Know Fraud security image
Most of us think the world of fraud will never touch us. Until it does.

In our increasingly digital age, cybercrime is on the rise. But not all fraud relies on sophisticated technology. Sometimes a common, simple deception can separate you from your money. 

When you know fraud, you are empowered to prevent it. Be vigilant, be proactive, be secure.

 

How do I report fraud, card loss or theft or suspicious activity on my account?

Please call +41 44 226 1000

 

 

Warning: stay alert to current threats

email button about to be pressed on computer key board

Brand impersonation of Investec and others

Is someone claiming to be from Investec? Fraudsters may contact you by telephone, email, SMS/text, letter or direct you to a website. For example, they may tell you about an investment opportunity, or that you are the sole beneficiary of inheritance. These communications may look legitimate, with similar-sounding names to a bank or financial institution.

By adding official-looking logos, banking registration details and company numbers, these well-crafted deceptions give the impression that everything is right. If you’re not sure, call the head office switchboard, and never use numbers supplied by the person you’re suspicious of.

If you’ve already transferred money or information to a fraudster, contact your bank immediately. The bank may not recover all of it, but if you move quickly, it will recover what it can.

We maintain a list of companies and people who claim to be from Investec. With your feedback, we can keep everyone informed. You can review our full list of fraud alerts here.

If you think you have been targeted, click here to find more information on investment scams

Cryptocurrency fraud

Cryptocurrency investment scams

Fraudsters are taking advantage of the low-interest rates in traditional financial services to market lucrative “investments” in Bitcoin or other cryptocurrencies. You may be asked to make a card bank transfer to your
new “crypto wallet,” after which the fraudsters will disappear with your money and the investment will never materialise.

Protect yourself by following these rules:

1. Always be aware of the risks associated with crypto investments

2. Do not transfer money to a cryptocurrency wallet that you didn’t set up yourself

3. Check the FCA warning list to ensure you are not dealing with a fraudulent investment provider

4. Always call the provider to verify the investment on an independently-sourced number, not the one found in the body of an email or documents you have been sent.

Smishing - SMS phishing, fraud by text

Suspicious text messages (smishing)

Fraudsters are increasingly sending text messages that impersonate genuine companies such as a tax authority, a postal service or even your bank. They may appear to be genuine, but are designed to steal data or to get people to pay them. This is called ‘smishing’ (SMS phishing).

In this case study we explain how some messages appear to be a small shipping fee request from the Royal Mail, but are made to acquire private information and target the recipient with further scams.

Always remember:

1. Never click on a link within a text message. Instead, call the organisation on an independently sourced number to confirm if the message is genuine. Don’t call the number in the text message.

2. If you want to access online banking, do so through the Investec app or through Investec Online. Don’t use a website link someone has sent you.

3. Never respond to a suspicious message. Instead, block the sender’s number using your device or contact your network provider and ask them to block the number for you.

Please note, we may send you emails from time to time. However, we will never send you an email asking for your security information or logon details, or direct you to a web page that asks for this information. We will also never send you an email with a link to Investec Online Banking.

How to protect yourself against fraud

Mans hands working on laptop keyboard

Stay alert

From email hacking and ‘phishing’ to fake unsubscribe buttons, find out the ways fraudsters are trying to trick you.

Young female accessing mobile phone next to her laptop

Protect your identity

Your personal details are valuable. Don’t respond to unexpected requests for validation of your security or personal details.

 

Woman working on her tablet device

Protect your devices

There’s no such thing as free wifi. Make sure no-one can access or install malware in your computer and mobile devices.

Man working on his tablet device

Recognise malicious apps

Malware is a term for various forms of malicious software. It’s transmitted via email attachments and infected websites.

Businessman accessing his mobile phone

Use Investec Online

Our online banking service is hosted on a secure 128-bit encrypted server. This means that any information you send us is encoded for your protection.

