Protecting yourself from fraud

ShellShock / Bash vulnerability

You may be aware of media reports regarding a security bug called ShellShock or Bash which allows criminals to attack and compromise vulnerable systems. Investec takes the protection of your information and our banking services seriously. We reassure you that none of our online systems are affected by this vulnerability and that we continually monitor the security of our sites and take ongoing action to protect them. If you have any queries, please contact your Private Banker or email

Helping you to stay safe online

Advice on how to keep your identity, computer and money safe while using the Internet.


What should I do if I've fallen victim to fraud on my Investec accounts?

Contact us immediately if you think you are or may be a victim of fraud on your Investment Account, Investec card or Bank account.


We take online security very seriously

We place the highest priority on your online security; however you need to take some basic precautions when using the Internet and banking online, to protect your identity, your information and your finances.

  • What we are doing to protect you

    We place the highest priority on the confidentiality and security of your financial information and transactions and are constantly reviewing our infrastructure and security measures, such as firewalls and encryption technology to ensure they’re up to date and meet our stringent security requirements.


    We invest significant resources in maintaining the security of Investec Online Banking, some of them are detailed below:


    Data encryption
    Our Online Banking service is hosted on a secure, 128-bit encrypted server. This means that any information you send us is encoded for your protection.


    Timed log out
    Online Banking logs you out if you don't use the service for 10 minutes. This gives you added protection if you forget to log yourself out.


    Deactivation of your login details
    We'll automatically disable your access to Online Banking if three incorrect attempts are made to log in using your details. This is to stop fraudsters making repeated attempts to get into your accounts.


    Shopping on line
    Visa Secure, which we provide in association with Visa, protects your cards against unauthorised use when you shop online at participating retailers. When you buy something in a shop using a Investec Card, you validate the transaction by entering your PIN or signing a receipt. Visa Secure mimics this process online by providing a digital receipt that you authorise using a password.


    Travelling abroad
    If you're planning to travel, it's best to let us know in advance. This helps avoid problems with using your cards and accounts overseas, as well as helping to protect you from fraud while you're away.


    'Traffic lights' - extended validation certificates
    If you use one of the more recent Internet Browsers, when you log in to our online banking service, the address bar (which starts with 'https://') will turn green. It's an extra way of helping you check that a website is safe, secure and trustworthy.

  • What you need to do to protect yourself

    To stay secure, please read the following recommendations for best practice online security options:


    Install a personal firewall product
    Hackers can infect home computers by connecting to your computer while you’re surfing the internet. The best way to protect your computer from unauthorised connections from the internet is to install a personal firewall. There are several options on the market, some of which are free.

    • McAfee
    • Symantec
    • Zone Labs


    The firewall sits between your computer and the internet and acts as a security guard, restricting what can enter and leave your computer.


    At first, the firewall may ask you what you want to allow in or out of your computer. However, it soon learns to make these decisions independently, based on the decisions you make early on. The most important point is never to allow anyone else to connect to your computer.


    Regularly use an antivirus product, and keep it updated
    These products can also scan for spyware and adware.


    The most common way to receive a virus is through an attachment to an email. Attachments may appear to be word documents, spreadsheets or pictures but often contain malicious viruses. If you use email at home, you should use an anti-virus product to protect yourself and never open an attachment that has not come from a trusted source.


    There are many anti-virus products and some are available for home users free of charge:

    • AVG
    • Kaspersky
    • McAfee
    • Symantec
    • Zone Alarm


    With any anti-virus product, it’s important to keep it up to date, so to protect against new viruses that are released. Most commercial products (such as McAfee, Kaspersky and Symantec) have a mechanism to update themselves automatically. The free products typically need to be updated manually.


    The anti-virus product should also be scheduled to scan your computer regularly in order to detect and clean out any viruses.


    Do not open unsolicited emails with attachments

    These may contain a virus. Also, if you receive an unwanted email saying "reply to unsubscribe", ignore it. Senders can use this to confirm your email address is valid - and are then likely to send you more emails.


    Review your “Sent items” folder
    If it contains messages that have been sent without your knowledge, your computer may have a virus or may have been compromised.


