Fraud prevention measures at AGL

Keeping your account secure

We’re committed to safeguarding our customers against fraud and keeping your personal information safe and secure.  

That’s why we use two-factor authentication (2FA) measures to verify your identity and help prevent unauthorised access to your account. 

Using 2FA means that when we interact with you we can be sure that we’re speaking to the account holder, or an authorised representative, and not a scammer trying to access your personal information or payment details.

We also use the latest technology to protect your account if your login details have been exposed in a data breach.

Two-factor authentication

2FA provides better protection because you need more than just a username and password to access your account. It adds an extra layer of security by asking you to confirm two different types of information. This can include something that you know, such as a password, and something that you have, like a code to your mobile phone. 

Step 1: When you log in to your account, or get in touch with us, you’ll be asked to provide something that only you know, like your username or account information.

Step 2: The 2FA part of the verification process means we’ll also verify your identity by sending a message to your registered mobile number or email address. This message contains a unique one-time code which you’ll be asked to provide to us. When your code is verified as a match, your identity has been confirmed.

Energy customers

If you’ve set up 2FA on your AGL energy account, you’ll need to use it when you log in. But to keep your account secure, we may ask you to use 2FA even if you haven’t set it up. For example, if you try to access your account on a new device, we’ll send you an SMS or email with a unique one-time code for verification.

Internet and mobile customers

2FA is enabled automatically on your AGL mobile or nbn® account, and you can’t modify your 2FA settings. If you’re logging in for the first time and don't have a password set up, we’ll ask you to create one.  

Setting up two-factor authentication (2FA)

  1. Log in to My Account with your registered email address. If you do not have a password set for your account, you will be prompted to set one up.
  2. If you have multiple properties, select a property to continue. Note: 2FA is set up on your login account and will apply to all properties linked to your account.
  3. Select your name in the top right corner, then 'Profile'.
  4. Go to the 'Personal Details' tab, find 'Two-factor authentication', then select 'Edit'.
  5. Confirm your email address and mobile number and then enable 2FA.
  1. Open the app and select the ‘Account’ tab.
  2. Select ‘Settings', then 'Login details’, then log in to your account.
  3. If you have multiple properties, select a property to continue. Note: 2FA is set up on your login account and will apply to all properties linked to your account.
  4. Scroll down to ‘Set Up Two-Factor Authentication’ and select it to continue.
  5. Confirm your email address and mobile number, then enable 2FA.

After enabling 2FA, a message with a one-time code will be sent to your registered mobile number or email address each time you log in. You’ll need this code, your username and password to log in. If you would prefer the one-time code to be sent to your email when logging in, choose ‘Try another method’. 

Data breaches

A data breach is when a website, app or service that normally keeps your private details secure has these details exposed or stolen.

If your login details are found in a data breach then there’s a risk someone could use them to log into your account. And if you use the same login details for other online accounts, they'll be at risk too.

We continually check the latest breach data from around the world, including recent breaches that aren’t yet widely known about. If we find your login details in breach data, you’ll need to change your password before logging in.

For example, let’s say you used the same email and password for your AGL account and an online shopping account. If your shopping account has a data breach and your login details are made public, then someone could use those details to also access your AGL account. In this case, we’d require you to reset your AGL password as a precaution.

To change your password you need access to your email account. If you don’t have access, contact us for help.

Note that while we can detect when your details have been found in breach data, we can’t tell which website, app or service is the source of the breach.

You might not be able to avoid data breaches, but here are some ways you can reduce their impact.

  • Use a different password for each of your online accounts.

  • Change your password as soon as you’re aware of a data breach that might affect you.

  • Visit the Australian Cyber Security Centre to find out what to do if your data has been breached.

Has your contact information changed recently?

It’s important we have the correct contact details for you, so that we can enable 2FA and better protect your account. You can update your contact details in My Account or the AGL app.

Update your mobile

Once you’ve updated your mobile number, your 2FA one-time code will be sent to your new mobile number each time you log in.

  1. In the AGL app 'Account' tab, select 'Settings' then ‘Contact details’
  2. Enter your new mobile number and select 'Update contact details'
  3. This will update your mobile number automatically. Your 2FA one-time code will be sent to your new mobile number each time you log in
  1. In My Account, select your name in the top right corner, then 'Profile'
  2. Go to ‘Contact Details’, find 'Mobile' then select 'Edit'
  3. Enter your new mobile number and select 'Update contact details'
  4. This will update your mobile number automatically. Your 2FA one-time code will be sent to your new mobile number each time you log in

Update your contact email address

  1. In the AGL app 'Account' tab, select 'Settings' then ‘Contact details’
  2. Enter your new email address and select 'Update contact details'
  3. This will update your contact email address automatically
  1. In My Account, select your name in the top right corner, then 'Profile'
  2. Go to ‘Contact Details’, find 'Email' then select 'Edit'
  3. Enter your new contact email address and select 'Update contact details'
  4. This will update your contact email address automatically

 

Prefer to update your contact details over the phone? Internet and mobile customers can contact us on 131 245 (8am – 6pm, Mon-Fri), and energy customers can call 131 245 anytime.

Update your password

Keep your account and personal information safe by regularly changing your password. Learn more about creating a secure password.

Error message when updating details

You could get an error message when you try to:

  • update your contact email address
  • verify your mobile number
  • create a password.

If this happens, make a note of the specific error message and get in touch with us.

What to do if you suspect fraud

If you suspect fraudulent activity on your AGL account you must:

  • Contact us immediately to report your concerns. Internet and mobile customers can contact us on 131 245 (8am – 6pm, Mon-Fri), and energy customers can call anytime. 

  • Immediately report these suspicions of fraud on your account to your bank or financial services provider.  

  • Report the fraud to your local or territory police station.

 

Useful links

For more information on how to protect yourself against fraud check out these sites: 


Need support?

Internet and mobile customers

We're here Monday – Friday 8am-6pm AEST/AEDT only, closed weekends.

Opening hours may differ on public holidays.

Call 131 245
Energy customers

We’re here to help anytime.

Call 131 245
Chat

Chat with us online. We’re here anytime.

More ways to get support

For interpreter services and services for hearing and impaired and overseas customers, visit Contact Us. Please note overseas customers are only able to message us or use chat for assistance.