How to protect yourself against fraud

Authorised Push Payment (APP) Fraud

Fraudsters are always looking for new ways to target victims in any way they can. But there are several steps you can take to protect yourself from becoming a victim.

 

One of the ways that fraudsters target people is through Authorised Push Payment (APP) scams where the victim is duped into transferring money to an account they are made to think is genuine, but is actually controlled by a fraudster.

The risk of this happening to you increases when you make a payment to a new beneficiary for the first time, or if an existing beneficiary tells you they have changed their account details.

It can be very difficult to recover the funds if this happens, as fraudsters try to withdraw the money as soon as it arrives in their account. However, you can protect yourself by being vigilant and familiarising yourself with some common scams and our guidance on what to look out for.

If you have any concerns, or if any of the below advice relates to a payment you are about to make, contact us immediately on one of the numbers below.

 

How do I report fraud, card loss or theft or suspicious activity on my account?

UK clients

Inside the UK: 0330 123 5985
Outside the UK: +44 (0) 207 597 2836
 
Are you a private client needing support?
Please see this emergency help page

SA clients

Inside South Africa: 0860 110 161
Outside South Africa: +27 11 286 9663

Channel Islands clients

Inside Channel Islands: 01481 706 441
Outside Channel Islands: +44 (0)1481 706 441

Common types of fraud

  • E-mail Compromise

    One of the most common types of fraud is hacking and spoofing emails. Fraudsters can gain access (hack) to your email account without your permission, or spoof emails to make the email look like it is from someone you know or trust.

     

    For example, you are having some works done on your house, and a builder sent you an invoice via email. You may also receive an e-mail from a firm such as a solicitor, conveyancer or supplier, advising you that they have changed their bank account details. 

     

    How could this be fraud?

     

    The third party’s email has been hacked, and fraudsters have amended the bank details in the invoice. You think you are paying the genuine contractor, but are actually transferring funds to the fraudster’s account.

     

    How can you protect yourself?

     

    • Always call on a known or independently-sourced number to confirm the bank account details and ensure that your payment will be sent to the intended beneficiary.
    • Don’t call a number in the body of the email; fraudsters can change this as well.
    • Where possible, speak to someone you know personally.
    • If you’re paying someone for the first time, split the payment into smaller amounts and ensure the first payment has been received by the intended beneficiary before sending the remaining funds.
    • If the payment is not urgent, consider setting up a future-date payment instead of an immediate one. This will give you time to check the details you have been given.
  • Remote access scams

    Remote access is when someone gains control of a computer, phone, or another device from afar. You receive an unexpected call from someone claiming to represent your bank, utility provider, online retailer or computer manufacturer. They claim there is an issue with your computer or network that needs to be resolved immediately, and that any delay can be costly or cause damage to your device. They ask you to download software or allow remote access to resolve the problem.

     

     

    How could this be fraud?

     

    A cold-call like this can be very convincing, but in reality, it is a fraudster trying to obtain your personal details or gain access to your system/account. This is a great way for them to find out your username or password. They may even ask you to log into your online banking account, “just to make sure everything is fine”.

     

    If you get asked to pay funds into a “safe account,” please refer to ‘Safe’ account scams for further information.

     

    How can you protect yourself?

     

    • Hang up immediately if anyone asks to remotely access your device, unless you have initiated the call yourself to a trusted number.
    • A genuine service provider will never pressure you into acting urgently- do not believe callers who make such claims.
    • If you did not sign up for a subscription service, don’t believe a cold-caller who asserts that you are being charged for it.
    • Never log into online banking while someone other than you has access to your device. Report the incident immediately to the genuine service provider- most organisations have a fraud hotline or online form.
  • Investment scams

    What is an investment scam?
     

    In an investment scam, fraudsters will try to convince you to ‘invest’ in an opportunity. This can be in real estate, gold, cryptocurrency, a financial product or another asset. In order to make the scam appear legitimate, the fraudsters pretend to represent a known business like Investec. Sometimes they also impersonate members of staff and will even use what appears to be genuine documentation to help convince you that you are dealing with the actual company they are impersonating.