    Update your operating system (Windows, Mac) and browser (Internet Explorer, Firefox, Safari)
    Make sure your computer software has all the necessary security updates available from the vendor. It’s best to ensure this is done automatically.


    Ensure no one has unauthorised access to your computer.
    Destroy or delete anything containing login details or security information. Even if we sent it to you.
    Never email, write down or tell someone your security information or logon details. The only time you will ever need to enter your Investec Online Banking user ID, password and secret is when you log on to Investec Online Banking at


    Do not save login details or passwords on your computer
    Disable, refuse or decline any on-screen prompt on your computer which asks if you wish the computer to remember any of your security information or logon details.


    Avoid reusing the same security information
    You should create and use different passwords for each service provided by us, another member of Investec Group or another service provider.


    Don’t leave a computer unattended while logged on to Investec Online Banking


    Change your passwords regularly
    Avoid familiar names, numbers and places (such as birthdays and phone numbers).


    Be aware of ‘shoulder-surfers’.
    Shoulder surfing refers to people who use direct observation techniques, such as looking over someone's shoulder to get information. Shoulder surfing is particularly effective in crowded places because it’s relatively easy to watch someone as they fill out a form or enter their PIN or passwords at a cash machine or while using online banking.


    Protect your printed or physical information just as you would protect your valuables.
    This includes statements from financial institutions, shops and utility bills. Shred or destroy any personal documents you don’t need to keep.


    Always log off from Investec Online Banking
    It’s important to always end your session by clicking on the Log off menu item before closing the browser. Investec Online Banking does have an automatic timeout feature for security purposes, but we always recommend you end your Investec Online Banking session once you’ve completed your online banking activities.

Protect yourself from fraud

There are numerous scams that fraudsters are using to steal from you or trick you into paying money or sharing personal information.

  • Identity theft and Social engineering

    Social engineering

    Social engineering is the act of manipulating people into doing what you want. In terms of online fraud, a fraudster will usually trick people into disclosing their passwords, log-in details or other confidential information.


    You can protect yourself by:

    • Not disclosing confidential information over the phone unless you're absolutely sure of the caller's identity. If in doubt, ask for the caller's phone number and check it to see that it's genuine.
    • Never sending confidential information by email. It can easily be intercepted by a third party, and companies like ours will never ask you to email personal details, account information or passwords.
    • Keeping your PIN confidential at all times. Banks, including us, will never ask you to disclose your PIN.


    Identity theft

    Your identity is a valuable commodity, however over 100,000 people fall victim to identity theft each year.


    Identity theft is when a fraudster steals your personal or financial details, which criminals then use to impersonate you, open bank accounts, obtain credit or set up businesses.


    Once your details are stolen, you could become a victim of identity fraud.


    Be suspicious if you notice any of the following:

    • Bills, invoices or receipts addressed to you - for goods or services you haven't ordered
    • Letters from solicitors or debt collection agencies regarding debts that aren't yours
    • Letters or statements for bank accounts you did not open
    • Transactions appearing on your bank statements (normally withdrawals) that you don't recognise
    • New accounts showing up on your credit report
    • Documents like your passport, driving licence, utility bills or bank statements have gone missing


    If you’ve been a victim of identity fraud you should act quickly – don’t ignore the problem. Even though you didn’t order those goods or open that bank account, the bad debts will end up under your name and address.


    Contact us immediately if you think you are or may be a victim of fraud on your Investment account, Investec card or Bank account or you suspect that somebody has accessed your on line account.


    If you think you’re a victim of this kind of identity fraud, you should report the matter to the relevant organisation. Depending on their advice, you should then alert your local police force. You should report all lost or stolen documents – such as passports, driving licences, plastic cards, cheque books – to the relevant organisation.


    You can learn more about identity theft at the UK Police’s Action Fraud website

  • Advance fee frauds

    Advance fee frauds or Nigerian 419 scams

    Advance Fee Frauds or Nigerian 419 scam (the name comes from section 419 of the Nigerian criminal code) combine the threat of impersonation fraud with a variation of an advance fee scheme in which a letter or email offers the recipient the “opportunity” to share in a percentage of millions of dollars that the author is trying to transfer illegally out of a developing country. The scheme relies on convincing a willing victim, to send money to the author in several instalments of increasing amounts for a variety of reasons.


