Sometimes, we’re made aware of email, SMS and phone scams created by third parties claiming to be Pepperstone.
These scams are designed to look and sound like authentic Pepperstone communications (such as emails from our business or trading specialists) and often copy our design features. These communications are attempts to gain access to your personal or financial information. They’re not authentic Pepperstone communications and we haven’t authorised them.
We’ll never call you, or email or SMS you to ask for your account password or credit card/bank account details. We’ll always prompt you to login to your Pepperstone secure client area if we need you to update your funding details. We’ll never ask you to fund your account with bitcoin or any other crypto currency.
To find out more about scams and what to do if you see one, see our FAQs below.
If you’re concerned about the safety of your trading account or receive any suspicious messaging from Pepperstone please contact us. Please don’t reply to or engage with the sender.
Latest security alerts
15 September 2020 - Additional findings on cyber attack
Our ongoing forensic investigations regarding the cyber incident on 22 July (AEST) have revealed that the same criminals gained a second point of access to our client relationship management system, via an encrypted Pepperstone-managed machine.
This isn’t considered a separate cyber incident and is part of a sophisticated attack carried out by the same criminals. The criminals used both approaches to obtain a limited amount of personal information of additional account holders but steps have since been taken to prevent any similar incidents happening again.
Additional affected individuals have been notified and provided with recommendations to help ensure their ongoing security. We’ve continued to instigate important changes to our security systems, and will routinely conduct risk assessments and testing to protect our servers and solutions in accordance with industry best-practice.
Our clients can continue to have confidence in using our trading systems safely and securely.
5 August 2020 - Investigation into malware attack on 22 July (AEST)
Pepperstone discovered and contained a malware attack on one of our computer systems on 22 July (AEST). Our IT security team detected cybercriminal activity, which used malware to compromise a computer used by one of our external service providers in order to steal their user credentials. They used those credentials to gain access to our client relationship management system but before we stopped the attack, they were able to take the personal information (also known as personal data) of some of our account holders.
We have reason to believe that the information has been shared with third parties, who have since made unsolicited contact with Pepperstone account holders, in many cases claiming to be Pepperstone or alleging that Pepperstone’s business had closed (see below update on 21 July 2020). Importantly, the criminals were only able to access a limited subset of our account holder data via the client relationship management system. They weren’t able to access our trading environment or our financial systems, which are segregated from our client relationship management system. This means that the criminals didn’t gain access to any trading accounts, banking details, passwords or ID documents.
We immediately notified the individuals who were affected, providing them with this information and recommendations to help ensure their ongoing security. We’re extremely concerned that this incident happened and will continue to do everything we can to ensure it doesn’t happen again.
21 July 2020 - client details used for scam phone calls
We’re aware that Pepperstone clients have received phone calls from individuals either claiming to represent Pepperstone or advising that Pepperstone no longer exists and instructing clients to transfer funds out of their Pepperstone accounts. In some cases clients have also been asked to use a remote desktop viewer.
These phone calls are not from Pepperstone. If you receive a phone call like this, please hang up and call our listed company phone number or contact us via email/live chat to verify the communication and/or report your interaction. Please keep a note of what was said and what number the scammer used to contact you.
To find out more about scams and how to protect yourself visit
ACCC’s Scamwatch – www.scamwatch.gov.au
ACCC’s Little Black Book of Scams – www.accc.gov.au/publications/the-little-black-book-of-scams
ReportCyber – https://www.cyber.gov.au/acsc/report
Unwanted Communications – https://www.communications.gov.au/
Information Commissioner’s Office – https://ico.org.uk/make-a-complaint/nuisance-calls-and-messages/
Dubai Financial Services Authority –https://www.dfsa.ae/Your-Resources/DFSA-Alerts/How-to-avoid-being-scammed