 

 

What we do to protect you

what we do to protect you image
Predict, detect, prevent and respond

Looking after your security is a fundamental part of our business. We know that you want to receive an exceptional client experience, and staying safe is primordial.

As an Investec client, you benefit from the combination of our expertise in the security, risk, and fraud prevention disciplines.

The threat landscape evolves every day, and we work hard to adapt our security architecture, so as to manage associated risks.

Our security programme is broken up into three main components

Fraud prevention

Fraud prevention

The Investec Fraud team works to protect our business and clients from becoming victims of fraud.

Investec has various layers of control, including prevention and deterrence, detection and mitigation, repair and recovery, investigation, and learning.

To do this, the team uses industry-leading real-time fraud detection systems to pick up potentially fraudulent payments.

The team is made of experienced professionals, who are part of various fraud-prevention forums and groups, and regularly attend events and conferences to stay a step ahead.

They also make sure that you, our client, is made aware of fraud threats with education campaigns and alerts, and help train Investec colleagues to also protect you, themselves, and our business from fraudsters.

Cybersecurity

Cybersecurity

Our Cybersecurity team actively seeks potential vulnerabilities within the Investec application and infrastructure architecture.

These experts use constant research to stay at the leading edge of changes in potential threats to the landscape of our technology and processes.

Using this knowledge, the team plays an important role in product development, making sure that all applications are secure by design. 

They also raise new threats they identify with the Information Security teams, to put preventative measures in place, and minimise potential cyber incidents.

Information security

Information security

Investec’s Information Security team is responsible for the systematic implementation and monitoring of technology. 

The team maintains a close relationship with the Fraud and Cybersecurity teams. They also meet security researchers and providers to ensure a best-practice approach to mitigating risk. 

By closely monitoring the security landscape, the team makes sure that we know about any threats, that we’re ready in case of incidents, and that we can quickly address any vulnerabilities.

 

 

 

Protect yourself from fraud

Helpful tips about online banking, your computer, mobile phone and other devices.

  • Investec Online

    Our online banking service is hosted on a secure 128-bit encrypted server. This means that any information you send us is encoded for your protection.

    • Your password protects your account from unauthorised access and no bank will ever ask you for it. Never email, write down or tell someone your security information or login details. 
    • The only time you will ever need to enter your Investec ID and password is when you log into Investec Online for your online banking at our website (Investec.com)

     

    Timed log out

    Investec Online logs you out if you don't use the service for 10 minutes. This gives you added protection if you forget to log yourself out. However, we recommend you always log out and end your session by using the ‘Log out’ button before closing the browser.

     

    Deactivation of your login details

    We'll automatically disable your access to Investec Online if three incorrect attempts are made to log in using your details. This is to stop fraudsters making repeated attempts to get into your accounts.

    • Register devices that you wish to access Investec Online from. This will help us detect when someone is trying to impersonate you on another device.
    • Only access Investec Online from your own devices, not from public computers, as your details could be recorded.
    • Please don’t leave a computer unattended while logged into Investec Online.
    • Never log into Investec Online via any emails with hyperlinks or shortcuts.
    • Never save any login IDs or passwords in your browser or on any of your devices. Disable, refuse, or decline any onscreen prompt on your computer that asks if you wish the computer to remember your passwords.
    • We encourage you to create complex passwords that are difficult to guess and time-consuming for hackers to crack. It should only be known by you and kept in a safe and secure place. Please avoid family or familiar names, numbers, and places, such as birthdays, phone numbers – any information that can be found on social media or the internet.
    • Please check your monthly statements and balances carefully. Many fraudulent transactions are for regular small amounts that occur over several months, disguised as a subscription you forgot you had or did not cancel. Fraudsters would prefer to empty your bank account if you have a large amount of cash spare. If not, they will gratefully accept monthly donations.
  • Protect your identity

