Protecting yourself against fraud
Wealth & Investment
Investec Wealth & Investment is committed to keeping your assets safe. We work alongside the guidance from our regulator, the Financial Conduct Authority, and also the National Crime Agency to put measures in place to help guard your assets against cyber-crime which will include separately checking the validity of e mail instructions that we receive.
Raising your awareness of the common threats which emanate from the various aspects of cyber-crime will help you to protect yourself against this daily threat.
Helping you to stay safe online
We provide advice on how to keep your identity, computer and money safe while using the Internet.
What should I do if I've fallen victim to fraud on my Investec accounts?
Contact us immediately if you think you are or may be a victim of fraud on your Investment Account, Investec card or bank account.
We take online security very seriously
We place the highest priority on your online security; however you need to take some basic precautions when using the Internet and banking online, to protect your identity, your information and your finances.
What we are doing to protect you
We place the highest priority on the confidentiality and security of your financial information and transactions and are constantly reviewing our infrastructure and security measures, such as firewalls and encryption technology to ensure they’re up to date and meet our stringent security requirements.
We invest significant resources in maintaining the security of Investec Online Banking, some of them are detailed below:
Our Online Banking service is hosted on a secure, 128-bit encrypted server. This means that any information you send us is encoded for your protection.
Timed log out
Online Banking logs you out if you don't use the service for 10 minutes. This gives you added protection if you forget to log yourself out.
Deactivation of your login details
We'll automatically disable your access to Online Banking if three incorrect attempts are made to log in using your details. This is to stop fraudsters making repeated attempts to get into your accounts.
Shopping on line
Verified by Visa, which we provide in association with Visa, protects your cards against unauthorised use when you shop online at participating retailers. When you buy something in a shop using a Investec Card, you validate the transaction by entering your PIN or signing a receipt. Verified by Visa mimics this process online by providing a digital receipt that you authorise using a password.
If you're planning to travel, it's best to let us know in advance. This helps avoid problems with using your cards and accounts overseas, as well as helping to protect you from fraud while you're away.
'Traffic lights' - extended validation certificates
If you use one of the more recent Internet Browsers, when you log in to our online banking service, the address bar (which starts with 'https://') will turn green. It's an extra way of helping you check that a website is safe, secure and trustworthy.
What you need to do to protect yourself
To stay secure, please read the following recommendations for best practice online security options:
Install a personal firewall product
Hackers can infect home computers by connecting to your computer while you’re surfing the internet. The best way to protect your computer from unauthorised connections from the internet is to install a personal firewall. There are several options on the market, some of which are free.
- Zone Labs
The firewall sits between your computer and the internet and acts as a security guard, restricting what can enter and leave your computer.
At first, the firewall may ask you what you want to allow in or out of your computer. However, it soon learns to make these decisions independently, based on the decisions you make early on. The most important point is never to allow anyone else to connect to your computer.
Regularly use an antivirus product, and keep it updated
These products can also scan for spyware and adware.
The most common way to receive a virus is through an attachment to an email. Attachments may appear to be word documents, spreadsheets or pictures but often contain malicious viruses. If you use email at home, you should use an anti-virus product to protect yourself and never open an attachment that has not come from a trusted source.
There are many anti-virus products and some are available for home users free of charge:
- Zone Alarm
With any anti-virus product, it’s important to keep it up to date, so to protect against new viruses that are released. Most commercial products (such as McAfee, Kaspersky and Symantec) have a mechanism to update themselves automatically. The free products typically need to be updated manually.
The anti-virus product should also be scheduled to scan your computer regularly in order to detect and clean out any viruses.
Do not open unsolicited emails with attachments
These may contain a virus. Also, if you receive an unwanted email saying "reply to unsubscribe", ignore it. Senders can use this to confirm your email address is valid - and are then likely to send you more emails.Review your “Sent items” folder.
If it contains messages that have been sent without your knowledge, your computer may have a virus or may have been compromised
Update your operating system (Windows, Mac) and browser (Internet Explorer, Firefox, Safari)
Make sure your computer software has all the necessary security updates available from the vendor. It’s best to ensure this is done automatically.
Ensure no one has unauthorised access to your computer
Destroy or delete anything containing login details or security information
Even if we sent it to you.
Never email, write down or tell someone your security information or logon details
The only time you will ever need to enter your Investec Online Banking user ID, password and secret is when you log on to Investec Online Banking at investec.com.