    Payment of taxes, bribes to government officials, and legal fees are often described in great detail with the promise that all expenses will be reimbursed as soon as the funds are spirited out of the country. In fact, the millions of dollars do not exist, and the victim eventually ends up with nothing but loss.

    If you receive a letter or email from anybody asking you to send personal or banking information, do not reply; simply delete the letter or email.


    Remember the golden rule: If it sounds too good to be true, it probably is.

  • Online Frauds


    Phishing (pronounced fishing) is a process used by fraudsters in an attempt to acquire your confidential information by sending out emails or other kinds of messages that direct you to bogus websites or phone lines. They believe that if they send out enough emails somebody will respond (or “bite”) and provide personal or financial information. These emails or messages claim to be from a particular company, so they often look legitimate. But these messages are actually sent by fraudsters, often at random. Any information you disclose on these bogus websites or phone lines is captured by the fraudsters. You can protect yourself by treating any unsolicited emails or calls that ask for confidential information with suspicion. If in doubt about the validity of a particular message, contact the company that supposedly sent you the message to make sure it’s genuine.


    To learn more about phishing, visit the UK banking industry’s website Bank Safe Online. If you have received a fraudulent or suspicious email, which you have not responded to please forward the e-mail to


    If you have responded to a phishing email please Contact us as soon as possible to help us protect you and your finances.


    Please note, we may send you emails from time to time. However, we will never send you an email asking for your security information or logon details, or direct you to a web page that asks for this information. We will also never send you an email with a link to Investec Online Banking.


    Computer Malware

    Malware is the collective term for any malicious software that might infect a computer, including Trojans, viruses and spyware. The development and spread of malware is becoming increasingly sophisticated and is driven by organised criminals for financial gain.



    A trojan is a type of malware that is capable of stealing information, recording your passwords and other personal details by capturing your keystrokes or taking screen shots of sites you visit. These details are then sent to the fraudsters to help them steal your money.


    Trojans can be installed from infected websites or storage devices connected to the computer and you may not even know that you are infected.


    The best way to protect yourself from trojans is to install firewalls and internet security software on your computer and to keep these things up-to-date.


    Computer Viruses

    Viruses are designed to replicate and multiply, spreading between computers. They can cause severe problems, sending out spam email, slowing down or crashing your computer, corrupting or deleting files, and sending confidential information to fraudsters. Viruses may even redirect your internet browser to spoof websites.


    The most effective protection is to keep your computer’s security up-to-date and anti-virus up-to-date.



    Spyware is designed to invade your privacy, gathering information about your computer and internet activity. Spyware can also be responsible for irritating pop-up adverts, slowing down your computer, and sending confidential information to fraudsters.


    Spyware can be installed from infected websites or storage devices connected to the computer and you may not even know that you are infected.


    The most effective protection is to keep your computer’s security up-to-date. Many anti-virus packages now come with built-in protection against spyware, so make sure you always have the latest version.


    Money mules

    Most bank accounts do not allow customers to make online cross-border transfers. Since most online fraudsters tend to be based outside the UK or SA, they need people to help launder the funds they receive from their scams. These people are called money mules and they are often innocent victims themselves.


    Money mules receive funds into their accounts that fraudsters have stolen. These funds generally come from other victims whose bank accounts UK have been compromised. The money mules are then encouraged to send the funds to the fraudsters overseas using a wire-transfer service, minus their commission.


    Money mules are recruited through a variety of methods, including spam emails, genuine job search websites, email responses to a victim's online CV, instant messaging and newspaper ads.
    This scam offers you the chance to earn some easy money for a few hours' work each week, but beware: Handling money that's been obtained fraudulently is a crime, even if you're not knowingly complicit in the crime.


