Protect yourself from scams

Here at CommSec, we will never ask you to share your CommSec credentials with us. To avoid exposure to scams, it is important that you never share your CommSec credentials, such as your Client ID and password with anyone, including CommSec, third parties, trusted organisations or even family and friends.

CommSec is not liable for any losses resulting from the scams of third parties that have compromised your CommSec credentials.

Keeping your accounts safe is our priority. Whether you’re accessing it at work, at home or abroad, it’s important to make sure your personal information and devices are kept safe to avoid exposure to risk.

Here are a few simple steps we recommend to help keep your account secure.

Set up security features for your account

CommSec has additional security features that provide an extra level of safety to your account. These only take a few minutes to set up.

  • Verbal phone PIN 
    A 6-16 digit numerical pin that can be used to identify you when you call us 
  • Security questions & answers 
    These questions will be used to identify you if you forget your password, or whenever we need extra verification. 
  • Trading password 
    A trading password can add an extra level of security to your account. It can be used when placing orders via the CommSec website, CommSec Mobile app or CommSec IRESS. This password is different to your login password. 
  • SMS security 
    SMS-based two-factor authentication (2FA) and SMS one-time password (OTP) allows you to verify your identity with a code, sent to you via text message. 

How to register for additional security features

Log on to CommSec

Select Settings

Go to Security & Passwords section

Select the feature you want to enable

Verify your calls with CallerCheck

What is CallerCheck? 

CallerCheck allows you to confirm if a caller claiming to be from CommSec or CommBank is legitimate, by triggering a security message in your CommBank app.  

We also use CallerCheck to make sure we’re speaking with the right person when receiving and making calls, before we share any details about your account. 

It’s our preferred way of identifying you over the phone safely.  

Please note, CallerCheck is only available for CommSec customers that are CommBank app users. You'll need to have version 4.37 or newer of the CommBank app installed. This feature is not currently available in the CommSec mobile and CommSec Pocket apps.     

Find out more about CallerCheck.

Create strong, unique passwords

Password security

Your banking, social and email accounts contain important information that make up your digital identity. Here’s how to create strong passwords to help keep your information safe.

Creating a secure password

  • Use a mix of letters, numbers and symbols 
  • Use as many characters as you can - a longer password is harder to decipher 
  • Avoid anything that can be easily guessed such as your address or birthday, or common quotes and phrases 
  • Consider a passphrase: Similar to a password, but instead of creating a string of letters, numbers and symbols, use words that tell a story. For example: MyPetGo@tHa$@PhD. It tells a silly story that’s easy to remember, while increasing the unpredictability of your password and making it difficult to guess. 

Password security

  • Don't share your passwords with anyone  
  • Don’t write your passwords down anywhere 
  • Make them unique – reusing a password multiple times makes it less secure, as it only requires one breach to compromise all the accounts with the same password 
  • If you have many accounts, setting alphanumeric passwords for each can become a difficult exercise for your memory. In this instance, you may want to consider using passphrases instead 
  • Wherever available, enable multi-factor authentication, which adds an additional check to prove your identity. An example might be a code you must enter which is accessed via an authenticator app on your mobile device. 

SMS Security Codes

It's important to read all security code messages carefully. Only enter a security code if you'd like to authorise the activity. Never share your security code with anyone, including CommBank & CommSec.

Protect yourself from SMS and email scams

We will never send you an email or SMS asking for banking information like your CommSec Client ID, password, or NetCode; or include a link to login directly from the email or SMS. Always type into a browser or use the CommSec app to securely access your investing.

You can reduce your risk of being scammed by paying close attention to messages or emails that:

  • Aren't quite right. Scammers may use similar email addresses (e.g. or and copy the look and feel of official messages to trick you into thinking a message is legitimate.
  • Have spelling mistakes and incorrect grammar
  • Include an urgent call to action, such as asking you to unlock or verify an account, or log on and pay a traffic infringement notice. They might also contain malicious software (also known as malware) designed to infect your machine and steal data over time.

How to check if a message is legitimate:

  • When contacted by an unsolicited third party, it's better to be over-cautious. Contact the organisation directly using a phone number from their website (not the email or message) before you reply
  • Hover your mouse over a link to see the destination URL (web address), before clicking it. On a smartphone you can press and hold a link to inspect it. Carefully read these URLs, as they’re often created to look similar to legitimate addresses.

Safeguard your computer and mobile phone

Your computer gives you the ability to trade online, so we want to make sure you are aware of the actions you can take to protect your computer against viruses and malware.

You can protect your computer by:

  • Enabling automatic updates to ensure you always have the latest operating systems and software
  • Never downloading remote access software at the request of a third party
  • Always downloading software from a reputable source
  • Ensuring you have the right level of protection for your laptop and computers. Anti-virus software protects against viruses, spyware, malware, phishing attacks, spam attacks and other online cyber threats. Keep your anti-virus software up-to-date and check regularly that it still meets your needs.

We know that your mobile phone carries a lot of personal information, so we want to help you protect it against fraud and scams.

You can protect your device by:

  • Using a pin/password or biometrics
  • Keeping your operating system up to date
  • Using the latest version of the CommSec app
  • Disabling apps from any untrusted sources
  • Keeping hardware restrictions on your phone. Do not jailbreak (Apple) or root (Android) in order to install unapproved third party apps or features.
  • Not downloading remote access software at the request of a third party
  • Contacting us if your mobile service is suddenly disconnected or you’re notified of a change of provider without your permission.

Learn more about fraud and scams

Learn about the latest scams, how to spot them and what to do if you've been scammed.

Learn how to protect yourself from fraud.

We're here to help

If you have any questions or you think your CommSec account may have been compromised please call us.

In Australia: 13 15 19
From overseas:  +61 2 9115 1417
8am-6pm Sydney time, Monday to Friday


© Commonwealth Securities Limited ABN 60 067 254 399 AFSL 238814 (CommSec) is a wholly owned but non-guaranteed subsidiary of the Commonwealth Bank of Australia ABN 48 123 123 124 AFSL 234945. CommSec is a Market Participant of ASX Limited and Cboe Australia Pty Limited, a Clearing Participant of ASX Clear Pty Limited and a Settlement Participant of ASX Settlement Pty Limited.

The information on this page has been prepared without taking into account your objectives, financial situation or needs. For this reason, any individual should, before acting on this information, consider the appropriateness of the information, having regards to their objectives, financial situation or needs, and, if necessary, seek appropriate professional advice.

CommSec does not give any representation or warranty as to the accuracy, reliability or completeness of any content on this page, including any third party sourced data, nor does it accept liability for any errors or omissions.