    • Your personal details are valuable. Don’t respond to unexpected requests for validation of your security or personal details, by phone, text, or emails.
    • Limit the number of personal details you share online (ie date/place of birth on social media sites etc)
    • Review what social media sites or Google and other search engines know about you – erase what you don’t wish to be known.
    • Create and use different passwords for each service provided by Investec and other financial service providers.
    • Protect your printed or physical information and destroy or shred unwanted personal documents, old paper statements, and credit and debit cards.
    • Never use complimentary computers in airport lounges and hotels to do your banking.
    • If you need to use Investec Online while travelling, use international roaming or buy a SIM card in the country you’re visiting. Remember, if you don’t have roaming on your phone, you won’t get SMS payment notifications and may not be aware of fraudulent transactions until you’re back home.
    Are you travelling?

    Before travelling, contact our 24/7/365 global Client Support Centre or let your banker know that you’re away. We will be able to monitor your profile for any suspicious or fraudulent activity.

     

    You can also enter your travel dates on Investec Online and the App before your travel.

  • Protect your devices

    Your computer

    • Ensure no one has unauthorised access to your computer.
    • Use a password to access your own computer, restrict access to prevent programme installations.
    • Destroy or delete anything containing login details or security information, even if Investec has sent it to you.

     

    Free Wi-Fi

    Please do not use free public Wi-Fi when trying to access your banking and online transactions.

    In fact, do not try to access any account that requires a user name and password – even social media, when using free Wi-Fi, because of ‘sniffing’. ‘Sniffing’ is the phrase used by fraudsters to capture data from your laptop or mobile phone. When you launch an app (especially those that have stored your user ID and password), your security details are re-sent every time you launch the app, sometimes in an unencrypted form. Then, when you view your email accounts or social media posts, your security details are captured and used by fraudsters, who begin creating a profile of you.

     

    Registration of your devices

    • Always register your devices that require access to Investec Online. We will send you an alert if someone tries to register another device.
    • Please do not ignore that alert or simply accept the notice, as this is the beginning of someone attempting to take over your account.
    • We will also be alerted if you access the Investec Online from another machine, so please be aware and take time to register new devices and delete old ones.
  • Firewalls and antivirus

    Always Install a personal firewall product and antivirus protection product for your devices. The firewall sits between your computer and the internet and acts as a security guard, restricting what can enter and leave your computer. Hackers try to access or infect home computers by connecting to your computer while you’re surfing the internet. The best way to protect your computer from unauthorised connections from the internet is to install a personal firewall. There are several options on the market, some of which are free. 

    At first, the firewall may ask you what you want to allow in or out of your computer. However, it soon learns to make these decisions independently, based on the decisions you make early on. The most important point is never to allow anyone else to connect to your computer.

  • Malware

    Malware is a term for various forms of malicious software. It is transmitted via email attachments and infected websites. Here are the most common -

    • Key loggers – Programs that record all keystrokes performed on an infected computer. This gives the attackers access to anything that may have been typed in such as account numbers, passwords, and PINs. This is transmitted when you are online and the fraudsters can begin to take over people's accounts.
    • Spyware – Software that tracks and stores a person’s movements on the internet, then provides pop-ups based on a person’s spending habits, to lure them to a fake website in an attempt to trick them into entering their account details.
    • Ransomware – A nasty form of malware that encrypts all information on the infected computer and demands a ransom fee to be paid in order to unlock the data. This type of infection can result in significant data loss. 
    • Trojans – Running in the background and hiding from view, these programmes frequently open a ‘back door’ into a computer, allowing a fraudster to access information or take full control over the machine. This allows them to intercept banking details and passwords as they are keyed in.
    • Counterfeit or ‘cracked’ software – Acquiring ‘cheap’ computer operating or business software may not prove to be cheap in the long run, as fraudsters like to offer this online, but secretly add their own ‘added value’ – such as trojans/malware which can read your security details and passwords. Purchase genuine software. Keep your internet browser and other software on your computer up to date with the latest security patches, to protect yourself and your money. 

