What to do if you think there's an issue

If you think you've become a victim of fraud or you spot suspicious activity on your account, please report is straight away.

Step 1

Contact us immediately on 0330 123 5985 if you're in the UK, or +44 (0)20 7597 2836 if you're abroad. 

Step 2

Contact the UK Police's National Fraud & Cyber Crime Reporting Centre. 

Take care with your login details

We do send you emails and letters from time to time. However, we will never send you an email asking for your security information or login details, or direct you to a webpage that asks for this information. We will also never send you an email with a link to Investec Online. You should always log in to Investec Online by visiting investec.co.uk and selecting the login icon - you can find advice on the best way to do this on our dedicated webpage about logging in

Fraud information from the authorities

Types of fraud

Unfortunately, there are hundreds of categories of fraud. The National Fraud & Cyber Crime Reporting Centre maintains a list of fraud types on their Action Fraud website.

Warning list of unauthorised firms in the UK

The FCA maintain a list of unauthorised firms and individuals that they're aware of, that aren’t allowed to operate in the UK.

International investor alerts

The International Organization of Securities Commissions (IOSCO) maintains a list of firms that are not authorised to provide investment services in the jurisdiction which issued the alert or warning.

How are we working to prevent fraud?

We place the highest priority on the confidentiality and security of your financial information and transactions, and constantly review our infrastructure and security measures, to ensure they meet stringent security requirements. Find out more about this work below. 

  • Encrypting data

    Investec Online is hosted on a secure, 128-bit encrypted server. This means that any information you send us is encoded for your protection.

    Timed log out

    Investec Online logs you out if you don't use the service for 10 minutes. This gives you added protection if you forget to log yourself out.

    Deactivation of your login details

    We'll automatically disable your access to Investec Online if three incorrect attempts are made to log in using your details. This is to stop fraudsters making repeated attempts to get into your accounts.

    'Traffic lights' - extended validation certificates

    If you use one of the more recent Internet Browsers, when you log in to our online service, the address bar (which starts with 'https://') will turn green. It's an extra way of helping you check that a website is safe, secure and trustworthy.

  • Timed log out

    Investec Online logs you out if you don't use the service for 10 minutes. This gives you added protection if you forget to log yourself out.

  • Deactivation of your login details

    We'll automatically disable your access to Investec Online if three incorrect attempts are made to log in using your details. This is to stop fraudsters making repeated attempts to get into your accounts.

  • Two factor authentication

    When you log in to Investec Online, we'll always send you a one-time passcode to your phone, which you'll need to provide us. 

  • Fraud detection technologies

    Our fraud team work to protect our business and clients from becoming victims of fraud, through prevention, deterrence, detection, mitigation, repair, recovery and investigation initiatives. 

    We also use industry-leading real-time fraud detection systems to pick up potentially fraudulent payments.

  • Malware detection

    We have anti-malware detection systems on our online and mobile banking applications. This helps us to identify whether your device’s security has been compromised. 

How can you prevent fraud?

  • Do not disclose confidential information

    With online fraud, a fraudster will usually trick people into disclosing their passwords, log-in details or other confidential information.

    You can protect yourself by:
    • Not disclosing confidential information over the phone unless you're absolutely sure of the caller's identity. If in doubt, ask for the caller's phone number and check it to see that it's genuine.
    • Never send confidential information by email. It can easily be intercepted by a third party, and companies like ours will never ask you to email personal details, account information or passwords.
    • Keep your login details confidential at all times. Financial companies, including us, will never ask you to disclose your details.
  • Check bank details given to you for transferring money to

    Fraudsters often steal money by tricking you into transferring money to them when you think you're transferring it to someone else. This is often termed a Authorised Push Payment (APP) scam, where the victim is duped into transferring money to an account they are made to think is genuine, but is actually controlled by a fraudster.

    The risk of this happening to you increases when you make a payment to a new beneficiary for the first time, or if an existing beneficiary tells you they have changed their account details.

    Always check the bank details you are given for making transfers. Tactics you can take include:

    • Call a known or independently-sourced number to confirm the bank account details and ensure that your payment will be sent to the intended beneficiary.
    • Use your bank's Confirmation of Payee tool to corroborate the name on the account. Find out more about this on UK Finance's website
    • Don’t call a number in the body of the email - fraudsters can change this.
    • If you’re paying someone for the first time, split the payment into smaller amounts and ensure the first payment has been received by the intended beneficiary before sending the remaining funds.
  • Never allow someone to take remote access of your computer

    Remote access is when someone gains control of a computer, phone, or another device from afar.