Do not save login details or passwords on your computer
Disable, refuse or decline any on-screen prompt on your computer which asks if you wish the computer to remember any of your security information or logon details.
Avoid reusing the same security information
You should create and use different passwords for each service provided by us, another member of Investec Group or another service provider.
Don’t leave a computer unattended while logged on to Investec Online Banking
Change your passwords regularly
Avoid familiar names, numbers and places (such as birthdays and phone numbers).
Be aware of ‘shoulder-surfers’.
Shoulder surfing refers to people who use direct observation techniques, such as looking over someone's shoulder to get information. Shoulder surfing is particularly effective in crowded places because it’s relatively easy to watch someone as they fill out a form or enter their PIN or passwords at a cash machine or while using online banking.
Protect your printed or physical information just as you would protect your valuables
This includes statements from financial institutions, shops and utility bills. Shred or destroy any personal documents you don’t need to keep.
Always log off from Investec Online Banking
It’s important to always end your session by clicking on the Log off menu item before closing the browser. Investec Online Banking does have an automatic timeout feature for security purposes, but we always recommend you end your Investec Online Banking session once you’ve completed your online banking activities.
Protect yourself from fraud
There are numerous scams that fraudsters are using to steal from you or trick you into paying money or sharing personal information.
Identity theft and Social engineering
Social engineering is the act of manipulating people into doing what you want. In terms of online fraud, a fraudster will usually trick people into disclosing their passwords, log-in details or other confidential information.
You can protect yourself by:
- Not disclosing confidential information over the phone unless you're absolutely sure of the caller's identity. If in doubt, ask for the caller's phone number and check it to see that it's genuine.
- Never sending confidential information by email. It can easily be intercepted by a third party, and companies like ours will never ask you to email personal details, account information or passwords.
- Keeping your PIN confidential at all times. Banks, including us, will never ask you to disclose your PIN.
Your identity is a valuable commodity, however over 100,000 people fall victim to identity theft each year.
Identity theft is when a fraudster steals your personal or financial details, which criminals then use to impersonate you, open bank accounts, obtain credit or set up businesses.
Once your details are stolen, you could become a victim of identity fraud.
Be suspicious if you notice any of the following:
- Bills, invoices or receipts addressed to you - for goods or services you haven't ordered
- Letters from solicitors or debt collection agencies regarding debts that aren't yours
- Letters or statements for bank accounts you did not open
- Transactions appearing on your bank statements (normally withdrawals) that you don't recognise
- New accounts showing up on your credit report
- Documents like your passport, driving licence, utility bills or bank statements have gone missing
If you’ve been a victim of identity fraud you should act quickly – don’t ignore the problem. Even though you didn’t order those goods or open that bank account, the bad debts will end up under your name and address.
Contact us immediately if you think you are or may be a victim of fraud on your Investment account, Investec card or Bank account or you suspect that somebody has accessed your on line account.
If you think you’re a victim of this kind of identity fraud, you should report the matter to the relevant organisation. Depending on their advice, you should then alert your local police force. You should report all lost or stolen documents – such as passports, driving licences, plastic cards, cheque books – to the relevant organisation.
You can learn more about identity theft at the UK Police’s Action Fraud website.
Advance fee frauds
Advance fee frauds or Nigerian 419 scams
Advance Fee Frauds or Nigerian 419 scam (the name comes from section 419 of the Nigerian criminal code) combine the threat of impersonation fraud with a variation of an advance fee scheme in which a letter or email offers the recipient the “opportunity” to share in a percentage of millions of dollars that the author is trying to transfer illegally out of a developing country. The scheme relies on convincing a willing victim, to send money to the author in several instalments of increasing amounts for a variety of reasons.
Payment of taxes, bribes to government officials, and legal fees are often described in great detail with the promise that all expenses will be reimbursed as soon as the funds are spirited out of the country. In fact, the millions of dollars do not exist, and the victim eventually ends up with nothing but loss.
If you receive a letter or email from anybody asking you to send personal or banking information, do not reply; simply delete the letter or email.
Remember the golden rule: If it sounds too good to be true, it probably is.
Phishing (pronounced fishing) is a process used by fraudsters in an attempt to acquire your confidential information by sending out emails or other kinds of messages that direct you to bogus websites or phone lines. They believe that if they send out enough emails somebody will respond (or “bite”) and provide personal or financial information.
These emails or messages claim to be from a particular company, so they often look legitimate. But these messages are actually sent by fraudsters, often at random. Any information you disclose on these bogus websites or phone lines is captured by the fraudsters.
