Stay ahead of scams targeting your business
In today’s fast-paced digital world, scams are becoming increasingly sophisticated. As Africa’s trusted growth partner for businesses, we are here to help you identify and protect against common threats such as phishing, online fraud and cyberattacks.
Why businesses trust us
160+ years of expertise
As Africa’s trusted growth partner, we’ve supported businesses through evolving challenges
Proven security measures
Advanced fraud detection tools and cybersecurity protocols to safeguard your business
Dedicated support
Access a team of fraud specialists who are available 24/7 to assist you
Client success stories
Thousands of businesses protected from scams through our tailored solutions
Scams and fraud information
-
Schemes and scams
-
Digital scams
-
Cyber attacks
-
Mobile scams
-
Spoofing
Change of banking details scam
This scam happens when someone pretends to be one of your suppliers and tells you their banking details have changed. If you update the details, your next payment could go straight to the fraudster instead of your real supplier.
How it works
You receive an email, letter or fax claiming to be from a trusted supplier
The message informs you of a change in bank account details and asks you to update your records
These ‘new’ banking details are fraudulent
Payments you make are sent to the scammer’s account instead of your supplier’s
How to identify it
The request doesn’t come from your usual contact at the supplier
The communication uses unofficial channels or unfamiliar email addresses
Fraudsters may spoof email addresses to make them appear legitimate
What you can do
Always verify banking details directly with your supplier using trusted contact information before making any changes
Use our change of details scam detection tools such as account verification services (AVS) to confirm account authenticity
Educate your staff about bank account fraud and ensure they know how to verify banking details securely
Key takeaway
Double-checking requests for banking detail changes can save your business from financial loss. Be vigilant and confirm all updates through official channels.
Fake invoices scam
This scam targets businesses by sending fake invoices that look like they’re from your genuine suppliers. These invoices include fraudulent banking details, tricking you into paying the scammer instead of your supplier.
How it works
Fraudsters create fake invoices that closely resemble those from your real suppliers
They send these invoices to your business, often including urgent payment requests
If you don’t verify the details, you could unknowingly pay the scammer
How to identify it
The invoice looks slightly different from your usual ones (e.g. layout, logo or payment terms)
The bank account details differ from what you have on record
You feel pressured to make an urgent payment without proper verification
What you can do
Cross-check all invoices against your records before processing payments
Call your supplier using verified contact details to confirm invoice authenticity
Stay informed about avoiding fake banking detail requests by reviewing internal payment processes regularly
Key takeaway
Fraudulent invoices can be highly convincing. Taking time to verify every invoice can prevent costly mistakes.
Deposit and refund scam
This scam happens when fraudsters trick businesses into sending goods or issuing refunds using fake or altered payment proof. They often claim you were overpaid or that a payment was made by mistake, trying to get you to act quickly.
How it works
Fraudsters place an order with your business and send a fake proof of payment, often via EFT
The payment amount is incorrect, but they amend the proof of payment to reflect the full amount
After receiving the goods, they cancel the order and request an urgent refund
Alternatively, they claim to have ‘mistakenly’ deposited funds into your account and ask for an immediate refund
How to identify it
You’re asked to urgently refund money for a cancelled order or supposed error
Proof of payment is sent, but the funds don’t reflect in your account
The person requesting the refund is untraceable or unreachable after the transaction
What you can do
Never issue refunds until you’ve confirmed with your bank that the payment has cleared
Be cautious of anyone pressuring you for immediate action
Know what to do if banking details changed fraudulently: contact Standard Bank immediately to report the incident and seek guidance
Key takeaway
Scammers rely on urgency to bypass your usual checks. Always verify payments before acting to safeguard your business.
Vendor fraud
This scam, also known as an online goods scam, happens when fraudsters use online platforms to trick people into paying for goods or services that are never delivered. These scams often target shoppers on popular websites or social media.