    A common scenario is you receive an unexpected call from someone claiming to represent your bank, utility provider, online retailer or computer manufacturer. They claim there is an issue with your computer or network that needs to be resolved immediately, and that any delay can be costly or cause damage to your device. They ask you to download software or allow remote access to resolve the problem.

  • Be awake to investment scams

    In an investment scam, fraudsters will try to convince you to ‘invest’ in an opportunity. This could be in shares, real estate, gold, cryptocurrency, a financial product or another asset.

    In order to make the scam appear legitimate, the fraudsters pretend to represent a known business like Investec Wealth & Investment (UK).

    In an effort to convince you that you are dealing with the actual company they are impersonating, they will often:

    • Send emails from email addresses that appear to be owned by Investec Wealth & Investment (UK). For example, lewis.forbes@investecfixedincome.com and name@investec-im.com have been used by fraudsters before and are fake. 
    • Impersonate members of staff. 
    • Use what appears to be genuine documentation. 
    • Legitimate financial institutions and investment companies will never contact you out of the blue, over the phone or by email.
    • Beware of unsolicited approaches or those where you are pressured to invest by a deadline.
    • Do not call back a number you have been given. Instead, call back only on a trusted number you can find independently. Always verify your investment over the phone if have been corresponding with your investment manager by email, as email addresses can be hacked.
    • Brand impersonation fraud is increasingly common. If you have been contacted by email, pay attention to the sending address. For example, Investec does not use the domain investecwin-uk.com, securemailbox-investec-wealth.com and investec-wealth-ltd.com, but scammers do. 
    • Avoid making rushed decisions, and check the FCA's Warning List of unauthorised firms and the International Organization of Securities Commissions Investor Alerts Portal before making any kind of investment.  
    • Do your research and check several websites for investment opportunities. If a product appears on one website only, this might be a scam. If it sounds too good to be true, it probably is. Interest rates are at an all-time low across all financial institutions. If a product offers a higher-than-average return, it may not be genuine.
  • Be cautious of anyone claiming your account has been compromised

    Typically a courier card scam involves customers being tricked into handing over their bank cards and PINs to fraudsters.

    The scam starts with an unexpected phone call from someone claiming to be from the bank's fraud department, the police, or National Fraud Authority.

    The caller will claim to have identified fraudulent transactions on your account and that your card has been compromised.

    To gain your trust they may ask you to verify the call by phoning the telephone number printed on the back of your card, or give you another number to call.

    This technique holds your phone line open, so that when you try to dial out, they can intercept and re-answer the call, claiming to be the Bank or Law Enforcement.

    The fraudster will advise that your bank card must be collected to protect your card and assist an investigation. Usually they ask you to put your card into an envelope for a courier to collect and provide you with a fake reference number.

    Now you'll be asked to enter your PIN into the phone, or put it into the envelope with the card. A courier comes to your home and collects the card. With your card and PIN, they can now gain access to your account and carry out fraudulent transactions.

    PLEASE NOTE: We may genuinely call you for fraud prevention purposes to verify whether a transaction is genuine. We will NEVER ask for your log-in credentials.

  • Avoid making rushed financial decisions

    Do not rush into a decision, as this is what fraudsters want you to do. You also recommend you check the FCA's Warning List of unauthorised firms and the International Organization of Securities Commissions Investor Alerts Portal before making any kind of investment.

  • Protect your email account from hacking and fraud

    Email is now critical to your day-to-day activities and is used for more than simply communicating with friends and colleagues. For example, you may use your email to:

    • Store receipts and statements
    • Store the registration information for purchased software
    • Assist with the recovery of password for websites 
    • Store details about airline and hotel bookings, with passport and ID information
    • Receive confirmation of financial transactions
    Your email account is now immensely valuable and needs to be protected from loss or theft by criminals, who use a variety of techniques to try and steal the password to access your account:
    • Guessing simple passwords
    • Tricking you to enter your password into a fake site (this is called phishing)
    • Installing a virus on your computer to capture the password as you log in (this is increasingly common in public internet cafes and airport lounges)
    To protect your email account from being stolen, you can take some simple steps:
    • Use a strong password: A dictionary word used for a password can be ‘brute forced’ in seconds. Use a variety of characters, numbers and symbols. 
    • Don’t trust unsolicited emails: And don’t click on the links in unsolicited emails. Criminals often send out emails that look like they came from your bank or wealth manager, with links to fake websites where they capture your passwords as you try to log in.
    We will never ask you to enter your username or password via an email. If you do receive a link to log in, it is a fake and an attempt to defraud you.
    • If your email provider supports strong or two-factor authentication, make sure you use it. 
    • If you suspect that your email account has been compromised, change your password immediately (from a known and trusted PC). 
    gmail security investec


    • On the left tab, click on ‘Security’ and then ‘Edit’ under ‘2-Step verification’. 
    • You will then see a step-by-step guide to help you through the setup process.
    • Once you are done, you will be taken to the two-step verification settings page again. Be sure to review your settings and add backup phone numbers.
    • You are done! Next time you sign in, you will receive an SMS with a verification code.
    Easy Gmail setup for Android users

    If you only access your Google Account from Android devices, you can use a short walkthrough to set up the Google Authenticator application on your phone. With Google Authenticator, you can generate verification codes on your phone even if your phone is not connected to a network.