You can protect yourself by treating any unsolicited emails or calls that ask for confidential information with suspicion. If in doubt about the validity of a particular message, contact the company that supposedly sent you the message to make sure it’s genuine.
To learn more about phishing, visit the UK banking industry’s website Bank Safe Online.
If you have received a fraudulent or suspicious email, which you have not responded to please forward the e-mail to [email protected].
If you have responded to a phishing email please Contact us as soon as possible to help us protect you and your finances.
Please note, we may send you emails from time to time. However, we will never send you an email asking for your security information or logon details, or direct you to a web page that asks for this information. We will also never send you an email with a link to Investec Online Banking.
Malware is the collective term for any malicious software that might infect a computer, including Trojans, viruses and spyware. The development and spread of malware is becoming increasingly sophisticated and is driven by organised criminals for financial gain.
A trojan is a type of malware that is capable of stealing information, recording your passwords and other personal details by capturing your keystrokes or taking screen shots of sites you visit. These details are then sent to the fraudsters to help them steal your money.
Trojans can be installed from infected websites or storage devices connected to the computer and you may not even know that you are infected.
The best way to protect yourself from trojans is to install firewalls and internet security software on your computer and to keep these things up-to-date.
Viruses are designed to replicate and multiply, spreading between computers. They can cause severe problems, sending out spam email, slowing down or crashing your computer, corrupting or deleting files, and sending confidential information to fraudsters. Viruses may even redirect your internet browser to spoof websites.
The most effective protection is to keep your computer’s security up-to-date and anti-virus up-to-date.
Spyware is designed to invade your privacy, gathering information about your computer and internet activity. Spyware can also be responsible for irritating pop-up adverts, slowing down your computer, and sending confidential information to fraudsters.
Spyware can be installed from infected websites or storage devices connected to the computer and you may not even know that you are infected.
The most effective protection is to keep your computer’s security up-to-date. Many anti-virus packages now come with built-in protection against spyware, so make sure you always have the latest version.
Most bank accounts do not allow customers to make online cross-border transfers. Since most online fraudsters tend to be based outside the UK or SA, they need people to help launder the funds they receive from their scams. These people are called money mules and they are often innocent victims themselves.
Money mules receive funds into their accounts that fraudsters have stolen. These funds generally come from other victims whose bank accounts UK have been compromised. The money mules are then encouraged to send the funds to the fraudsters overseas using a wire-transfer service, minus their commission.
Money mules are recruited through a variety of methods, including spam emails, genuine job search websites, email responses to a victim's online CV, instant messaging and newspaper ads.
This scam offers you the chance to earn some easy money for a few hours' work each week, but beware: Handling money that's been obtained fraudulently is a crime, even if you're not knowingly complicit in the crime.
You can protect yourself from becoming involved by:
- Treating any unsolicited job offers with suspicion, especially if the company is based overseas.
- Verifying the details of any company that you’re considering working for.
- Not giving your bank account details to anyone whom you don't know and trust.
Assisting a criminal transfer of monies to another account could make you subject to criminal investigation, which may lead to your prosecutionRemember the golden rule: If it sounds too good to be true, it probably is.
Lost and stolen card fraud
Counterfeit card fraud or skimming
A counterfeit card can be a fake card or a valid one that’s been altered or recoded.
Most cases involve skimming, when the data on your card’s magnetic strip is electronically copied on to another card without your knowledge.
Skimming commonly occurs at retail outlets – particularly bars, restaurants and petrol stations – and at cash machines that have been illegally fitted with a skimming device. The stolen data is then used to create counterfeit cards.
Most people are unaware that they’ve fallen victim to this fraud until their statements arrive.To protect yourself:
- Don’t leave your card with bar or restaurant staff for long periods
- Don’t let retail staff take your card away to process payments
- Check cash machines for signs of tampering before you use them
- Card-not-present fraud
This is the most common type of card fraud. It occurs when fraudsters steal your card details and use them to buy things over the internet or by phone, fax or mail. Always be aware of who you are dealing with.
To protect yourself:
Avoid entering your card details on shared or public computers
Always remember to log out of any websites where you’ve entered your card details
Only enter your card details on secure sites (ie, those whose web address begins with ‘https’ and have a padlock in the browser window)
Keep a close eye on your statements and report any fraudulent transactions immediately
What should I do if I've fallen victim to card fraud
Contact us immediately if you think you are or may be a victim of fraud on your Investment Account, Investec card or Bank account.
