Protect yourself against pension fraud
15 March 2019
How to avoid succumbing to the scammers trying to talk people into putting their funds into non-existent investment schemes.
5 min read
One of the ways that fraudsters target people is through Authorised Push Payment (APP) scams where the victim is duped into transferring money to an account they are made to think is genuine, but is actually controlled by a fraudster.
The risk of this happening to you increases when you make a payment to a new beneficiary for the first time, or if an existing beneficiary tells you they have changed their account details.
It can be very difficult to recover the funds if this happens, as fraudsters try to withdraw the money as soon as it arrives in their account. However, you can protect yourself by being vigilant and familiarising yourself with some common scams and our guidance on what to look out for.
If you have any concerns, or if any of the below advice relates to a payment you are about to make, contact us immediately on one of the numbers below.
Are you a UK Private Bank client needing support?
Please see your emergency help page.
One of the most common types of fraud is hacking and spoofing emails. Fraudsters can gain access (hack) to your email account without your permission, or spoof emails to make the email look like it is from someone you know or trust.
For example, you are having some works done on your house, and a builder sent you an invoice via email. You may also receive an e-mail from a firm such as a solicitor, conveyancer or supplier, advising you that they have changed their bank account details.
The third party’s email has been hacked, and fraudsters have amended the bank details in the invoice. You think you are paying the genuine contractor, but are actually transferring funds to the fraudster’s account.
Remote access scams
Remote access is when someone gains control of a computer, phone, or another device from afar. You receive an unexpected call from someone claiming to represent your bank, utility provider, online retailer or computer manufacturer. They claim there is an issue with your computer or network that needs to be resolved immediately, and that any delay can be costly or cause damage to your device. They ask you to download software or allow remote access to resolve the problem.
A cold-call like this can be very convincing, but in reality, it is a fraudster trying to obtain your personal details or gain access to your system/account. This is a great way for them to find out your username or password. They may even ask you to log into your online banking account, “just to make sure everything is fine”.
If you get asked to pay funds into a “safe account,” please refer to ‘Safe’ account scams for further information.
In an investment scam, fraudsters will try to convince you to ‘invest’ in an opportunity. This can be in real estate, gold, cryptocurrency, a financial product or another asset. In order to make the scam appear legitimate, the fraudsters pretend to represent a known business like Investec. Sometimes they also impersonate members of staff and will even use what appears to be genuine documentation to help convince you that you are dealing with the actual company they are impersonating.
For example, fraudsters have marketed fake Investec products by using these false contact details and websites, which are not affiliated with Investec:*
Fraudulent email accounts:
Fraudulent phone numbers
+44 (0)208 133 8221
+44 (0)208 133 4732
+44 (0)20 3769 1499
+44 (0)20 7193 1196
+353 (1)902 6708
+353 (1)960 9847
+44 (0)20 8191 0054
+44 (0)20 3883 8545
+44 (0)20 7183 1761
+44 (0)20 7183 2517
+44 (0)20 3670 2415
+44 (0)20 3769 4184
+44 (0)20 7769 4325
+44 (0)20 4577 3572
+44 (0)20 4577 0935
+44 (0)7515 256321
+44 (0)7876 244756
+353 (1)902 6708
+27 69 453 3331
+27 69 450 5122
+27 68 230 8681
+27 68 260 2896
+27 68 474 6402
+27 69 451 2260
+27 68 161 0374
+27 69 452 2236
+27 69 452 0018
+27 69 453 8399
+27 (61)474 0381
*This is not an exhaustive list: criminals routinely use new contact details to try and defraud their victims.
Firstly, call your bank immediately. Tell them about any payments you made which are linked to the scam. It might be possible to recover some of the funds by calling the beneficiary bank. Investec cannot do this for you even if you are not our client.
Yes. After speaking to your bank, you should report the incident to the police via Action Fraud. Investment scams are a criminal matter.
If the fraudsters have access to your personal information, like a copy of a passport or bank statement, they can use this to impersonate you. You can protect yourself by registering a protective registration with Cifas or with other external identity protection services such as Experian or Equifax.
Once cases are identified we are preventing fraudsters from impersonating Investec by taking down fake websites and malicious email domains. But to do this, we need the original email sent to you by the fraudster. You can send this to us by doing the following:
1. Open a new email to [email protected]
2. Attach the original email from the fraudster. In some email providers you can drag and drop the message into the new email, or copy and paste the message.