    • Sign into your Google Account settings page by clicking on your name or picture in the upper right corner of the screen and then click on ‘Account’.
    • On the left tab, click on ‘Security’ and then ‘Edit’ under ‘2-Step verification’. Then click on ‘Settings’.
    • Android users (4.0 or older) will see a screen with the option to install the Google Authenticator app.


    security gmail android investec
    • If you prefer to receive codes by SMS instead of using the Google Authenticator app, click on the link at the bottom of the screen that says ‘You can receive codes by text message (SMS) or voice instead’ and follow the instructions to complete the setup.
    • If you would like to use Google Authenticator, click ‘Send me the app’ to install the app on your phone and follow the instructions on your screen to complete the setup process.
    • You are done! Next time sign in, you will be prompted to enter a code you will receive from the Authenticator app. 


    Yahoo checks not only the password when somebody attempts to log into your account, it also looks at the location and computer where the attempt is made. If it looks suspicious (such a device you have never used before), Yahoo! Mail can require more than just your password, but you must have enabled two-step authentication.

    If you have enabled two-step authentication, a second step is necessary to complete login. This can be a code sent to your mobile phone or answering security questions. You can also turn off the latter and require only mobile phone verification.

    The Yahoo! Mail account is then as secure as your password and access to your mobile.How to protect your account with two-step authentication.

    To add a second layer of authentication for suspicious login attempts (from a new country, for example) to your Yahoo! Mail account:

    • Hover the mouse cursor over your name or icon in the top Yahoo! Mail navigation bar
    • Select ‘Account Info’ from the menu 
    • If prompted, type your Yahoo! Mail password under ‘Password’ 
    • Click on ‘Sign In’
    • Under ‘Sign-In and Security’, follow the ‘Set up your second sign-in verification’ link 
    • Under ‘Further Protect Your Account’ make sure ‘Check this box to turn on the second sign-in verification’ is checked
    • If you already have a mobile phone number associated with your account, click on ‘Use Current Phone’ to use it for two-step authentication or click on ‘Use New Phone’ to use a different phone number.

    Please note that the form on this page may not allow you to enter phone numbers in all the countries Yahoo! can actually deliver verification codes to. You can add those mobile numbers on your account (see below).

    If you have not yet set up a mobile phone number or chose ‘Use New Phone’
    • Enter your phone number under ‘Second Sign-In Verification Setup: Add Mobile Phone’ 
    • Click ‘Receive SMS’
    • Type the verification code received at the number under ‘Enter code’. The code is not case-sensitive
    • Click on ‘Verify Code’
    • To request SMS message verification under ‘Your second sign-in verification is turned on’, choose ‘Use only my mobile phone number for verification’. 
    • For a two-step authentication with a password and security question, you can choose ‘Use either my security question or mobile phone number for verification’.

    Two-step authentication will only apply when you are accessing through the website, not when you are using an App on your phone or PC.

    How to add a mobile number not recognised on the two-step verification form

    To set up a new mobile phone number for recovering access to Yahoo! Mail:

    • Click your name or avatar in the top Yahoo! Mail navigation bar
    • Select ‘Account Info’ from the menu 
    • Follow the ‘Update password-reset info’ link under ‘Sign-In and Security’
    • Click ‘Add another under Mobile Numbers’
    • Enter your mobile phone number
    • Click the country code to pick a different one
    • Click on ‘Save’. 



    To enable two-step authentication, visit the https://account.live.com and then navigate to https://account.live.com/proofs/Manage. Here, you will see a link to set up two-step verification.

    Please note: You cannot have other Microsoft accounts linked to the Microsoft account you are trying to enable two-step authentication for. If you do, you will be prompted to unlink the accounts.

    There is a short wizard. All you really need to do is be contacted via one of the alternate methods you previously supplied, for example a second email address. Microsoft will send a code to that account with the message “We need one more way to make sure you’re you”. When you enter the code, it enables the two-step verification.

    Use two-step authentication

    Two-step authentication is used in two ways - a security code or an app password. Put simply, whenever you need to sign into anything with your Microsoft account credentials (username and password), try doing so normally. If it works, great. Otherwise, you could be prompted to enter a security code. If not, you will need an app password.