How it works
Fraudsters advertise goods or services on legitimate-looking websites or platforms
You contact the seller and agree on a price and delivery method
The fraudster asks for upfront payment, providing you with a bank account number or digital wallet details
Once you make the payment, the goods are never delivered, and the fraudster blocks all communication
How to identify it
You’re asked to pay upfront for goods you haven’t seen in person
The seller avoids letting you view the goods or pressures you to make immediate payment
The seller claims the goods are in another location and will only be delivered after payment
The website or platform seems suspicious: check for poor design, lack of reviews or unverified sellers
What you can do
Be cautious when making purchases from unfamiliar websites or sellers
Use tools such as our escrow service to ensure safe transactions with legitimate online sellers
Learn how to spot an online shopping scam by reviewing our tips for recognising fake online stores
If you suspect fraud, act quickly by reporting online purchase scams to the relevant authorities or your bank
Key takeaway
Protect yourself by verifying sellers before making payments. Staying alert can help you avoid falling victim to vendor fraud or other online scams.
Vehicle purchase scam
Fraudsters often place fake online advertisements for vehicles at discounted prices to lure buyers. These ads include convincing photos and emotional stories to pressure buyers into making urgent payments. Unfortunately, once payment is made, the scammer disappears, and the money is lost.
How it works
A fraudster advertises a vehicle online at an unusually low price
When you contact the seller, they provide additional photos and a compelling reason for the discount (e.g. financial hardship or needing to sell quickly)
The fraudster pressures you to make a deposit or full payment to secure the vehicle
After payment, the fraudster vanishes, and the vehicle does not exist
How to identify it
The price seems too good to be true compared to similar vehicles
The seller creates urgency, claiming there are multiple interested buyers
You’re unable to view the vehicle in person before making payment
The seller avoids providing official documentation, such as proof of ownership
What you can do
Follow a legitimate online seller’s checklist: verify the seller’s identity, request vehicle documentation and inspect the car in person before making any payments
Use our escrow service to safeguard your funds until the vehicle is delivered as promised
Be wary of sellers who refuse to meet in person or insist on upfront payments
Key takeaway
Always verify the legitimacy of the seller and the vehicle before making any payments. Using trusted platforms and following a legitimate online seller’s checklist can help protect you from vehicle purchase scams.
Phishing scam
Phishing is when fraudsters send you unsolicited emails in which they claim to be from a reliable organisation, like a bank or an email service provider.
How it works
- You receive an email request to update or confirm your details by clicking on a link or an icon, or to open an attachment
- This results in malware (malicious software) being deployed on your device
- It can also compromise your personal or digital banking credentials
How to identify it
- There’s usually a sense of urgency in the email, followed by a threat (like the suspension of your bank account)
- You need to respond quickly, not giving you time to think things through or ask someone for advice
- The email says you have been a victim of fraud, or due to receive funds, and you need to sign into your accounts by clicking on a the link to report the incident and cancel your bank card, or give permission to accept the sum of money
- You’re asked to supply your personal and account details via a hyperlink, attachment or icon, provided in the email
What you can do
If you receive a suspicious email containing links, report it as follows:
- Save the suspicious email. Be careful not to click on any link or icon in the suspicious email when you do this.
- Open your own new email.
- Add the suspicious email as an attachment to your new email.
- Send your email with the suspicious email attached to it to [email protected]
Smishing
Smishing is a type of SMS scam where fraudsters pose as legitimate organisations to trick you into sharing sensitive information. With so much of our banking done on smartphones, smishing scams can lead to significant financial loss.