     

    For example, fraudsters have marketed fake Investec products by using these false contact details and websites, which are not affiliated with Investec:*

     

    [email protected]

    [email protected]

    [email protected]

    [email protected]

    [email protected]

    [email protected]

    [email protected]

    +44 (0) 203 883 8545

    +44 (0) 207 183 1761

    +44 (0) 207 183 2517

    www.ukbondfinder.com

    www.moneymarket.com

    www.bond-supermarket.com

     

    *This is not an exhaustive list: criminals routinely use new contact details to try and defraud their victims.

     

    I paid money into an investment, which I suspect may be a scam. What should I do?
     

    Firstly, call your bank immediately. Tell them about any payments you made which are linked to the scam. It might be possible to recover some of the funds by calling the beneficiary bank. Investec cannot do this for you even if you are not our client.

     

    Should I report this to the police?
     

    Yes. After speaking to your bank, you should report the incident to the police via Action Fraud. Investment scams are a criminal matter.

     

    I was asked to provide personal information as part of the ‘investment onboarding process’. Should I do anything about this?
     

    If the fraudsters have access to your personal information, like a copy of a passport or bank statement, they can use this to impersonate you. You can protect yourself by registering a protective registration with Cifas or with other external identity protection services such as Experian or Equifax

     

    Does Investec need anything further from me?
     

    Once cases are identified we are preventing fraudsters from impersonating Investec by taking down fake websites and malicious email domains. But to do this, we need the original email sent to you by the fraudster. You can send this to us by doing the following:

     

    1.      Open a new email to [email protected]

    2.      Attach the original email from the fraudster. In some email providers you can drag and drop the message into the new email, or copy and paste the message.

    3.      Avoid simply forwarding the email. This erases some critical data we need to take down the fake domains.  

     

    How can I check if I’m investing in a genuine Investec product?
     

    You can contact our Client Support Centre at any time by calling 0330 123 3655 / +44 20 7597 4131 outside the UK.

     
    How can I protect myself?
     
    • Remember legitimate financial institutions and investment companies will never contact you out of the blue, over the phone or by email.
    • Beware of unsolicited approaches or those where you are pressured to invest by a deadline. 
    • Do not call back a number you have been given. Instead, call back only on a trusted number you can find independently. Always verify your investment over the phone if have been corresponding with your investment manager by email, as email addresses can be hacked.
    • Brand impersonation fraud is increasingly common. If you have been contacted by email, pay attention to the sending address. For example, Investec does not use the domain investec-uk.com, securemailbox-investec.com and investecltd.com, but scammers do. 
    • Watch out for fake advertisements as well, particularly if they appear in search results online or on social media websites. Search engines and social media platforms do not verify adverts.
    • Avoid making rushed decisions, and check the FCA Warning List before making any kind of investment.  
    • Do your research and check several websites for investment opportunities. If a product appears on one website only, this might be a scam. If it sounds too good to be true, it probably is. Interest rates are at an all-time low across all financial institutions. If a product offers a higher-than-average return, it may not be genuine.
    • Read our expert UK commentary about the latest investment scams here.

    For more details on how to identify an investment scam, refer to the Money Advice Service page.

  • ‘Safe’ account scams

    You may receive a call, text, or email from someone who claims they are from the police, utility company, a regulator, tax authority, or even your bank’s fraud team. They may know your name and address, and try to gain your trust by asking you to confirm some personal details. They then tell you that your account has been compromised, and you need to transfer funds to a “safe account” as soon as possible.

     

    Alternatively, you could receive an SMS in an existing chain from your bank, asking to confirm a payment you didn’t make. This is followed by a link or phone number to call ‘if it wasn’t you’. The person you speak to may know your name and address and try to gain your trust by asking you to confirm some personal details. They will then say that your account has been compromised and to protect yourself, you need to transfer funds to a “safe account” as soon as possible.

