Superannuation funds risk losing their member's details to identity thieves if they don't protect their systems, internet security firm Pure Hacking said today.
Ty Miller, chief technology officer of the ethical hacking security and testing firm, said most fraud comes from within a business's own organisation.
Miller said it was too easy to break into systems.
"We do internal penetration tests," he said.
"We plug into the network port. It usually takes five days for us to break into wherever we want in the whole organisation."
Miller warned that criminals have in the past tried to set up bank accounts with false identities, then attempted to roll over super funds with stolen member details.
Miller's warning comes in the wake of anti-virus software provider AVG Technologies' first quarter threat report which found malicious FaceBook campaigns had tripled over the past year.
Miller said FaceBook attacks would become more serious as financial transactions such as groupon purchases took off on the social networking medium.
AVG also reported hackers were getting into smart phones and mobile devices during the first quarter. The shield provider blocked an average of 100,000 spam and phishing messages per day.
A Latvian gang was also able to bring 600 attack servers online for a couple of weeks in a co-ordinated blackhole attack that brought the number of hits from a few hundred per day to 800,000.