    You can protect yourself from becoming involved by:

    • Treating any unsolicited job offers with suspicion, especially if the company is based overseas.
    • Verifying the details of any company that you’re considering working for.
    • Not giving your bank account details to anyone whom you don't know and trust.


    Assisting a criminal transfer of monies to another account could make you subject to criminal investigation, which may lead to your prosecution.


    Remember the golden rule: If it sounds too good to be true, it probably is.
    For more about money mules, visit the UK banking industry's website Bank Safe Online

  • Card Fraud

    Lost and stolen card fraud


    Counterfeit card fraud or skimming


    A counterfeit card can be a fake card or a valid one that’s been altered or recoded. Most cases involve skimming, when the data on your card’s magnetic strip is electronically copied on to another card without your knowledge.


    Skimming commonly occurs at retail outlets – particularly bars, restaurants and petrol stations – and at cash machines that have been illegally fitted with a skimming device. The stolen data is then used to create counterfeit cards.


    Most people are unaware that they’ve fallen victim to this fraud until their statements arrive.
    To protect yourself:

    • Don’t leave your card with bar or restaurant staff for long periods
    • Don’t let retail staff take your card away to process payments
    • Check cash machines for signs of tampering before you use them


    Card-not-present fraud

    This is the most common type of card fraud. It occurs when fraudsters steal your card details and use them to buy things over the internet or by phone, fax or mail. Always be aware of who you are dealing with.


    To protect yourself:

    • Avoid entering your card details on shared or public computers
    • Always remember to log out of any websites where you’ve entered your card details
    • Only enter your card details on secure sites (ie, those whose web address begins with ‘https’ and have a padlock in the browser window)
    • Keep a close eye on your statements and report any fraudulent transactions immediately


    What should I do if I've fallen victim to card fraud

    Contact us immediately if you think you are or may be a victim of fraud on your Investment Account, Investec card or Bank account.

  • ATM Frauds

    In 2013, there has been an increase in ATM card swapping and jamming: Card swapping usually happens when a fraudster claims that the ATM is faulty and offers a client assistance. He/she will then swop the client’s card and use it at another ATM to withdraw funds. With card jamming, an ATM is tampered with and will hold a client’s card in the card reader. The fraudster will then collect the card and attempt to withdraw funds from the account at a later stage.


    Tips to keep safe at ATMs:

    •  Contact us immediately report any suspicious activity to them. 
    • If anyone offers to assist you at an ATM or is lurking around the area, rather go to another ATM.
    • Keep your PIN safe at all times. Don't write your PIN down or save it on a device, rather memorise it. 
    • Make sure you are using the correct card at the ATM and make sure you get the correct card back when you are done.
    • Be aware of any skimming devices and mini cameras attached to the ATM and look out for any sign of tampering with the card reader slot.
    • If you receive an SMS notification for a transaction that you are unaware of, please contact the Investec Client Support Centre immediately.
    • If the ATM keeps your card or it is lost or stolen, please contact the Client Support Centre immediately to cancel the card.
  • Courier or Police Scams

    Typically a courier card scam involves customers being tricked into handing over their bank cards and PINs to fraudsters.


    The scam starts with an unexpected phone call from someone claiming to be from the bank's fraud department, the police, or National Fraud Authority.


    The caller will claim to have identified fraudulent transactions on your account and that your card has been compromised.


    To gain your trust they may ask you to verify the call by phoning the telephone number printed on the back of your card, or give you another number to call.


    This technique holds your phone line open, so that when you try to dial out, they can intercept and re-answer the call, claiming to be the Bank or Law Enforcement.


    The fraudster will advise that your bank card must be collected to protect your card and assist an investigation. Usually they ask you to put your card into an envelope for a courier to collect and provide you with a fake reference number.


    Now you'll be asked to enter your PIN into the phone, or put it into the envelope with the card.
    A courier comes to your home and collects the card. With your card and PIN, they can now gain access to your account and carry out fraudulent transactions.


    PLEASE NOTE: The bank may genuinely call you for fraud prevention purposes to verify whether a transaction is genuine. We will NEVER ask to collect your card, for your PIN number, card details or Online/Telephone banking log-in credentials.