     

    How could this be fraud?

     

    Banks, the police, and utility providers will never ask you to transfer money to a safe account, nor will they charge a fee to release money owed to you. This is a scam. Once you have made the payment, the fraudsters will disappear with your money.

     

    How can you protect yourself?

     

    • Do not be fooled by the caller’s apparent knowledge of your address or mother’s maiden name. It can be easy to obtain basic information on victims, particularly via social media.
    • Do not hesitate to hang up the phone. No need to be polite, just end the interaction.
    • Even if you are told the matter is very urgent, take your time. A genuine trusted organisation will not pressure you to make an immediate payment.
    • You can also report suspicious texts by forwarding the original message to 7726, which spells SPAM on your keypad.

     

    If you think the call may be genuine, you can always call back. However, always call back on a known and trusted number and not the one you just received the call from. It’s best to call from a different phone altogether, as fraudsters are able to hold the line when you think you’ve hung up.

  • Online/ purchase scams

    You are looking to rent a holiday home and come across a website (or social media profile) that advertises beautiful properties at great prices. The site can have many positive reviews from happy customers, or mentions a “promotional sale” on holiday deals. When you contact the advertiser, you are asked to make an advanced fee payment by bank transfer rather than paying through the rental platform itself. This may also occur when you look to buy event tickets online.

     

    How could this be fraud?

     

    Fraudsters can easily set up fake websites and social media profiles advertising holiday rentals. However, the property does not belong to the advertiser at all: the site’s sole purpose is to convince individuals to transfer money to a fraudulent account. 

     

    Alternatively, the fraudster has “sold” an event ticket they do not own on a fake website. 

     

    How can you protect yourself?

     

    • Be cautious with links: make sure the website you’re on is genuine. Check the address for misspellings, such as investekk.co.uk.
    • An advertiser without any other online presence should raise red flags.
    • Do not be fooled by slick websites or good reviews, as fraudsters can easily create these to appear genuine. But if an advertiser has negative reviews, be cautious about dealing with them.
    • Research companies you’re buying or renting from for the first time: check whether they have adequate information about privacy, terms of use, refunds, and contact details.
    • If you are asked to make a bank transfer or provide your credit card details offline, this could be a scam. When using a holiday rental or ticketing website, pay on that website only.
    • Only pay to sellers and advertisers who use a secure payment service, such as URLs starting with ‘https’ that have a closed green padlock symbol.

    Be suspicious – if the deal looks too good to be true, it probably is. Particularly if it’s time-limited or involves a discount for immediate payment. 

  • Romance scams

    Dating apps and websites have grown increasingly popular in recent years, and are used by people of all ages. While using a dating website, you meet someone online who is very keen to enter into a relationship. They are very interested in your life and make frequent contact, usually asking to move away from the site and into a personal messaging method. The messaging can go on for many weeks and months.

     

    Can this be fraud?

     

    Fraudsters can set up fake dating profiles and begin chatting online easily. At first, there will be nothing suspicious about the interaction. Once you have been communicating for a while, they may tell you a story about themselves and ask for financial help. Once you transfer over money, they will vanish from your life altogether.

     

    How can you protect yourself?

     

    • Continue messaging via the dating website only.
    • Even the most popular and widely used dating apps and websites can be prone to this type of fraud. Don’t assume you are protected.
    • Research the person online - have they got a broader social media presence? Most web search engines also provide a reverse image search, which can help verify whether their picture is genuine or a stock image.
    • Be suspicious if the person avoids meeting face-to-face again and again.
    • Be very cautious of requests for money from someone you have only been corresponding with online.

     

    Be wary if the relationship is progressing very quickly, especially if the person you’re speaking to asks you to keep it a secret from friends and family. Friends and family members may have a fresh perspective on the situation and could help point out it may be a scam.

