Sign in
Personal
Business
Wealth

Types of scams to avoid

New types of scams continue to emerge in which fraudsters lure you into providing confidential info – often via email, SMS, phone call, malware or remote access. Anyone can be a target. Ultimately, it’s up to you to stay informed about scams and think twice before sharing your personal details online or over the phone.

 It could be a scam if…

  • What you are offered or promised sounds too good to be true
  • The offer takes you by surprise, or the prize relates to a competition you never entered
  • You’re given limited time to confirm your details or win the prize, catching you off guard
  • You receive the information via a free email address (like Hotmail, Aim, Yahoo or Gmail)
  • You are promised large sums of money for very little or no effort on your part
  • You’re asked to provide money upfront, for whatever reason, to receive the money or prize
  • You’re asked to confirm personal or account details via a hyperlink, icon or attachment in an email or over the phone

TYPES OF SCAMS

Vishing scam

Vishing is when fraudsters ask for your personal and bank account details over the phone. It’s becoming more common with the increase in mobile banking. Know that the bank will never ask for your account details, password, PIN, or one-time PIN (OTP) over the phone.
 

How it works

  • You receive a phone call from someone who says they’re from your bank or pretend to be from UCount and ask for your card details including your OTP to transfer “rewards’ to your credit card
  • You’re asked to update or verify your details  
  • You oblige, providing everything required to access your bank account
  • In some cases, you receive an unverified SMS saying that the bank will soon be in touch to update or confirm your details, and then you receive the call

How to identify it

  • There’s a sense of urgency in the phone call, giving you no time to think clearly
  • You are told they’re from the fraud department, that funds have been fraudulently taken from your account, and you need to confirm your details so the funds can be returned to your account
  • You’re asked to update or confirm your bank account number, PIN or password over the phone
  • You’re asked to confirm an OTP for defrauded funds to be returned to your account
  • You’re asked to call them back to confirm that you’re speaking to someone who’s genuinely from the bank (the call will be intercepted from the bank’s call centre to the fraudster )

Phishing scam

Phishing is when fraudsters send you unsolicited emails in which they claim to be from a reliable organisation, like a bank or an email service provider.

How it works

  • You receive an email request to update or confirm your details by clicking on a link or an icon
  • Once you click on it, a fake website is launched
  • On the website, you are asked to share your account details, username or password for Internet Banking, email account, cellphone number or bank card details
  • Any details you provide on the fake website are captured by the fraudsters and used to defraud you

How to identify it

  • There’s usually a sense of urgency in the email, followed by a threat (like the suspension of your bank account)
  • You need to respond quickly, not giving you time to think things through or ask someone for advice
  • The email says you have been a victim of fraud, or due to receive funds, and you need to sign into your accounts by clicking on a the link to report the incident and cancel your bank card, or give permission to accept the sum of money
  • You’re asked to supply your personal and account details via a hyperlink, attachment or icon, provided in the email

What you can do

  • If you receive a suspicious email containing links, please forward it to [email protected] for shutdown
  • Hover over the link to confirm the email address or website is legitimate (check that the website is https and not http)
  • If it is not from a website or email address that you know, delete the email immediately
  • We will never request your PINs or OTPs via phone, email or SMS
  • If you detect any suspicious activity on your account, call our Fraud Line on 0800 020 600

Smishing scam

Smishing aims to access your personal information via an SMS. These scams are becoming more common because of the increasing popularity of mobile banking.

How it works

  • You receive an SMS supposedly from a recognised organisation, like a bank, asking you to contact a toll-free number
  • When you call the number, a fake automated voice-response system prompts you to provide sensitive details like your account number, password or PIN
  • The fraudsters then have access to your details and can use them as they wish
  • Nowadays, people use their smartphones for everything, including Internet Banking, so there is a lot of sensitive information at risk if the phone is exposed to fraudulent activities
  • You may be less likely to scrutinise and deliberate SMSs with suspicious links. Clicking on these suspicious links may install malware onto your phone, or could take you to a spoof website where you will be asked to enter personal or confidential information

How to identify it

  • You are asked to update or confirm your personal details, like your bank account number, PIN or password over the phone
  • There’s a sense of urgency, followed by a threat: if you don’t update or confirm your details now, your account will be suspended
  • This doesn’t give you much time to think clearly  
  • The SMS asks you to call a toll-free number
  • Remember, your bank will never ask for your account details, password, PIN or OTP over the phone