How it works
You receive an SMS that appears to be from a trusted organisation, such as your bank
The message contains a link or a toll-free number, prompting you to verify your details
Calling the number or clicking the link may expose your personal information or install malware on your phone
How to identify it
The SMS asks you to update or confirm personal details such as your account number, PIN or password
There’s a sense of urgency, often with threats of account suspension
The message directs you to call a toll-free number or click on a link
What you can do
Avoid clicking on links or replying to unsolicited SMSs; delete them immediately
Create strong, unique passwords and change them regularly
If you suspect your device has been compromised, contact your bank immediately
Report suspicious SMSs by taking a screenshot (including the sender's number) and emailing it to [email protected]
Key takeaway
Never share personal or banking details via SMS. If you receive a suspicious message, delete it immediately and report it to [email protected]
Vishing
Vishing scams involve fraudsters pretending to be your bank over the phone to steal sensitive information. An OTP vishing scam specifically targets your one-time PINs (OTP), which are critical for securing online transactions.
How it works
A fraudster calls, claiming to be from your bank or a rewards programme such as UCount Rewards
They ask for your card details and OTP, claiming it’s to transfer rewards or to stop fraudulent activity
In some cases, you may receive an SMS before the call, creating a false sense of legitimacy
How to identify it
The caller creates urgency, claiming your account is at risk
You’re asked to provide sensitive details such as your account number, PIN or OTP over the phone
They may even suggest calling back to verify their authenticity, but the call is intercepted
What you can do
Understand what vishing fraud is: your bank will never ask for your OTP, PIN or passwords over the phone
Hang up immediately if someone requests this information
Contact your bank directly using the official customer service number to report the incident
Key takeaway
Your bank will never request your OTP or PIN over the phone. Hang up immediately if someone asks for this information and contact your bank directly using official channels.
SAPS/SIU imitation
Vishing fraud is closely related to imitation scams, where fraudsters pretend to be officials from law enforcement agencies such as the South African Police Service (SAPS) or Special Investigating Unit (SIU). They aim to gain your trust to steal sensitive information.
How it works
Fraudsters call or email, claiming to be from SAPS or SIU, saying you’re under investigation
They demand payment or personal details to ‘resolve’ the matter
Often, they use intimidating language to pressure you into agreeing
How to identify it
You’re contacted unexpectedly and told that you are part of an investigation
The communication uses official-sounding language but comes from unofficial channels
You’re asked to make payments or disclose sensitive information urgently
What you can do
Verify any claims by contacting the relevant agency directly through official numbers
Do not share personal or banking details over the phone or email
Be cautious of anyone demanding immediate payment or sensitive information
Key takeaway
Be cautious of unexpected calls or emails claiming to be from law enforcement. Verify any claims directly with the relevant agency using official contact details.
Remote access takeover
Fraudsters use remote access scams, otherwise known as ransomware scams, to trick you into downloading software that allows them to take control of your computer. Once they gain access, they can install ransomware (malicious software that locks your files) until a ransom is paid.
How it works
You receive a call from someone claiming to be from your bank or a tech support team
They offer to help with software updates or to stop fraudulent activity on your account
You’re asked to download and install remote access software, giving them control of your device
Once installed, they lock your files using ransomware or steal sensitive information
Fraudsters may ask for your one-time PIN (OTP), pretending it’s needed to complete an installation process
How to identify it
The caller creates urgency, warning of immediate threats such as viruses or fraud
You’re instructed to download ‘protective’ software and sign in to your online banking profile
Your screen may go blank during the process while the fraudster accesses your information
You start receiving OTPs for transactions you didn’t authorise
What you can do
Never allow anyone to remotely access your computer unless you initiated the request with a trusted service provider
Be cautious of unsolicited calls offering tech support or security updates
If you suspect a ransomware attack, disconnect your device from the internet immediately and contact your bank
Report suspicious incidents to your bank's fraud hotline to prevent further damage
Key takeaway
Never allow unsolicited remote access to your computer. Disconnect from the internet immediately if you suspect ransomware and contact your bank for assistance.
Keylogger scam
Keylogger scams involve malicious software designed to record every keystroke you make on your computer. This allows fraudsters to steal personal information, such as login credentials, passwords and PINs, without your knowledge.