  • Pension scams

    You receive an unsolicited call or email from someone offering a free review to increase the returns on your retirement savings, or promise early access to your pension.

     

    Can this be fraud?

     

    Similar to an investment scam, you may be promised huge returns on an investment that doesn’t exist. Alternatively, promises of early release of funds can be an attempt to convince you to transfer over funds, but be left with a large tax bill instead.

     

    How can you protect yourself?

     

    • Do not respond to unsolicited offers of a free pension review. Genuine pension providers do not cold-call individuals.
    • Early release of funds may cost you most of the money in your pension fund in fees and taxes. If anyone promises this can be done, it’s likely a scam.

    Do your own research before making changes to your pension plan, and only discuss it with financial advisers registered with the FCA. 

     

    You can discuss your pension information needs with the Money and Pensions Service, and further details can be found in Focus UK.

     

  • Money mule/ transfer agent scams

    While searching for job offers online, you come across an advert which offers easy money. The job will require receiving funds temporarily into your bank account, for which you will receive payment. You may also be asked to withdraw the cash and hand it over to another individual, or transfer it overseas.

     

    Can this be fraud?

     

    Fraudsters need to hide stolen funds in legitimate accounts - these are called money mule accounts. If you are caught doing this, the consequences are severe and can result in a criminal record. This will also cause significant difficulties in obtaining credit in the future.

     

    How can you protect yourself?

     

    • Do not accept fund transfers into your account from anyone you don’t know, even if the job offer is lucrative.
    • Use reputable job sites – avoid responding to adverts on social media.

    Don’t be lured by promises of easy money, the consequences are not worth the risk.

     

Protect yourself from fraud

Helpful tips about online banking, your computer, mobile phone and other devices.

  • Stay safe with Investec Online

    Our online banking service is hosted on a secure 128-bit encrypted server. This means that any information you send us is encoded for your protection.

    • Your password protects your account from unauthorised access and no bank will ever ask you for it. Never email, write down or tell someone your security information or login details. 
    • The only time you will ever need to enter your Investec ID and password is when you log into Investec Online for your online banking at our website (Investec.com)

     

    Timed log out

    Investec Online logs you out if you don't use the service for 10 minutes. This gives you added protection if you forget to log yourself out. However, we recommend you always log out and end your session by using the ‘Log out’ button before closing the browser.
     

    Deactivation of your login details

    We'll automatically disable your access to Investec Online if three incorrect attempts are made to log in using your details. This is to stop fraudsters making repeated attempts to get into your accounts.
    • Register devices that you wish to access Investec Online from. This will help us detect when someone is trying to impersonate you on another device.
    • Only access Investec Online from your own devices, not from public computers, as your details could be recorded.
    • Please don’t leave a computer unattended while logged into Investec Online.
    • Never log into Investec Online via any emails with hyperlinks or shortcuts.
    • Never save any login IDs or passwords in your browser or on any of your devices. Disable, refuse, or decline any onscreen prompt on your computer that asks if you wish the computer to remember your passwords.
    • We encourage you to create complex passwords that are difficult to guess and time-consuming for hackers to crack. It should only be known by you and kept in a safe and secure place. Please avoid family or familiar names, numbers, and places, such as birthdays, phone numbers – any information that can be found on social media or the internet.
    • Please check your monthly statements and balances carefully. Many fraudulent transactions are for regular small amounts that occur over several months, disguised as a subscription you forgot you had or did not cancel. Fraudsters would prefer to empty your bank account if you have a large amount of cash spare. If not, they will gratefully accept monthly donations.
  • Protect your identity

    • Your personal details are valuable. Don’t respond to unexpected requests for validation of your security or personal details, by phone, text, or emails.
    • Limit the number of personal details you share online (ie date/place of birth on social media sites etc)
    • Review what social media sites or Google and other search engines know about you – erase what you don’t wish to be known.
    • Create and use different passwords for each service provided by Investec and other financial service providers.
    • Protect your printed or physical information and destroy or shred unwanted personal documents, old paper statements, and credit and debit cards.
    • Never use complimentary computers in airport lounges and hotels to do your banking.
    • If you need to use Investec Online while travelling, use international roaming or buy a SIM card in the country you’re visiting. Remember, if you don’t have roaming on your phone, you won’t get SMS payment notifications and may not be aware of fraudulent transactions until you’re back home.

