Investec Fraud Alert

The following people or companies have no connection the Investec Group.

  • Fraudulent Bond Offering

    Scam e-mails containing offers for capital guaranteed bonds

    It has come to our attention that criminals are contacting members of the public purporting to be Investec. Please be aware that this is scam and they are attempting to steal money, you should not engage in any communication with these criminals and under no circumstances should you send any money to them.


    If you have sent funds, please contact your bank immediately to assist them in retrieving the funds. They will also advise you to report the crime to Action Fraud UK.


    An example of the bond offering is shown below:

    Bond AmountDescriptionInvestment Return Per MonthInvestment Return Per Annum
    £2 500.00Guaranteed Bond Investment£25.00£300.00
    £5 000.00Guaranteed Bond Investment£50.00£600.00
    £10 000.00Guaranteed Bond Investment£100.00£1 200.00
    £20 000.00Guaranteed Bond Investment£200.00£2 400.00

    Bond Features

    • Guaranteed Capital Safety
    • Guaranteed 12% Per Annum
    • Monthly Dividend
    • FCA Regulated
    • Instant Access to Funds - No Fees Charged

    The known fraudulent bond names include:


    Guaranteed Bond Investment (12%pa)

    Bond Investment Guaranteed Capital Safety Guaranteed (12%pa)


    The known email addresses used as part of the phishing attempt include:


    The website link contained in their offering document re-directing members of the public to


    The emails have been signed by a Sarah Reid (alias) and Peter Kent (alias) Peter Wilshire (alias)


    If you receive an unsolicited call, email or text from anyone claiming to be from Investec Group or another Investec Group Company, please contact our Group Fraud Team. Telephone us on +44 (0) 207 597 4000.

  • are not part of Investec group.

    Please disregard any communications if contacted by anyone offering financial products quotingthis web-site and linked email address.

  • [email protected] are not part of Investec group.

    Please disregard any communications if contacted by anyone offering financial products quotingthis web-site and linked email address.

Helping you to stay safe online

Advice on how to keep your identity, computer and money safe while using the Internet.

What should I do if I've fallen victim to fraud on my Investec accounts?

Contact us immediately if you think you are or may be a victim of fraud on your Investment Account, Investec card or Bank account.

We take online security very seriously

We place the highest priority on your online security; however you need to take some basic precautions when using the Internet and banking online, to protect your identity, your information and your finances.

  • What we are doing to protect you

    We place the highest priority on the confidentiality and security of your financial information and transactions and are constantly reviewing our infrastructure and security measures, such as firewalls and encryption technology to ensure they’re up to date and meet our stringent security requirements.


    We invest significant resources in maintaining the security of Investec Online Banking, some of them are detailed below:


    Data encryption
    Our Online Banking service is hosted on a secure, 128-bit encrypted server. This means that any information you send us is encoded for your protection.


    Timed log out
    Online Banking logs you out if you don't use the service for 10 minutes. This gives you added protection if you forget to log yourself out.


    Deactivation of your login details
    We'll automatically disable your access to Online Banking if three incorrect attempts are made to log in using your details. This is to stop fraudsters making repeated attempts to get into your accounts.


    Shopping on line
    Visa Secure, which we provide in association with Visa, protects your cards against unauthorised use when you shop online at participating retailers. When you buy something in a shop using a Investec Card, you validate the transaction by entering your PIN or signing a receipt. Visa Secure mimics this process online by providing a digital receipt that you authorise using a password.


    Travelling abroad
    If you're planning to travel, it's best to let us know in advance. This helps avoid problems with using your cards and accounts overseas, as well as helping to protect you from fraud while you're away.


    'Traffic lights' - extended validation certificates
    If you use one of the more recent Internet Browsers, when you log in to our online banking service, the address bar (which starts with 'https://') will turn green. It's an extra way of helping you check that a website is safe, secure and trustworthy.

  • What you need to do to protect yourself

    To stay secure, please read the following recommendations for best practice online security options:


    Install a personal firewall product
    Hackers can infect home computers by connecting to your computer while you’re surfing the internet. The best way to protect your computer from unauthorised connections from the internet is to install a personal firewall. There are several options on the market, some of which are free.

    • McAfee
    • Symantec
    • Zone Labs

    The firewall sits between your computer and the internet and acts as a security guard, restricting what can enter and leave your computer.


    At first, the firewall may ask you what you want to allow in or out of your computer. However, it soon learns to make these decisions independently, based on the decisions you make early on. The most important point is never to allow anyone else to connect to your computer.


    Regularly use an antivirus product, and keep it updated
    These products can also scan for spyware and adware.


    The most common way to receive a virus is through an attachment to an email. Attachments may appear to be word documents, spreadsheets or pictures but often contain malicious viruses. If you use email at home, you should use an anti-virus product to protect yourself and never open an attachment that has not come from a trusted source.


    There are many anti-virus products and some are available for home users free of charge:

    • AVG
    • Kaspersky
    • McAfee
    • Symantec
    • Zone Alarm


    With any anti-virus product, it’s important to keep it up to date, so to protect against new viruses that are released. Most commercial products (such as McAfee, Kaspersky and Symantec) have a mechanism to update themselves automatically. The free products typically need to be updated manually.