What you can do

  • Do not click on links or icons in unsolicited SMSs
  • Do not reply to these SMSs. Delete them immediately
  • Do not believe the content of unsolicited SMSs blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm
  • Check that you are on the authentic/real site before entering any personal information
  • If you think that your device might have been compromised, contact your bank immediately
  • Create complicated passwords that are not easy to decipher and change them often
  • Don't store your credit card or banking information on your smartphone in case malware gets installed on your phone
  • Regard urgent security alerts, offers or deals as warning signs of a hacking attempt

Remote access takeover scam 

This is when you’re tricked into allowing ‘Remote Access Control’ software to be downloaded onto your computer. Fraudsters use this software to take control of your computer remotely, adjusting your settings to leave the computer vulnerable to online banking fraud. 

How it works

  • Someone claiming to work in the bank’s security centre phones you, offering to help you with computer software upgrades
  • In some cases, the fraudsters say they’re helping to stop or reverse fraudulent payments from your account and ask you to download and install remote access software
  • You download the software, and the fraudster talks you through the installation process
  • Once the software is installed, you’re asked to sign in to your Internet Banking profile and make a payment for the software
  • Once you’re signed in, your computer goes blank
  • You start receiving OTPs to confirm transactions you didn’t make
  • The fraudster then reassures you that the OTP is required to complete the software installation, and asks you to forward the OTPs so they can complete the process
  • The fraudster uses your OTPs to process the fraudulent transactions

How to identify it

  • There’s a sense of urgency in the phone call, followed by a threat: your PC or laptop will be infected with a virus or malware if you don’t download the recommended software immediately, giving you no time to think about it or ask anyone for advice
  • You’re asked to download ‘protective’ software and sign in to your Internet Banking profile to pay for the download which requires you to capture sensitive information, such as Internet Banking usernames and passwords

Spoofed website scam

A spoofed website claims to be the legitimate website of a particular organisation and is set up to mimic the original website.

How it works

  • Spoofed websites usually carry a similar or identical logo to the organisation they are mimicking
  • Typically, spoofed websites aim to associate a scam with a reputable institution and are set up to validate other scams such as the 419 or phishing scam

How to identify it

  • You are asked to click on a hyperlink, attachment or icon provided in an email you are sent directing you to the spoofed website, rather than typing in the URL directly into the browser
  • You are required to disclose personal details or account information on the website you were directed to via the email you receive
  • The spoofed website, accessed via the given hyperlink in the email, does not have one of Standard Bank’s official website addresses or URLs that you usually use to access information or use to access online banking

What you can do

  • If you receive a suspicious email containing links, please forward it to [email protected] for shutdown

Email hacking scam

This is when fraudsters gain unauthorised access to your email address, then send emails to your friends, family, and business partners to defraud them in your name.

How it works

  • Fraudsters hack your email address through malware viruses
  • They access your emails and contact list
  • Emails are sent to your friends, family member or business partners
  • Posing as you, they ask your family or friends for money
  • They email your business partners with a banking details update, and ask for payments to be made to the new account

How to identify it

  • When you start noticing emails are missing  
  • When you’re not receiving emails
  • When you start to receive unexpected emails
  • If your password has changed without you being aware
  • Having unknown emails under your sent items

Keylogger scam

In a keylogger scam, software is used to record every keystroke entered on your computer, allowing fraudsters to use your personal information to defraud you.

How it works

  • Once a keylogger scam is in place, fraudsters can access the keystroke details via a file on your computer, or have the details sent to them anonymously via email
  • The keylogger records whatever you type on your computer, including passwords, PINs and usernames
  • Fraudsters often target internet cafés, owing to the convenience of the computer terminals and anonymity attached to them
  • They often steal your private login details for Internet Banking, Facebook and email account profiles

How to identify it

  • Keyloggers can be hidden in an unfamiliar email attachments or hyperlinks, installed via a memory stick, or installed via rogue apps or malicious websites
  • Be wary when other untrusted individuals use your computer, for whatever reason
  • Always be alert to computer hardware or software changes
  • Be cautious when using internet cafés
  • Never disclose any confidential information on a public, unfamiliar computer
  • Don’t open any emails, attachments or hyperlinks from unknown sources

Stolen phones scam

A fraudster can access your personal and banking information on your stolen mobile phone, which is why it is critical that you de-link the stolen device from your digital profile immediately or contact the bank to report the device as stolen.

Take action by following our easy steps: How to de-link my stolen device.