    Are you travelling?

    Before travelling, contact our 24/7/365 global Client Support Centre or let your banker know that you’re away. We will be able to monitor your profile for any suspicious or fraudulent activity.
     
    You can also enter your travel dates on Investec Online and the App before your travel.
  • Protect your devices

    Your computer

    • Ensure no one has unauthorised access to your computer.
    • Use a password to access your own computer, restrict access to prevent programme installations.
    • Destroy or delete anything containing login details or security information, even if Investec has sent it to you.

    Free Wi-Fi

    Please do not use free public Wi-Fi when trying to access your banking and online transactions.

    In fact, do not try to access any account that requires a user name and password – even social media, when using free Wi-Fi, because of ‘sniffing’. ‘Sniffing’ is the phrase used by fraudsters to capture data from your laptop or mobile phone. When you launch an app (especially those that have stored your user ID and password), your security details are re-sent every time you launch the app, sometimes in an unencrypted form. Then, when you view your email accounts or social media posts, your security details are captured and used by fraudsters, who begin creating a profile of you.

     

    Registration of your devices

    • Always register your devices that require access to Investec Online. We will send you an alert if someone tries to register another device.
    • Please do not ignore that alert or simply accept the notice, as this is the beginning of someone attempting to take over your account.
    • We will also be alerted if you access the Investec Online from another machine, so please be aware and take time to register new devices and delete old ones.
  • Install firewalls and antivirus

    Always Install a personal firewall product and antivirus protection product for your devices. The firewall sits between your computer and the internet and acts as a security guard, restricting what can enter and leave your computer. Hackers try to access or infect home computers by connecting to your computer while you’re surfing the internet. The best way to protect your computer from unauthorised connections from the internet is to install a personal firewall. There are several options on the market, some of which are free. 

    At first, the firewall may ask you what you want to allow in or out of your computer. However, it soon learns to make these decisions independently, based on the decisions you make early on. The most important point is never to allow anyone else to connect to your computer.

  • Detect and avoid malware

    Malware is a term for various forms of malicious software. It is transmitted via email attachments and infected websites. Here are the most common -

    • Key loggers – Programs that record all keystrokes performed on an infected computer. This gives the attackers access to anything that may have been typed in such as account numbers, passwords, and PINs. This is transmitted when you are online and the fraudsters can begin to take over people's accounts.
    • Spyware – Software that tracks and stores a person’s movements on the internet, then provides pop-ups based on a person’s spending habits, to lure them to a fake website in an attempt to trick them into entering their account details.
    • Ransomware – A nasty form of malware that encrypts all information on the infected computer and demands a ransom fee to be paid in order to unlock the data. This type of infection can result in significant data loss. 
    • Trojans – Running in the background and hiding from view, these programmes frequently open a ‘back door’ into a computer, allowing a fraudster to access information or take full control over the machine. This allows them to intercept banking details and passwords as they are keyed in.
    • Counterfeit or ‘cracked’ software – Acquiring ‘cheap’ computer operating or business software may not prove to be cheap in the long run, as fraudsters like to offer this online, but secretly add their own ‘added value’ – such as trojans/malware which can read your security details and passwords. Purchase genuine software. Keep your internet browser and other software on your computer up to date with the latest security patches, to protect yourself and your money. 