How it works
Keyloggers are often hidden in email attachments, hyperlinks or rogue apps
Once installed, the keylogger records everything you type, including usernames and passwords
Fraudsters retrieve this data to access your online banking, email or social media accounts
Public computers, such as those in internet cafés, are particularly vulnerable to keylogger malware
How to identify it
Unexpected changes to your computer’s performance or settings could indicate malware
You notice unusual activity on your accounts, such as unauthorised logins or transactions
Unfamiliar apps or programs appear on your device
Suspicious emails or links ask you to download attachments or visit unknown websites
What you can do
Learn how to detect keylogger malware: regularly check your device for unfamiliar software or suspicious activity
Avoid clicking on links or downloading attachments from unknown sources
Use trusted antivirus software to scan for and remove malware
Never enter sensitive information on public or shared computers
Key takeaway
Regularly scan your devices for malware and avoid downloading attachments or clicking on links from unknown sources. Protect your accounts with strong passwords and 2-factor authentication.
Email hacking
Email hacking is when fraudsters gain unauthorised access to your email account. Once inside, they exploit your contacts and communication history to defraud others or steal sensitive information.
How it works
Fraudsters hack your email account using malware or stolen credentials
They access your emails and contact list, sending messages that appear to come from you
Posing as you, they ask your friends, family or business partners for money or updated banking details
They may also redirect incoming emails to conceal their activities
How to identify it
You notice missing or unexpected emails in your inbox
Friends or colleagues report receiving strange or urgent requests from your email address
Your password has been changed without your knowledge
Emails appear in your sent folder that you didn’t write
What you can do
Protect yourself from email hacking by enabling 2-factor authentication and using strong, unique passwords
Regularly monitor your email account for suspicious activity
If you suspect your email has been hacked, change your password immediately and notify your contacts
Avoid opening emails or attachments from unknown senders as these may contain malware
Key takeaway
Enable 2-factor authentication and use strong, unique passwords to secure your email account. Monitor for unusual activity and act quickly if you suspect hacking.
Stolen phone scam
If your phone is stolen, fraudsters can use it to access sensitive business and banking information. With smartphones often storing login credentials and payment details, it’s critical to act fast to prevent smishing attacks or unauthorised access.
How it works
Fraudsters steal your mobile device, gaining access to apps and stored banking information
They may exploit your saved passwords or SMS notifications to log in to your accounts
Using smishing tactics, they could send fraudulent texts from your phone to others, tricking them into sharing personal information
How to identify it
You notice unusual activity on your accounts, such as unauthorised transactions
Friends or colleagues report receiving suspicious messages from your number
Your stolen phone continues to receive SMS notifications, giving fraudsters access to one-time PINs and other sensitive data
What you can do
Immediately de-link your stolen device from your digital banking profile using your bank’s app or website
Contact Standard Bank to report the stolen device and block access to your accounts
Avoid storing sensitive banking information on your smartphone to minimise risks
Stay alert to smishing attempts: never click on links in unsolicited texts, even if they appear to come from trusted sources
Key takeaway
Immediately de-link stolen devices from your digital banking profile and notify your bank. Avoid storing sensitive banking information on your smartphone.
eSIM scam
An eSIM swap scam occurs when fraudsters illegally transfer your cellphone number onto another device’s eSIM profile. This gives them access to your calls and SMS notifications, including one-time PINs (OTPs), which are then used to commit fraud.
How it works
Fraudsters request or activate a new eSIM using your cellphone number.
Once successful, your mobile service is disconnected, and all calls and SMSs (including OTPs) are routed to the fraudsters’ device.
Using intercepted OTPs, they gain access to your online banking or other secure accounts.
Criminals may also send fake messages that appear to be from your bank to trick you into revealing additional personal information.
How to identify it
You suddenly lose mobile network signal on your device.
Calls and SMSs, especially OTPs, stop coming through.
You receive notifications from your network provider about an eSIM change you didn’t request.
What you can do
If you suspect an eSIM swap scam, contact your mobile service provider immediately to block the fraudulent eSIM.