In 2013, there has been an increase in ATM card swapping and jamming:
Card swapping usually happens when a fraudster claims that the ATM is faulty and offers a client assistance. He/she will then swop the client’s card and use it at another ATM to withdraw funds.
With card jamming, an ATM is tampered with and will hold a client’s card in the card reader. The fraudster will then collect the card and attempt to withdraw funds from the account at a later stage.
Tips to keep safe at ATMs:
- Contact us immediately report any suspicious activity to them.
- If anyone offers to assist you at an ATM or is lurking around the area, rather go to another ATM.
- Keep your PIN safe at all times. Don't write your PIN down or save it on a device, rather memorise it.
- Make sure you are using the correct card at the ATM and make sure you get the correct card back when you are done.
- Be aware of any skimming devices and mini cameras attached to the ATM and look out for any sign of tampering with the card reader slot.
- If you receive an SMS notification for a transaction that you are unaware of, please contact the Investec Client Support Centre immediately.
- If the ATM keeps your card or it is lost or stolen, please contact the Client Support Centre immediately to cancel the card.
Courier or Police Scams
Typically a courier card scam involves customers being tricked into handing over their bank cards and PINs to fraudsters.
The scam starts with an unexpected phone call from someone claiming to be from the bank's fraud department, the police, or National Fraud Authority.
The caller will claim to have identified fraudulent transactions on your account and that your card has been compromised.
To gain your trust they may ask you to verify the call by phoning the telephone number printed on the back of your card, or give you another number to call.
This technique holds your phone line open, so that when you try to dial out, they can intercept and re-answer the call, claiming to be the Bank or Law Enforcement.
The fraudster will advise that your bank card must be collected to protect your card and assist an investigation. Usually they ask you to put your card into an envelope for a courier to collect and provide you with a fake reference number.
Now you'll be asked to enter your PIN into the phone, or put it into the envelope with the card.
A courier comes to your home and collects the card. With your card and PIN, they can now gain access to your account and carry out fraudulent transactions.
PLEASE NOTE: The bank may genuinely call you for fraud prevention purposes to verify whether a transaction is genuine. We will NEVER ask to collect your card, for your PIN number, card details or Online/Telephone banking log-in credentials.
How does cheque fraud occur?
Cheque fraud takes place when a fraudster uses a stolen or counterfeit cheque to pay for goods and services. More than 90% of fraudulent cheques are stopped before any loss occurs. But even so, cheque fraud still costs millions of pounds a year.
These losses can be compounded when the fraud also involves an ‘overpayment’. This occurs when the fraudster – who is often part of an organised gang – targets the seller of a high-value item, such as a car, and offers to pay using a stolen or counterfeit cheque made out to more than the price of the goods. Once the cheque clears, the victim is asked to transfer this ‘overpayment’ to a third party, as well as handing over the item to the fraudster.
When the real cheque owner discovers that money has been stolen from his or her account, the victim can be obliged to repay the total sum – even if this happens several weeks later.
How to protect yourself against cheque fraud
- Don’t accept cheques from anyone unless you know and trust them, especially when a high-value cheque is involved.
- Be aware that there’s a risk that money credited to your account from a cheque could be reclaimed if the cheque turns out to be stolen or counterfeit.
- Always consider other ways of accepting payment for high-value items – a CHAPS payment (or guaranteed, same-day bank transfer) is ideal. Be especially wary if the buyer is unwilling to pay or split the relatively small cost involved with you.
- Keep your chequebook in a safe place.
- Report any missing cheques to your bank immediately.
- Always check your bank statements thoroughly.
What should I do if I've fallen victim to cheque fraud
Contact us immediately if you think you are or may be a victim of fraud on your Investment Account, Investec card or Bank account.
Allen and Violet Large
We are aware of several fraudulent emails circulating, which appear to come from Investec but actually come from organised criminals.
The emails state that you have been selected by a Canadian couple called Allen and Violet Large to receive a significant donation from their lottery winnings.
These emails are nothing to do with Investec and are actually part of an "Advance Fee Fraud", more commonly known as a "Nigerian 419 scam". For more information on Advance fee fraud or Nigerian 419 scams, please see the FBI website.
If you have received one of these emails, do not respond to the fraudsters but simply delete the email.If you have paid any money, you should report this to your local law enforcement for them to investigate.