    Mobile phone

    • Apps – Use only those ‘apps’ that are downloaded from official sites. Free apps from unofficial sources may have malware, the same as counterfeit or ‘cracked’ computer software.
    • Antivirus – Ensure you have an antivirus installed if your operating software allows it. Just like your laptop or main computer, keep the antivirus and software up to date. 
    • Jailbroken devices – Jailbreaking a mobile device is the process of removing the software restrictions embedded by the device manufacturer, which may include the security protection mechanisms. In order to keep your account information secure, you are not able to use the Investec mobile apps on a jailbroken device.
    • Passwords protection – Make sure you secure your mobile device by setting a passcode greater than a four-digit PIN or fingerprint scanning if your device supports this functionality. 

    Lost your mobile phone?

    If you lose your device, call our 24/7global Client Support Centre to disable it, or disable the device yourself via Investec Online. Once disabled, it can no longer be used to access our online services.
  • Spot suspicious emails

    Fake email messages or phishing

    ‘Phishing’ is when fraudsters send thousands of emails in the hope that they will catch a victim. It just takes one to make it worthwhile. The email may look real, but there are always small clues to warn you.

    • What is the full email address used – does it look odd?
    • How are you greeted? Dear Customer / Your name / Nothing?
    • Does it ask you to log in from a link on the email?
    • Does it say there are security issues?
    • Does it advise you that it is urgent and immediate?

    Always take time to read an unexpected email. Fraudsters are counting on you being far too busy or worried so you don’t think clearly and will do what they request.

    Spoofing and hacking emails

    A ‘spoof’ email is where a fraudster will send you a Phishing email, but it is from a name you may know.  Well-known global corporates email formats are copied and fraudsters trick you into believing your package or order needs your attention by clicking on a link, to obtain your security details.

    Recently this has developed into sending specific emails (also called ‘spear phishing’). This might relate to a real estate sale or purchase or hospital expense, claiming to be from a lawyer and requiring your payment, to the attached bank details.

    Fraudsters obtain details through various means and can create a spoof mail that looks legitimate and you are expecting it, making it even easier for them to persuade you to make the payment.

    Hacking

    Fraudsters have obtained access to your email account and are able to read and create emails in your name. This means they can mail your friends and contacts, as well as knowing what financial deals you may have underway, and create that ‘spoof’ email to encourage you to make a payment. Please change your password if you see or receive any unusual activity.

    Don't unsubscribe on emails from random advertisers

    To check if your email is valid, fraudsters send a spoof/spam email with shopping, sports, or holiday offers. If you click to unsubscribe, they will then have a valid email address and can target you as they try to obtain more information about you.

    Review your sent and deleted items folder

    Take time to check your sent and deleted items folder on your computer. Are there messages you have not sent?  Your computer may have a virus or your email account may have been hacked or compromised. 

    Don’t store confidential information in your email folders. Store personal documents and emails on your computer in a secure folder on your computer.  You can also securely store documents in My Briefcase on Investec Online. 

    Attachments or links

    Avoid clicking on any links or opening attachments included in unexpected emails, texts, or social media messages. These may be disguised as a tax refund, parcel delivery, invoices to get you to click on them.

  • Spot suspicious text messages

    In the same way that email addresses can be spoofed, so can phone numbers. That way, it can look as though you’re receiving a call from a trusted number – even your bank’s genuine one. Text messages from spoofed numbers can appear in an existing thread of messages. 

     

    Recently, many consumers have been receiving fraudulent texts asking them to confirm a transaction they did not authorise, or verify a new beneficiary that has been added. However, the message will contain a link to click through to, if you don’t recognise the transaction. This leads to a phishing page, where victims are asked to input their details. Alternatively, the compromised site can download malware to your device.

     

    • If you get a message about account activity you were not expecting, call your bank immediately on a trusted number. 
    • Don’t click on links contained in this type of SMS.
    • If you want to access online banking, do so through the app or known website, which you can find on Google. 
    • You can also report suspicious texts by forwarding the original message to 7726, which spells SPAM on your keypad.

You can find additional information on the FCA scam smart website, the Money Advice Service website or the Action Fraud website.