    Security code

    If you have signed into Windows 8 with a Microsoft account and trusted the PC, you would have seen the security code prompt: ‘Microsoft will send a text message to your mobile phone that contains this code’.

    security1 investec

    You must then enter that code on the website or in Windows or wherever you are prompted.

    security investec

    That is one form of two-step authentication - your Microsoft account credentials plus the security code.

    App password

    You can now also create an app password for those apps or devices that do not work with the security code system.

    One example is Microsoft Outlook 2013. If you had previously configured Outlook for Hotmail or Outlook.com and then configured the underlying Microsoft account, the next time you use the application, you will be prompted to enter your credentials again. Your normal password will not work - you need an app password.

    security investec

    You can generate an app password at the https://account.live.com, again from https://account.live.com/proofs/Manage.

    Just tap the link ‘Create a new app password’ under App Passwords. When you do, you’ll be provided with an app password that you can type (or copy and paste) into the application.

    security investec

    This also works from mobile browsers like the one on Windows Phone. This is handy because you may run into this issue with mobile apps as well. You can then use the phone’s copy and paste capability to get the app password into the mobile app that’s not authenticating properly against your Microsoft account.

    Authenticator mobile app

    When you need to generate a security code but have no cellular coverage, for example when you are flying, Microsoft provides a mobile app called Authenticator that can generate these codes in offline mode.

    You need to configure the Authenticator app to work with your Microsoft account. Visit https://account.live.com/proofs/Manage on https://account.live.com.

    But this time, click the ‘Set up’ link under Authenticator app. In the next screen, you will be prompted to pair your phone with your Microsoft account using a bar code tag.

    security investec

    In the Authenticator app on Windows Phone, tap the Add (+) app bar button to add your account.

    security investec

    Then, tap the ‘Scan’ button that resembles a camera icon to scan the bar code. The app will quickly scan the bar code and then generate a code that you can type into the web page. Then, click the ‘Pair’ button to complete the process.

    Going forward, the app will generate a new code automatically every 30 seconds. If you ever need to use a code to sign into your Microsoft account and your phone is offline, you can use this app to get the code. 

  • Be aware of someone impersonating Investec Wealth & Investment (UK)

    Our staff will tell you they're contacting you from Investec Wealth & Investment (UK), but fraudsters can too.

    By adding official-looking logos, registration details and company numbers, these well-crafted deceptions give the impression that everything is right. If you’re not sure, call your local Investec Wealth & Investment (UK) office, and never use phone numbers supplied by the person you’re suspicious of.

    Remember – Do not disclose any security details, and if you are told there is a deadline or a matter of urgency, then hang up and call us.

  • Be wary of cryptocurrency scams

    Fraudsters are increasingly marketing lucrative “investments” in bitcoin or other cryptocurrencies as a way to make money quickly. You may be asked to make a bank transfer to your new “crypto wallet,” after which the fraudsters will disappear with your money and the investment will never materialise.

    Protect yourself by following these rules:

    1. Always be aware of the risks associated with cryptocurrency investments
    2. Do not transfer money to a cryptocurrency wallet that you didn’t set up yourself
    3. Check the FCA warning list to ensure you are not dealing with a fraudulent investment provider
    4. Always call the provider to verify the investment on an independently sourced number, not the one found in an email or documents you have been sent.
  • Be careful with SMS messages from companies

    Text messages (SMS) that impersonate genuine companies such as a tax authority, a postal service or your financial institution are on the rise. They may appear to be genuine, but are designed to steal data or to get you pay them. This is called ‘smishing’ (SMS phishing).

    Always remember:

    1. Never click on a link within a text message. Instead, call the organisation on an independently sourced number to confirm if the message is genuine. Don’t call the number in the text message.
    2. If you want to access Investec Online, do so through the Investec app or through www.investec.co.uk. Don’t use a website link someone has sent you.
    3. Never respond to a suspicious message. 
  • Protect your devices

    There’s no such thing as free wifi. Make sure no-one can access or install malware on your computer and mobile devices.

Help from other organisations

Victim Support

An independent charity dedicated to supporting people affected by crime and traumatic incidents in England and Wales. 

Take Five to Stop Fraud

A national campaign that offers advice to help everyone protect themselves from financial fraud. 

Investec Wealth & Investment (UK) is a trading name of Investec Wealth & Investment Limited which is a subsidiary of Rathbones Group Plc. Investec Wealth & Investment Limited is authorised and regulated by the Financial Conduct Authority and is registered in England. Registered No. 2122340. Registered Office: 30 Gresham Street. London. EC2V 7QN.