SIM swap scam

In a SIM swap scam, fraudsters perform a SIM swap without your knowledge, allowing them to intercept your phone calls and SMSs.

How it works

  • Typically, the SIM swap takes place after fraudsters have received your Internet Banking sign in details following your response to a phishing email or a vishing call
  • Once fraudsters have access to your cellphone number and personal details, they can pose as you and request a new SIM card from your network service provider
  • This gives them access to your phone calls, SMSs, OTPs and other notifications they can use to defraud you

How to identify it

  • You are suddenly no longer receiving calls or messages on your cellphone
  • You don’t receive the OTP you requested, even when trying a second time
  • Your cellphone suddenly has no signal in a regular network area

Twin SIM scam

A twin SIM scam is a relatively new and sophisticated form of fraud. Fraudsters duplicate your cellphone number onto another SIM card, allowing them to divert certain phone calls and SMSs.

How it works

  • Fraudsters take control of your primary cellphone number by switching off the network coverage, diverting your phone calls and SMSs to the secondary ‘twin call’ cellphone number
  • This gives them access to your OTP SMSs and any other notifications they can use to defraud you

How to identify it

  • You are suddenly no longer receiving calls or messages on your cellphone
  • You don’t receive the OTP you requested, even when trying a second time
  • Your cellphone suddenly has no signal in a regular network area

Number porting scam

A number porting scam is where fraudsters transfer your cellphone number from your current network service provider to another without you knowing.

How it works

  • Number porting often happens after fraudsters have received your Internet Banking sign in details through a vishing call or phishing email
  • During porting, some network service providers may send you an SMS confirming that your number has been transferred to another service provider
  • If you ignore the SMS, the fraudster can complete the porting and gain access to your phone calls, SMSs, OTPs and other notifications they can use to defraud you

How to identify it

  • You are suddenly no longer receiving calls or messages on your cellphone
  • You don’t receive the OTP you requested, even when trying a second time
  • Your cellphone suddenly has no signal in a regular network area

Deposit and refund scam

The deposit and refund scam attempts to steal goods or services from your business without making the necessary payments.

How it works

  • Fraudsters order goods or services from your business, supposedly making the payment into your account
  • This is done mostly by means of an EFT payment where they pay you an amount that’s less but amend the proof of payment for the amount due
  • A fake proof of payment is sent to you, and your business delivers the goods without checking if the correct payment is reflecting in your bank account
  • Later on, you learn that the payment is for the incorrect amount
  • In other cases, fraudsters may cancel the order and request an urgent refund
  • Or, they claim to have ‘mistakenly’ deposited funds into your account via EFT
  • The caller sends you proof of payment and asks for an immediate refund

How to identify it

  • You are asked to refund someone urgently after cancelling an order, or the payment is made in ‘error’
  • You’re asked for an urgent refund before you can verify with the bank that the payment was made into your account and is valid
  • You don’t know the person requesting the refund
  • You’re unable to reach the person by phone to confirm the request

What you can do

  • Make use of our Escrow service to reduce the risk of fraud when selling products or services.

Change of banking details scam

This is when fraudsters attempt to steal funds by posing as one of your suppliers, or someone you’re meant to pay, and asking you to update their bank account details.

How it works

  • You receive an email, letter or fax supposedly from a recognised supplier
  • You are informed of a change in bank account details and asked to update your records accordingly
  • However, these ‘new’ bank account details are false
  • Your monthly payment is then paid to the scammer instead of your supplier

How to identify it

  • The request doesn’t come from your usual ‘contact’ or point of contact at the supplier
  • The request for change of bank details wasn’t made via official correspondence or using the contact details that you have in your database
  • In some instances, fraudsters may spoof the email address of the supplier or falsify the email address to look like that of the supplier
  • If you ever receive such a request, confirm it with a contact you trust before changing any bank account details

Dating and romance scam

A dating and romance scam typically plays on your emotional and compassionate side in an attempt to steal funds.

