Sign in
Personal
Business
Wealth

Scams

New types of scams continue to emerge in which fraudsters lure you into providing confidential info – often via email, SMS, phone call, malware or remote access. Anyone can be a target. Ultimately, it’s up to you to stay informed about scams, and think twice before sharing your personal details online or over the phone.

 It could be a scam if…

  • What you are offered or promised sounds too good to be true
  • The offer takes you by surprise, or the prize relates to a competition you never entered
  • You’re given limited time to confirm your details or win the prize, catching you off guard
  • You receive the information via a free email address (like Hotmail, Aim, Yahoo or Gmail)
  • You are promised large sums of money for very little or no effort on your part
  • You’re asked to provide money upfront, for whatever reason, in order to receive the money or prize
  • You’re asked to confirm personal or account details via a hyperlink, icon or attachment in an email or over the phone

TYPES OF SCAMS

Vishing scam

Vishing is when fraudsters ask for your personal and bank account details over the phone. It’s becoming more common with the increase in mobile banking. Know that the bank will never ask for your account details, password, PIN or OTP over the phone.
 

How it works

  • You receive a phone call from someone who says they’re from your bank
  • You’re asked to to update or verify your details
  • You oblige, providing everything required to access your bank account
  • In some cases you receive an unverified SMS saying that the bank will soon be in touch to update or confirm your details, and then you receive the call

How to identify it

  • There’s a sense of urgency in the phone call, giving you no time to think clearly
  • You are told they’re from the fraud department, that funds have been fraudulently taken from your account, and you need to confirm your details so the funds can be returned to your account
  • You’re asked to update or confirm your bank account number, PIN or password over the phone
  • You’re asked to confirm an OTP for defrauded funds to be returned to your account
  • You’re asked to call them back to confirm that you’re speaking to someone who’s genuinely from the bank (the call will be diverted to the bank’s call centre

Remote access takeover scam 

This is when you’re tricked into allowing ‘Remote Access Control’ software to be downloaded onto your computer. Fraudsters use this software to take control of your computer remotely, adjusting your settings to leave the computer vulnerable to online banking fraud.


How it works

  • Someone claiming to work in the bank’s security centre phones you, offering to help you with computer software upgrades
  • In some cases, the fraudsters say they’re helping to stop or reverse fraudulent payments from your account, and ask you to download and instal remote access oftware
  • You download the software, and the fraudster talks you through the installation process
  • Once the software is installed, you’re asked to login to your online banking profile and make a payment for the software
  • On login, your computer goes blank
  • You start receiving OTPs to confirm transactions you didn’t make
  • The fraudster then reassures you that the OTP is required to complete the software installation, and asks you to forward the OTPs so they can complete the process
  • The fraudster uses your OTPs to process the fraudulent transactions

How to identify it

  • There’s a sense of urgency in the phone call, followed by a threat: your PC or laptop will be infected with a virus or malware if you don’t download the recommended software immediately, giving you no time to think about it or ask anyone for advice
  • You’re asked to download ‘protective’ software and login to your online banking profile to pay for the download which requires you to capture sensitive information, such as online banking usernames and passwords.

Phishing scam

Phishing is when fraudsters send you unsolicited emails, in which they claim to be from a reliable organisation, like a bank or an email service provider.

How it works

  • You receive an email request to update or confirm your details by clicking on a link or an icon
  • Once you click on it, a fake website is launched
  • On the website, you are asked to share your account details, username or password for online banking, email account, cellphone number or bank card details
  • Any details you provide on the fake website are captured by the fraudsters and used to defraud you

How to identify it

  • There’s usually a sense of urgency in the email, followed by a threat (like the suspension of your bank account)
  • You need to respond quickly, not giving you time to think things through or ask someone for advice
  • The email says you have been a victim of fraud, or due to receive funds, and you need to login to your accounts by clicking on a the link to report the incident and cancel your bank card, or give permission to accept the sum of money
  • You’re asked to supply your personal and account details via a hyperlink, attachment or icon, provided in the email

What you can do

  • If you receive a suspicious email containing links, please forward it to [email protected] for shutdown

Change of banking details scam

This is when fraudsters attempt to steal funds by posing as one of your suppliers, or someone you’re meant to pay, and asking you to update their bank account details.

How it works

  • You receive an email, letter or fax supposedly from a recognised supplier
  • You are informed of a change in bank account details and asked to update your records accordingly
  • But these ‘new’ bank account details are false
  • So your monthly payment is paid to the scammer instead of your supplier

How to identify it

  • The request doesn’t come from your usual ‘contact’ or point of contact at the supplier
  • The request for change of bank details wasn’t made via official correspondence or using the contact details that you have in your database
  • In some instances fraudsters may spoof the e-mail address of the supplier or falsify the e-mail address to look like that of the supplier
  • If you ever receive such a request, confirm it with a contact you trust before changing any bank account details

SIM swap scam

In a SIM swap scam, fraudsters perform a SIM swap without your knowledge, allowing them to intercept your phone calls and SMSs.