3. Avoid simply forwarding the email. This erases some critical data we need to take down the fake domains.
You can contact our Client Support Centre at any time by calling 0330 123 3655 / +44 20 7597 4131 outside the UK.
If you have fallen victim to this scam, the fraudsters may attempt to contact you again with other investment opportunities. Alternatively, they may claim to represent a bank or agency that can recover any losses. They may tell you that your funds have been reinvested in cryptocurrency or that you are due a cheque. Do not be fooled, this is simply a continuation of the same scam.
Details previously used:
For more details on how to identify an investment scam, refer to the Money Advice Service page.
‘Safe’ account scams
You may receive a call, text, or email from someone who claims they are from the police, utility company, a regulator, tax authority, or even your bank’s fraud team. They may know your name and address, and try to gain your trust by asking you to confirm some personal details. They then tell you that your account has been compromised, and you need to transfer funds to a “safe account” as soon as possible.
Alternatively, you could receive an SMS in an existing chain from your bank, asking to confirm a payment you didn’t make. This is followed by a link or phone number to call ‘if it wasn’t you’. The person you speak to may know your name and address and try to gain your trust by asking you to confirm some personal details. They will then say that your account has been compromised and to protect yourself, you need to transfer funds to a “safe account” as soon as possible.
Banks, the police, and utility providers will never ask you to transfer money to a safe account, nor will they charge a fee to release money owed to you. This is a scam. Once you have made the payment, the fraudsters will disappear with your money.
If you think the call may be genuine, you can always call back. However, always call back on a known and trusted number and not the one you just received the call from. It’s best to call from a different phone altogether, as fraudsters are able to hold the line when you think you’ve hung up.
Online/ purchase scams
You are looking to rent a holiday home and come across a website (or social media profile) that advertises beautiful properties at great prices. The site can have many positive reviews from happy customers, or mentions a “promotional sale” on holiday deals. When you contact the advertiser, you are asked to make an advanced fee payment by bank transfer rather than paying through the rental platform itself. This may also occur when you look to buy event tickets online.
Fraudsters can easily set up fake websites and social media profiles advertising holiday rentals. However, the property does not belong to the advertiser at all: the site’s sole purpose is to convince individuals to transfer money to a fraudulent account.
Alternatively, the fraudster has “sold” an event ticket they do not own on a fake website.
Be suspicious – if the deal looks too good to be true, it probably is. Particularly if it’s time-limited or involves a discount for immediate payment.
Dating apps and websites have grown increasingly popular in recent years, and are used by people of all ages. While using a dating website, you meet someone online who is very keen to enter into a relationship. They are very interested in your life and make frequent contact, usually asking to move away from the site and into a personal messaging method. The messaging can go on for many weeks and months.
Fraudsters can set up fake dating profiles and begin chatting online easily. At first, there will be nothing suspicious about the interaction. Once you have been communicating for a while, they may tell you a story about themselves and ask for financial help. Once you transfer over money, they will vanish from your life altogether.
Be wary if the relationship is progressing very quickly, especially if the person you’re speaking to asks you to keep it a secret from friends and family. Friends and family members may have a fresh perspective on the situation and could help point out it may be a scam.
You receive an unsolicited call or email from someone offering a free review to increase the returns on your retirement savings, or promise early access to your pension.
Similar to an investment scam, you may be promised huge returns on an investment that doesn’t exist. Alternatively, promises of early release of funds can be an attempt to convince you to transfer over funds, but be left with a large tax bill instead.
Do your own research before making changes to your pension plan, and only discuss it with financial advisers registered with the FCA.
You can discuss your pension information needs with the Money and Pensions Service, and further details can be found in Focus UK.
Money mule/ transfer agent scams
While searching for job offers online, you come across an advert which offers easy money. The job will require receiving funds temporarily into your bank account, for which you will receive payment. You may also be asked to withdraw the cash and hand it over to another individual, or transfer it overseas.
Fraudsters need to hide stolen funds in legitimate accounts - these are called money mule accounts. If you are caught doing this, the consequences are severe and can result in a criminal record. This will also cause significant difficulties in obtaining credit in the future.
Don’t be lured by promises of easy money, the consequences are not worth the risk.
