5 Cybersecurity Tips for NDIS Participants to Stay Safe Online

As a National Disability Insurance Scheme (NDIS) participant, you may be in contact with multiple providers and organisations. It can seem like a tall order to stay cyber-savvy across all these various platforms, people and providers – especially when they all have their own way of doing things. But, much like keeping your door locked – it’s worth the extra security and peace of mind. 

Common types of threats to watch out for 

The same technology advancements that offer us so much digital convenience, have unfortunately allowed scammers to run more sophisticated schemes. In general, it’s good to be aware of the following: 

Phishing scams 

This is when criminals trick you into giving them personal information, by sending emails or SMS pretending to be from organisations you know and trust (like the NDIS, ATO, transport agencies). This can be a general send out, like a link saying you owe money to a government agency, or highly targeted to you as an individual. 

Data breaches 

This is when your data is released to unauthorised people by accident or as the result of a breach (or a hack). If you use the same password and email to log into all of your accounts, you are at a higher risk of someone gaining access to important things through breaches – for example if your social media account information was leaked, and you use the same info for your myGov. 

Dating and romance scams 

Cybercriminals can take advantage of you when you are trying to meet new people, either romantically or even just to expand your friend circle online.  

It is important to stay alert in forums and online support groups. It can be a great place to connect with people in similar situations, but like anything online, there is risk involved. It can be tricky to verify if someone is who they say they are online. Watch out for anyone asking for money, gifts, or your personal information. 

With all this risk, staying safe online can seem daunting – fortunately, there are some simple rules you can follow to keep yourself protected. 

Related: The Top 4 Dating Apps for People Living With Disability

5 Steps to stay protected while online 

1. Protect your personal information 

Keeping your private information – well, private, is an essential part of cybersecurity. Scammers can be very convincing, and fraudsters can be people close to us, so it’s best to keep things close to the chest. Practice good internet hygiene by:  

• Keeping your logins and security details secret. 
• Make sure you use different passwords across your various accounts – that way if one is compromised, they aren’t all at risk. If recovering your account involves a security question, try not to use the same one every time (e.g. your mother’s maiden name). 
• Wherever you can, look for options to set up two-factor authentication as another obstacle for people trying to access your accounts.

Avoid sharing your phone or other devices 

Many people’s phones, tablets and laptops have important passwords saved to the device for faster access. Some devices, like iPhones, even have a password chain for stored credentials; this means anyone who has your device and knows your passcode can look at any of your saved login details. 

If someone has access to your device, they have access to everything you’re logged into as well – including your email inbox, which is where verification requests or password reset prompts will land. Best to keep it to yourself! 

2. Always double-check before paying, providing sensitive details 

Scammers can send pretty convincing fake messages, including invoices, so it’s worth going over the details to make sure nothing is amiss before you pay or provide any sensitive information to scammers running a phishing scheme.  

If you end up paying a fraudulent invoice or charge before realising it’s a scam, contact your bank immediately to see if they can stop the transaction. 

Safety checks for unsolicited calls, messages or emails: 

• Check the email address or phone number. Low level scams and phishing scams will often have different contact info. 
• Check for tone or spelling mistakes. Even if the email address doesn’t raise any alarms, look out for clunky grammar, an odd layout, or spelling mistakes – this can be an indication of a less-than-official source. 
• Be wary of who might be calling. Government departments will not call, text email you unprompted to ask for sensitive information like bank accounts, or confirm logins to their own services. The safest action is to stop communications and call the agency or provider directly, to check if they were actually trying to contact you. 
• Don’t click any links. Many companies and agencies no longer use links in their email communications, particularly if they are a common target for scammers. If you’re not sure whether a link is legitimate, don’t click it – go straight to the agency website and login there to see if you have communications waiting. 

3. Check your consents 

You may provide consent to nominees or a carer to access your information, either with the NDIS or with other services (like your Plan Management portal). However, you should always check to make sure that you are aware of everyone on that list.  

Similarly, make sure your contact details are up to date and accurate so that any information coming from these accounts is sent to you directly.  

If you’re unsure who you have previously provided consent to with NDSP, you can contact us on 1800 63 63 77 (Monday to Friday, 8.30AM – 5.30PM ACT). 

4. Keep an eye on your budget 

You should be able to know what is happening with your NDIS funds, at any time of day. Working with a plan manager like NDSP can help you achieve this.  

Using our Nappa portal, you can check live information 24/7 about your budget, invoice tracking, and other aspects of your NDIS plan. We also provide you with a monthly budget update so you can see your balance and expenditure. 

We’re watching your budget too – and if we notice any discrepancies like duplications, we’ll flag them before they can become a bigger problem. 