     

    Mobile phone

    • Apps – Use only those ‘apps’ that are downloaded from official sites. Free apps from unofficial sources may have malware, the same as counterfeit or ‘cracked’ computer software.
    • Antivirus – Ensure you have an antivirus installed if your operating software allows it. Just like your laptop or main computer, keep the antivirus and software up to date. 
    • Jailbroken devices – Jailbreaking a mobile device is the process of removing the software restrictions embedded by the device manufacturer, which may include the security protection mechanisms. In order to keep your account information secure, you are not able to use the Investec mobile apps on a jailbroken device.
    • Passwords protection – Make sure you secure your mobile device by setting a passcode greater than a four-digit PIN or fingerprint scanning if your device supports this functionality. 
    Lost your mobile phone?

    If you lose your device, call our 24/7global Client Support Centre to disable it, or disable the device yourself via Investec Online. Once disabled, it can no longer be used to access our online services.

  • Emails

    Fake email messages or phishing

    ‘Phishing’ is when fraudsters send thousands of emails in the hope that they will catch a victim. It just takes one to make it worthwhile. The email may look real, but there are always small clues to warn you.

    • What is the full email address used – does it look odd?
    • How are you greeted? Dear Customer / Your name / Nothing?
    • Does it ask you to log in from a link on the email?
    • Does it say there are security issues?
    • Does it advise you that it is urgent and immediate?

    Always take time to read an unexpected email. Fraudsters are counting on you being far too busy or worried so you don’t think clearly and will do what they request.

    Spoofing and hacking emails

    A ‘spoof’ email is where a fraudster will send you a Phishing email, but it is from a name you may know.  Well-known global corporates email formats are copied and fraudsters trick you into believing your package or order needs your attention by clicking on a link, to obtain your security details.

    Recently this has developed into sending specific emails (also called ‘spear phishing’). This might relate to a real estate sale or purchase or hospital expense, claiming to be from a lawyer and requiring your payment, to the attached bank details.

    Fraudsters obtain details through various means and can create a spoof mail that looks legitimate and you are expecting it, making it even easier for them to persuade you to make the payment.

    Hacking

    Fraudsters have obtained access to your email account and are able to read and create emails in your name. This means they can mail your friends and contacts, as well as knowing what financial deals you may have underway, and create that ‘spoof’ email to encourage you to make a payment. Please change your password if you see or receive any unusual activity.

    Don't unsubscribe on emails from random advertisers

    To check if your email is valid, fraudsters send a spoof/spam email with shopping, sports, or holiday offers. If you click to unsubscribe, they will then have a valid email address and can target you as they try to obtain more information about you.

    Review your sent and deleted items folder

    Take time to check your sent and deleted items folder on your computer. Are there messages you have not sent?  Your computer may have a virus or your email account may have been hacked or compromised.

    Don’t store confidential information in your email folders. Store personal documents and emails on your computer in a secure folder on your computer.  You can also securely store documents in My Briefcase on Investec Online. 

    Attachments or links

    Avoid clicking on any links or opening attachments included in unexpected emails, texts, or social media messages. These may be disguised as a tax refund, parcel delivery, invoices to get you to click on them.

  • Text messages

    In the same way that email addresses can be spoofed, so can phone numbers. That way, it can look as though you’re receiving a call from a trusted number – even your bank’s genuine one. Text messages from spoofed numbers can appear in an existing thread of messages. 

     

    Recently, many consumers have been receiving fraudulent texts asking them to confirm a transaction they did not authorise, or verify a new beneficiary that has been added. However, the message will contain a link to click through to, if you don’t recognise the transaction. This leads to a phishing page, where victims are asked to input their details. Alternatively, the compromised site can download malware to your device.

     

    • If you get a message about account activity you were not expecting, call your bank immediately on a trusted number. 
    • Don’t click on links contained in this type of SMS.
    • If you want to access online banking, do so through the app or known website, which you can find on Google. 
    • You can also report suspicious texts by forwarding the original message to 7726, which spells SPAM on your keypad.