Helpful tips about online banking, your computer, mobile phone and other devices.
Stay safe with Investec Online
Investec Online logs you out if you don't use the service for 10 minutes. This gives you added protection if you forget to log yourself out. However, we recommend you always log out and end your session by using the ‘Log out’ button before closing the browser.
We'll automatically disable your access to Investec Online if three incorrect attempts are made to log in using your details. This is to stop fraudsters making repeated attempts to get into your accounts.
Protect your identity
Before travelling, contact our 24/7/365 global Client Support Centre or let your banker know that you’re away. We will be able to monitor your profile for any suspicious or fraudulent activity.
You can also enter your travel dates on Investec Online and the App before your travel.
Protect your devices
Please do not use free public Wi-Fi when trying to access your banking and online transactions.
In fact, do not try to access any account that requires a user name and password – even social media, when using free Wi-Fi, because of ‘sniffing’. ‘Sniffing’ is the phrase used by fraudsters to capture data from your laptop or mobile phone. When you launch an app (especially those that have stored your user ID and password), your security details are re-sent every time you launch the app, sometimes in an unencrypted form. Then, when you view your email accounts or social media posts, your security details are captured and used by fraudsters, who begin creating a profile of you.
Install firewalls and antivirus
Always Install a personal firewall product and antivirus protection product for your devices. The firewall sits between your computer and the internet and acts as a security guard, restricting what can enter and leave your computer. Hackers try to access or infect home computers by connecting to your computer while you’re surfing the internet. The best way to protect your computer from unauthorised connections from the internet is to install a personal firewall. There are several options on the market, some of which are free.
At first, the firewall may ask you what you want to allow in or out of your computer. However, it soon learns to make these decisions independently, based on the decisions you make early on. The most important point is never to allow anyone else to connect to your computer.
Detect and avoid malware
If you lose your device, call our 24/7global Client Support Centre to disable it, or disable the device yourself via Investec Online. Once disabled, it can no longer be used to access our online services.
Spot suspicious emails
‘Phishing’ is when fraudsters send thousands of emails in the hope that they will catch a victim. It just takes one to make it worthwhile. The email may look real, but there are always small clues to warn you.
Always take time to read an unexpected email. Fraudsters are counting on you being far too busy or worried so you don’t think clearly and will do what they request.
A ‘spoof’ email is where a fraudster will send you a Phishing email, but it is from a name you may know. Well-known global corporates email formats are copied and fraudsters trick you into believing your package or order needs your attention by clicking on a link, to obtain your security details.
Recently this has developed into sending specific emails (also called ‘spear phishing’). This might relate to a real estate sale or purchase or hospital expense, claiming to be from a lawyer and requiring your payment, to the attached bank details.
Fraudsters obtain details through various means and can create a spoof mail that looks legitimate and you are expecting it, making it even easier for them to persuade you to make the payment.
Fraudsters have obtained access to your email account and are able to read and create emails in your name. This means they can mail your friends and contacts, as well as knowing what financial deals you may have underway, and create that ‘spoof’ email to encourage you to make a payment. Please change your password if you see or receive any unusual activity.
To check if your email is valid, fraudsters send a spoof/spam email with shopping, sports, or holiday offers. If you click to unsubscribe, they will then have a valid email address and can target you as they try to obtain more information about you.
Take time to check your sent and deleted items folder on your computer. Are there messages you have not sent? Your computer may have a virus or your email account may have been hacked or compromised.
Don’t store confidential information in your email folders. Store personal documents and emails on your computer in a secure folder on your computer. You can also securely store documents in My Briefcase on Investec Online.
Avoid clicking on any links or opening attachments included in unexpected emails, texts, or social media messages. These may be disguised as a tax refund, parcel delivery, invoices to get you to click on them.
Spot suspicious text messages
In the same way that email addresses can be spoofed, so can phone numbers. That way, it can look as though you’re receiving a call from a trusted number – even your bank’s genuine one. Text messages from spoofed numbers can appear in an existing thread of messages.
Recently, many consumers have been receiving fraudulent texts asking them to confirm a transaction they did not authorise, or verify a new beneficiary that has been added. However, the message will contain a link to click through to, if you don’t recognise the transaction. This leads to a phishing page, where victims are asked to input their details. Alternatively, the compromised site can download malware to your device.