5. Trust your instincts! 

Scammers targeting NDIS participants will often rely on fear or intimidation. They take advantage of many participants not being confident in the NDIS (as the system can be quite complex), and the fear of losing funding due to unresolved issues. 

If something doesn’t feel right, trust your gut instinct. It’s better to be overly cautious and double-check. Being vigilant now can save a lot of strife later on! 

What to do if you suspect fraudulent activity 

If you think someone is doing the wrong thing with NDIS funds, you should report it to the NDIS right away. This could be a provider, a participant or nominee, or even someone employed by the NDIA or its Partners in the Community. 

You should also contact the NDIS if you suspect someone is trying to scam you by pretending to be the NDIS, NDIA, or a support provider. You can call the NDIS Fraud Reporting and Scams Helpline on 1800 650 717, or email fraudreporting@ndis.gov.au. From there, the NDIS can take the appropriate action. 

What about other scams?

You can report other scams to www.scamwatch.gov.au – for example, someone trying to get your bank information or identity details. 

If you suspect there is fraudulent or unauthorised activity on any of your accounts – NDIS related or otherwise – you should change your passwords immediately and set up two-factor authentication where possible. 

What’s the difference between fraud and non-compliance? 

Fraud is a crime that requires intent. This is when people try to get benefits for themselves or for others, by being dishonest and not following NDIS rules. 

Fraud can happen on many different levels. Scams are a form of fraud, as someone is trying to unlawfully get and use your details for their own benefit. It’s not just distant online scammers either; fraud can happen closer to home. For example: 

• A family member or carer with consent to access your NDIS funding may misuse it for their own benefit. 
• A provider may overcharge or falsely charge you for services. 

These are both deliberate acts, and need to be reported as soon as they are noticed so the NDIS can take appropriate action. 

Non-compliance is when someone doesn’t follow the NDIS rules, but it may be unintentional. The NDIS definition of non-compliance covers errors, misuse of funds, conflicts of interests, and dishonest behaviour. 

You should always ask for help as soon as you realise something has gone wrong – it’s best to act as soon as possible! The best course of action is to contact both NDSP and the NDIA directly if you notice a non-compliance issue. 

What does the NDIS do about fraud? 

The NDIS takes misuse of funds very seriously. When an allegation is made, and if there is enough reason and evidence to proceed, the actions taken will depend on whether it is non-compliant behaviour or ‘criminal behaviour’ (fraud).  

If it is a case of non-compliance, the NDIS may:  

• Seek to reclaim the debt (the funds that were misused) 
• Conduct an audit 
• Provide more education and guidance to avoid future errors 
• Refer the matter to the NDIS Quality and Safeguard Commission 

However, if it’s a case of fraud, the perpetrators will be investigated further and prosecuted as this is criminal behaviour. The NDIS may also take civil actions to recover money lost. 

How plan management helps avoid non-compliance 

If you are self-managing your plan, it can be difficult to keep track of everything – and everyone who has access to your information.  

Plan management is an alternative where you can collaborate with an NDIS-registered plan management provider (like NDSP), to take the financial administration of your plan off your plate.  

With a plan manager, you have an added layer of checks that any invoices must go through before they are sent to the NDIA. This will make sure any invoices are: 

• Claimed from the correct category, in line with your current NDIS plan 
• Claimed from funding that is actually available (i.e. not already spent on previous supports) 

NDSP runs our own internal processes before submitting invoices to the NDIS. This allows us to catch any potential issues early and work with you (or your provider, if it is their error) to quickly find a solution. 

Our expert team can also advise you why an invoice would not be suitable for submission – such as if you had engaged supports outside of what is covered by your plan – and what actions are available for your next move. 

Related: Why NDSP Won’t Process Some Invoices and How We Guide You Towards Approval 

NDSP: Taking your online safety seriously 

Did you know that 81% of all hacks are related to password breaches? We designed our client portal, Nappa, to be passwordless – taking the main issue out of the equation entirely. 

When you log in to Nappa, you enter the email associated with your NDSP account. Then, instead of a password, you will receive a one-time login code by SMS or email.  

It’s pretty convenient if you ask us… No need to remember another password! 

Related: How Our Mobile-Friendly Portal Empowers You to Manage Your NDIS Plan Effortlessly 

Using Nappa, you can see exactly what is happening, as it happens. Plus it’s mobile-friendly and responsive; you can use our portal seamlessly on any mobile device, whether you prefer Android or iOS. 

If you’re looking for help with managing your NDIS plan, why not contact us today. Our friendly team can answer any questions you have about the NDIS, how NDSP works, or about whether plan management is the right option for you.