How it works

  • Typically, the SIM swap takes place after fraudsters have received your online banking login details following your response to a phishing email or a vishing call
  • Once fraudsters have access to your cellphone number and personal details, they can pose as you and request a new SIM card from your network service provider
  • This gives them access to your phone calls, SMSs, OTPs and other notifications they can use to defraud you

How to identify it

  • You are suddenly no longer receiving calls or messages on your cellphone
  • You don’t receive the OTP you requested, even when trying a second time
  • Your cellphone suddenly has no signal in a regular network area

Twin SIM scam

A twin SIM scam is a relatively new and sophisticated form of fraud. Fraudsters duplicate your cellphone number onto another SIM card, allowing them to divert certain phone calls and SMSs.

How it works

  • Fraudsters to take control of your primary cellphone number by switching off the network coverage, diverting your phone calls and SMSs to the secondary ‘twin call’ cellphone number
  • This gives them access to your OTP SMSs and any other notifications they can use to defraud you

How to identify it

  • You are suddenly no longer receiving calls or messages on your cellphone
  • You don’t receive the OTP you requested, even when trying a second time
  • Your cellphone suddenly has no signal in a regular network area

Number porting scam

A number porting scam is where fraudsters transfer your cellphone number from your current network service provider to another without you knowing.

How it works

  • Number porting often happens after fraudsters have received your online banking login details through a vishing call or phishing email
  • During porting, some network service providers may send you an SMS confirming that your number’s been transferred to another service provider
  • If you ignore the SMS, the fraudster can complete the porting and gain access to your phone calls, SMSs, OTPs and other notifications they can use to defraud you

How to identify it

  • You ae suddenly no longer receiving calls or messages on your cellphone
  • You don’t receive the OTP you requested, even when trying a second time
  • Your cellphone suddenly has no signal in a regular network area

Deposit and refund scam

The deposit and refund scam attempts to steal goods or services from your business without actually making the necessary payments.

How it works

  • Fraudsters order goods or services from your business, supposedly making the payment into your account
  • This is done mostly by means of a fraudulent or stolen cheque
  • A fake proof of payment is sent to you, and your business delivers the goods
  • Later on, you learn the cheque is fraudulent and no funds were received
  • In other cases, fraudsters may cancel the order and request an urgent refund
  • Or, they deposit a fraudulent cheque into your account only to then contact you stating that they ‘mistakenly’ deposited funds into your account
  • The caller sends you proof of payment and asks for an immediate refund

How to identify it

  • You are asked to refund someone urgently after cancelling an order, or the payment is made in ‘error’
  • You’re asked for an urgent refund before you can verify with the bank that the deposit was made into your account and is valid
  • You don’t know the person requesting the refund
  • You aren’t sure whether the payment is a cheque deposit or not
  • You’re unable to reach the person by phone to confirm the request

Spoofed website scam

A spoofed website claims to be the legitimate website of a particular organisation, and is set up to mimic the original website.

How it works

  • Spoofed websites usually carry a similar or identical logo to the organisation they are mimicking
  • Typically, spoofed websites aim to associate a scam with a reputable institution, and are set up to validate other scams such as the 419 or phishing scam

How to identify it

  • You are asked to click on a hyperlink, attachment or icon provided in an email you are sent directing you to the spoofed website, rather than typing in the URL directly into the browser
  • You are required to disclose personal details or account information on the website you were directed to via the email you receive
  • The spoofed website, accessed via the given hyperlink in the email, does not have one of Standard Bank’s official website addresses or URLs that you usually use to access information or use to access online banking

What you can do

  • If you receive a suspicious email containing links, please forward it to [email protected] for shutdown

419 scam

A 419 scam, or advance fee scam, is a form of upfront payment or money transfer scam. While the details of a 419 scam can vary, large sums of money are usually involved.

How it works

  • You receive an email, fax or letter promising you large amounts of money (via an inheritance or lottery winning)
  • To gain access to the funds, you are asked to pay an upfront fee
  • Various reasons are given for the upfront fee, including exchange control or customs duty fees and bank charges
  • You may be given login details for a false website that looks like your bank’s, and reflects your inflated bank balance
  • Once you’ve made the advance payment, you won’t here from the fraudsters again
  • Of course, the promised transaction never takes place

How to identify it

  • Out of nowhere, you receive an unbelievable promise of large sums of money (usually millions of dollars or pounds) for little or no effort on your part
  • You have no idea where this proposed money is coming from
  • You are asked to provide money upfront, as a processing or admin fee, in order to access the funds
  • There’s usually a sense of urgency, followed by an emotional bribe (someone has passed away or is suffering from an illness), prompting you to respond quickly
  • This doesn’t give you much time to think about what you’re doing
  • You don’t know the people who have sent the communication, although they usually claim to be in a position of authority from a trusted organisation
  • You’re required to supply your personal and account details via a hyperlink, attachment or icon provided in the email

Dating and romance scam

A dating and romance scam typically plays on your emotional and compassionate side in an attempt to steal funds.