How it works

  • Fraudsters create fake profiles on legitimate dating websites or social media platforms to meet new people and, in time, lure them into their con
  • They invite you to be their friend or talk to them online
  • They are experts at sharing fake personal information to build trust and create a relationship with you
  • Once you’re friends, they ask you to send them money to help them out of a personal crisis, or pay for their travel expenses to visit you
  • Once you’ve sent them money, you’ll likely never hear from them again

How to identify it

  • You receive a friend notification or invite from someone you don’t recognise
  • You have only spoken to the person online via social media or a dating website
  • They ask you for an upfront payment or to disclose sensitive details
  • You notice an inconsistency in the communication that’s sent to you
  • They have an out-of-the-ordinary job – they work in the army or air force – and need you to help them financially

What you can do

  • Watch out for emails where content has been pasted into the email, the fonts and font sizes always vary, or where the emails are not personally addressed to you i.e. “Hi beautiful”. Scammers often target several victims at the same time and make use of the same content in their emails to all victims
  • Never send money to anyone that you are communicating with over the internet
  • Look out for inconsistencies in the communication that is sent to you. Syndicates often have several people manning their online dating sites so you could possibly be chatting to two or three different people
  • Be wary of people who keep promising to meet you but then always cancel at the last minute
  • Don’t give someone money to come and visit you
  • Should you arrange a meeting with someone you have met online, ensure that you meet in a public area and possibly with friends
  • Be careful how much personal information you share on social networking sites. Scammers can use this information to target you with a scam
  • Should you suspect that you are being targeted by a scammer, stop all communications immediately and report it to the online dating service

Holiday scam

This type of scam aims to exploit potential holidaymakers by falsely advertising ideal holiday packages, accommodation, or timeshare on the internet through seemingly legitimate classified ads or websites.

How it works

  • You come across a website or you’re sent an email promoting an incredible holiday package
  • The deal is only running for a couple hours, so before time runs out, you quickly pay for the package through the website, which you believe to be genuine, using your credit card details
  • The purchase goes through, but you never receive the package you paid for
  • The website and the deal were fake
  • The fraudsters now have access to your funds and your bank account details

How to identify it

  • If the holiday package sounds too good to be true, it most probably is
  • You come across the deal on a website you don’t recognise or you are sent the promotion via an unsolicited email
  • The URL begins with ‘http’ and not ‘https’
  • There is a sense of urgency with the holiday deal: you only have 5 hours left before the deal closes, or there are only two packages left
  • This doesn’t give you much time to think about what you’re doing or ask for advice
  • You are encouraged to disclose personal details quickly online
  • In the email you receive, you are required to click on the hyperlink, attachment or icon to view and pay for the holiday package
  • You’re unable to contact a reputable agency to confirm the holiday package
  • The contact details include foreign phone numbers, or the owner or property manager isn’t responding to emails

What you can do

  • If you receive a suspicious email containing links, please forward it to [email protected] for shutdown

Online goods scam

This is when fraudsters infiltrate online platforms for buying and selling goods. You’re asked to pay upfront for whatever it is you want to buy on the site. You pay the seller, but they don’t deliver the goods.

How it works

  • Fraudsters advertise goods on popular websites
  • You contact the seller to buy the goods
  • Once you have agreed on the price and how the goods will be delivered, you’re asked to pay in advance
  • You will be given an account number to deposit funds, or you’ll be asked to send money to their digital wallet
  • Once they have your money, they don’t deliver the goods and block your phone calls

How to identify it

  • You’re asked to make payment upfront for goods you haven’t seen yet
  • The seller doesn’t want you to view the goods but puts you under pressure to make the payment
  • The seller says the goods are in another province and will be delivered to you once you’ve paid

What you can do

  • Make use of our Escrow service to reduce the risk of fraud when buying products or services online.

419 Scam

A 419 scam, or advance fee scam, is a form of upfront payment or money transfer scam. While the details of a 419 scam can vary, large sums of money are usually involved.

How it works

  • You receive an email, fax or letter promising you large amounts of money (via an inheritance or lottery winning)
  • To gain access to the funds, you are asked to pay an upfront fee
  • Various reasons are given for the upfront fee, including exchange control or customs duty fees and bank charges
  • You may be given login details for a false website that looks like your bank’s website, and reflects your inflated bank balance
  • Once you’ve made the advance payment, you won’t hear from the fraudsters again
  • Of course, the promised transaction never takes place

How to identify it

  • Out of nowhere, you receive an unbelievable promise of large sums of money (usually millions of dollars or pounds) for little or no effort on your part
  • You have no idea where this proposed money is coming from
  • You are asked to provide money upfront as a processing or admin fee to access the funds
  • There’s usually a sense of urgency, followed by an emotional bribe (someone has passed away or is suffering from an illness), prompting you to respond quickly
  • This doesn’t give you much time to think about what you’re doing
  • You don’t know the people who have sent the communication, although they usually claim to be in a position of authority from a trusted organisation
  • You’re required to supply your personal and account details via a hyperlink, attachment or icon provided in the email