  • Cheque Fraud

    How does cheque fraud occur?

    Cheque fraud takes place when a fraudster uses a stolen or counterfeit cheque to pay for goods and services. More than 90% of fraudulent cheques are stopped before any loss occurs. But even so, cheque fraud still costs millions of pounds a year.


    These losses can be compounded when the fraud also involves an ‘overpayment’. This occurs when the fraudster – who is often part of an organised gang – targets the seller of a high-value item, such as a car, and offers to pay using a stolen or counterfeit cheque made out to more than the price of the goods. Once the cheque clears, the victim is asked to transfer this ‘overpayment’ to a third party, as well as handing over the item to the fraudster.


    When the real cheque owner discovers that money has been stolen from his or her account, the victim can be obliged to repay the total sum – even if this happens several weeks later.


    How to protect yourself against cheque fraud

    • Don’t accept cheques from anyone unless you know and trust them, especially when a high-value cheque is involved.
    • Be aware that there’s a risk that money credited to your account from a cheque could be reclaimed if the cheque turns out to be stolen or counterfeit.
    • Always consider other ways of accepting payment for high-value items – a CHAPS payment (or guaranteed, same-day bank transfer) is ideal. Be especially wary if the buyer is unwilling to pay or split the relatively small cost involved with you.
    • Keep your chequebook in a safe place.
    • Report any missing cheques to your bank immediately.
    • Always check your bank statements thoroughly.


    What should I do if I've fallen victim to cheque fraud

    Contact us immediately if you think you are or may be a victim of fraud on your Investment Account, Investec card or Bank account.

  • Protect your email account from hacking and fraud

    Protect your email account from hacking and fraud


    Email is now critical to your day-to-day activities and is used for more than simply communicating with friends and colleagues. For example, you may use your email to:

    • Store receipts and statements
    • Store the registration information for purchased software
    • Assist with the recovery of password for websites such as iTunes and eBay
    • Store details about airline and hotel bookings, with passport and ID information
    • Receive confirmation of financial transactions


    Your email account is now immensely valuable and needs to be protected from loss or theft by criminals, who use a variety of techniques to try and steal the password to access your account:

    • Guessing a simple passwords
    • Tricking you to enter your password into a fake site (this is called phishing)
    • Installing a virus on your computer to capture the password as you log in (this is increasingly common in public internet cafes and airport lounges)


    To protect your email account from being stolen, you can take some simple steps:

    • Use a strong password. A dictionary word used for a password can be ‘brute forced’ in seconds. Ideally, make it a phrase (ILikeIceCream) and then add some numbers (19ILikeIceCream76). This would be nearly impossible for the criminals to guess (and easier for you to remember).
    • Don’t trust unsolicited emails and don’t click on the links in unsolicited emails. Criminals often send out emails that look like they came from your Bank, SARS or Professional Institutions (eg SAMA, SAICA, etc) with links to fake websites where they capture your passwords as you try to log in. 
    • Investec will never ask you to enter your username or password via an email. If you do receive a with a link to log in, it is a fake and an attempt to defraud you.
    • If your email provider (Gmail, Outlook, Yahoo, etc) supports strong or two-factor authentication, make sure you use it. The following section provides details of how to do this. 
    • If you suspect that your email account has been compromised, change your password immediately (from a known and trusted PC). 
    • The following section gives you advice on enabling strong or two-factor passwords on your email accounts.
  • Companies not connected to the Investec Group

    It has come to our attention that members of the public are receiving telephone calls and correspondence from the following people and companies:


    Maurice O’Leary, Compliance Director
    Miss. Noleen Charles, Client Services Manager
    Objective Returns PLC
    2nd Floor, Beaux Lane House
    Lower Mercer Street
    Dublin 2
    Tel: 00353 1902 3930
    Fax: 00353 1902 3934


    Quoting the FCA regulation number: 580716


    The Financial Conduct Authority (FCA) already has a warning message on their website concerning Objective Returns. Please refer to the FCA’s website:-


    Please note neither of the aforementioned persons or companies are connected to or represent Investec Private Bank PLC or any other Investec Group Company.