How it works

  • Fraudsters create fake profiles on legitimate dating websites or social media platforms to meet new people and, in time, lure them into their con
  • Theyinvite you to be their friend or talk to them online
  • They are experts at sharing fake personal information to build trust and create a relationship with you
  • Once you’re friends, they ask you to send them money to help them out of a personal crisis, or pay for their travel expenses to visit you
  • Once you’ve sent them money, you’ll likely never hear from them again

How to identify it

  • You receive a friend notification or invite from someone you don’t recognise
  • You have only spoken to the person online via social media or a dating website
  • They ask you for an upfront payment or to disclose sensitive details
  • You notice an inconsistency in the communication that’s sent to you
  • They have an out-of-the-ordinary job – they work in the army or air force – and need you to help them financially

Holiday scam

This type of scam aims to exploit potential holiday makers by falsely advertising ideal holiday packages, accommodation or timeshare on the internet through seemingly legitimate classified ads or websites.

How it works

  • You come across a website or you’re sent an email promoting an incredible holiday package
  • The deal is only running for a couple hours, so before time runs out, you quickly pay for the package through the website, which you believe to be genuine, using your credit card details
  • The purchase goes through, but you never receive the package you paid for
  • The website and the deal were fake
  • The fraudsters now have access to your funds and your bank account details

How to identify it

  • If the holiday package sounds too good to be true, it most probably is
  • You come across the deal on a website you don’t recognise or you are sent the promotion via an unsolicited email
  • The URL begins with ‘http’ not ‘https’
  • There is a sense of urgency with the holiday deal: you only have 5 hours left before the deal closes, or there are only two packages left
  • This doesn’t give you much time to think about what you’re doing or ask for advice
  • You are encouraged to disclose personal details quickly online
  • In the email you receive, you are required to click on the hyperlink, attachment or icon to view and pay for the holiday package
  • You’re unable to contact a reputable agency to confirm the holiday package
  • The contact details include foreign phone numbers, or the owner or property manager isn’t responding to emails

What you can do

  • If you receive a suspicious email containing links, please forward it to [email protected] for shutdown

Keylogger scam

In a keylogger scam, software is used to record every keystroke entered on your computer, allowing fraudsters to use your personal information to defraud you.

How it works

  • Once a keylogger scam is in place, fraudsters can access the keystroke details via a file on your computer, or have the details sent to them anonymously via email
  • The keylogger records whatever you type on your computer, including passwords, PINs and usernames
  • Fraudsters often target internet cafés, owing to the convenience of the computer terminals and anonymity attached to them
  • They often steal your private login details for internet banking, Facebook and email account profiles

How to identify it

  • Keyloggers can be hidden in an unfamiliar email attachments or hyperlinks, installed via a memory stick, or installed via rogue apps or malicious websites
  • Be wary when other untrusted individuals use your computer, for whatever reason
  • Always be alert to computer hardware or software changes
  • Be cautious when using internet cafés
  • Never disclose any confidential information on a public, unfamiliar computer
  • Don’t open any emails, attachments or hyperlinks from unknown sources

Smishing scam

Smishing aims to access your personal information via an SMS. These scams are becoming more common because of the increasing popularity of mobile banking.

How it works

  • You receive an SMS supposedly from a recognised organisation, like a bank, asking you to contact a toll-free number
  • When you call the number, a fake automated voice-response system prompts you to provide sensitive details like your account number, password or PIN
  • The fraudsters then have access to your details and can use them as they wish
  • Nowadays, people use their smartphones for everything including online banking, so there is a lot of sensitive information at risk if the phone is exposed to fraudulent behaviour

How to identify it

  • You are asked to update or confirm your personal details, like your bank account number, PIN or password over the phone
  • There’s a sense of urgency, followed by a threat: if you don’t update or confirm your details now, your account will be suspended
  • This doesn’t give you much time to think clearly
  • The SMS asks you to call a toll-free number
  • Remember, your bank will never ask for your account details, password, PIN or OTP over the phone

Online goods scam

This is when fraudsters infiltrate online platforms for buying and selling goods. You’re asked to pay upfront for whatever it is you want to buy on the site. You pay the seller, but they don’t deliver the goods.

How it works

  • Fraudsters advertise goods on popular websites
  • You contact the seller to buy the goods
  • Once you have agreed on the price and how the goods will be delivered, you’re asked to pay in advance
  • You will be given an account number to deposit funds, or you’ll be asked to send money to their digital wallet
  • Once they have your money, they don’t deliver the goods and block your phone calls

How to identify it

  • You’re asked to make payment upfront for goods you haven’t seen yet
  • The seller doesn’t want you to view the goods but puts you under pressure to make the payment
  • The seller says the goods are in another province and will be delivered to you once you’ve paid

Email hacking scam

This is when fraudsters gain unauthorised access to your email address, then send emails to your friends, family and business partners to defraud them in your name

How it works

  • Fraudsters hack your email address through malware viruses
  • They access your emails and contact list
  • Emails are sent to your friends, family member or business partners
  • Posing as you, they ask your family or friends for money
  • They email your business partners with a banking details update, and ask for payments to be made to the new account

How to identify it

  • When you start noticing emails are missing
  • When you’re not receiving emails
  • When you start to receive unexpected emails
  • If your password has changed without you being aware
  • Having unknown emails under your sent items