’t resolve it, contact a reputable local IT support service. Don’t enter any passwords or payment details until it’s clean.

If you’ve received a suspicious message pretending to be from MATE: Don’t click anything. Forward it to us at [email protected] and we’ll confirm whether it’s genuine.

Free Resources Worth Bookmarking

One more thing – a reliable connection matters

Security software, updates, and MFA codes all depend on a connection that actually works. If your home internet is unreliable, important updates get skipped and security software falls behind. MATE’s NBN plans come with unlimited data, no lock-in contracts, and Australian-based support — so if something goes wrong, you’re talking to someone local. And for mobile, MATE’s mobile plans use the Telstra Wholesale Mobile Network, covering more than 98.8% of the Australian population.

Frequently Asked Questions