Notify Standard Bank immediately on 0800 020 600 to secure your accounts.
Be cautious of any unexpected messages or links claiming to be from your bank.
Regularly review your bank and mobile notifications for any unauthorised activity.
Key takeaway
Act fast if you lose signal unexpectedly or suspect an unauthorised eSIM activation. Contact your service provider and bank immediately to protect your accounts from fraud.
Number porting scam
Number porting scams occur when fraudsters transfer your cellphone number to another network without your knowledge. This gives them control over your calls and text messages, allowing them to commit text message fraud and gain access to sensitive information.
How it works
Fraudsters initiate a number porting request with your network provider, using stolen credentials obtained through phishing or smishing
During the process, you may receive an SMS notifying you of the porting request
If you ignore the notification, the fraudster completes the porting and gains access to your calls, SMSs, one-time PINs (OTP) and other notifications
How to identify it
You stop receiving calls or SMSs on your phone unexpectedly
OTPs you request don’t arrive, even after trying multiple times
Your phone loses signal in regular network areas
What you can do
Don't click links in suspicious texts or respond to unsolicited SMSs asking for personal information
If you receive an SMS about number porting, contact your network provider immediately to confirm the request
Report text message fraud by contacting your bank or network provider directly
If you suspect your number has been ported without your consent, call Standard Bank on 0800 020 600 to secure your accounts
Key takeaway
Act quickly if you receive an unexpected porting notification. Contact your network provider and bank to secure your accounts and prevent fraud.
Spoofed website scam
A spoofed website scam involves creating a fake website that looks like the legitimate site of a trusted organisation, often using similar logos, designs and layouts. These websites are designed to trick users into providing sensitive personal or banking information, often leading to fraud. Learning how to check whether a website is legitimate and identifying spoofed URLs can help protect you from falling victim to these scams.
How it works
They send you an email with a hyperlink, attachment or icon that directs you to the spoofed website
The email might claim urgency, such as updating your account details or verifying suspicious activity
Once on the spoofed website, you’re prompted to disclose personal or account information, believing it’s a secure process
These fake websites often validate other scams, such as phishing emails or 419 scams, by appearing credible
How to identify it
Suspicious links: Instead of typing the web address (URL) directly into your browser, you’re asked to click on a link provided in an email or message
Unfamiliar URLs: The URL doesn’t match the official URL of the organisation; for example, instead of www.standardbank.co.za, it may use subtle variations such as www.standarbank-secure.com
Requests for sensitive information: The website asks for personal details, passwords or banking credentials
No security indicators: Legitimate websites typically have a padlock symbol and ‘https://’ in the URL bar, indicating they are secure
Design inconsistencies: While the website may look convincing, small design flaws or outdated elements could indicate it’s a spoof
What you can do
Manually enter URLs: Always type the website’s URL directly into your browser rather than clicking on links in unsolicited emails or messages
Check for security features: Look for the padlock icon and ensure the URL begins with ‘https://’
Inspect the URL closely: Be vigilant about identifying spoofed URLs by looking for typos, extra characters or unfamiliar domains
Verify with the organisation: If you’re unsure, contact the organisation directly using their official contact details to confirm the legitimacy of the website
Report suspicious emails: Forward any suspicious emails containing links to [email protected] so that action can be taken to shut down the spoofed website
Key takeaway
Always type URLs directly into your browser rather than clicking on links in unsolicited emails. Verify website authenticity by checking for security indicators such as ‘https://’ and the padlock icon.
It could be a scam if...
- The offer seems unrealistic, such as big rewards, prizes, or competitions you never entered
- You’re pressured to act quickly, pay upfront, or share sensitive information without verification
- The sender uses a suspicious email address, unofficial channels (WhatsApp, SMS, social media), or links/attachments to request details
- The message is poorly written, with spelling mistakes, bad grammar, or odd formatting
- Someone claims to be from a trusted organisation but can’t prove their identity