    The anti-virus product should also be scheduled to scan your computer regularly in order to detect and clean out any viruses.


    Do not open unsolicited emails with attachments
    These may contain a virus. Also, if you receive an unwanted email saying "reply to unsubscribe", ignore it. Senders can use this to confirm your email address is valid - and are then likely to send you more emails.


    Review your “Sent items” folder
    If it contains messages that have been sent without your knowledge, your computer may have a virus or may have been compromised


    Update your operating system (Windows, Mac) and browser (Internet Explorer, Firefox, Safari)
    Make sure your computer software has all the necessary security updates available from the vendor. It’s best to ensure this is done automatically.


    Ensure no one has unauthorised access to your computer.
    Destroy or delete anything containing login details or security information even if we sent it to you.


    Never email, write down or tell someone your security information or logon details.
    The only time you will ever need to enter your Investec Online Banking user ID, password and secret is when you log on to Investec Online Banking at


    Do not save login details or passwords on your computer
    Disable, refuse or decline any on-screen prompt on your computer which asks if you wish the computer to remember any of your security information or logon details.


    Avoid reusing the same security information
    You should create and use different passwords for each service provided by us, another member of Investec Group or another service provider.


    Don’t leave a computer unattended while logged on to Investec Online Banking

    Change your passwords regularly


    Avoid familiar names, numbers and places (such as birthdays and phone numbers).


    Be aware of ‘shoulder-surfers’.
    Shoulder surfing refers to people who use direct observation techniques, such as looking over someone's shoulder to get information. Shoulder surfing is particularly effective in crowded places because it’s relatively easy to watch someone as they fill out a form or enter their PIN or passwords at a cash machine or while using online banking.


    Protect your printed or physical information just as you would protect your valuables.
    This includes statements from financial institutions, shops and utility bills. Shred or destroy any personal documents you don’t need to keep.


    Always log off from Investec Online Banking
    It’s important to always end your session by clicking on the Log off menu item before closing the browser. Investec Online Banking does have an automatic timeout feature for security purposes, but we always recommend you end your Investec Online Banking session once you’ve completed your online banking activities.

Protect yourself from fraud

There are numerous scams that fraudsters are using to steal from you or trick you into paying money or sharing personal information.

  • Identity theft and Social engineering

    Social engineering

    Social engineering is the act of manipulating people into doing what you want. In terms of online fraud, a fraudster will usually trick people into disclosing their passwords, log-in details or other confidential information.


    You can protect yourself by:

    • Not disclosing confidential information over the phone unless you're absolutely sure of the caller's identity. If in doubt, ask for the caller's phone number and check it to see that it's genuine.
    • Never sending confidential information by email. It can easily be intercepted by a third party, and companies like ours will never ask you to email personal details, account information or passwords.
    • Keeping your PIN confidential at all times. Banks, including us, will never ask you to disclose your PIN.


    Identity theft

    Your identity is a valuable commodity, however over 100,000 people fall victim to identity theft each year.

    Identity theft is when a fraudster steals your personal or financial details, which criminals then use to impersonate you, open bank accounts, obtain credit or set up businesses.

    Once your details are stolen, you could become a victim of identity fraud.


    Be suspicious if you notice any of the following:

    • Bills, invoices or receipts addressed to you - for goods or services you haven't ordered
    • Letters from solicitors or debt collection agencies regarding debts that aren't yours
    • Letters or statements for bank accounts you did not open
    • Transactions appearing on your bank statements (normally withdrawals) that you don't recognise
    • New accounts showing up on your credit report
    • Documents like your passport, driving licence, utility bills or bank statements have gone missing


    If you’ve been a victim of identity fraud you should act quickly – don’t ignore the problem. Even though you didn’t order those goods or open that bank account, the bad debts will end up under your name and address.


    Contact us immediately if you think you are or may be a victim of fraud on your Investment account, Investec card or Bank account or you suspect that somebody has accessed your on line account.


    If you think you’re a victim of this kind of identity fraud, you should report the matter to the relevant organisation. Depending on their advice, you should then alert your local police force. You should report all lost or stolen documents – such as passports, driving licences, plastic cards, cheque books – to the relevant organisation.


    You can learn more about identity theft at the UK Police’s Action Fraud website

  • Advance fee frauds

    Advance fee frauds or Nigerian 419 scams

    Advance Fee Frauds or Nigerian 419 scam (the name comes from section 419 of the Nigerian criminal code) combine the threat of impersonation fraud with a variation of an advance fee scheme in which a letter or email offers the recipient the “opportunity” to share in a percentage of millions of dollars that the author is trying to transfer illegally out of a developing country. The scheme relies on convincing a willing victim, to send money to the author in several instalments of increasing amounts for a variety of reasons.


    Payment of taxes, bribes to government officials, and legal fees are often described in great detail with the promise that all expenses will be reimbursed as soon as the funds are spirited out of the country. In fact, the millions of dollars do not exist, and the victim eventually ends up with nothing but loss.


    If you receive a letter or email from anybody asking you to send personal or banking information, do not reply; simply delete the letter or email.


    Remember the golden rule: If it sounds too good to be true, it probably is.

  • Online Frauds


    Phishing (pronounced fishing) is a process used by fraudsters in an attempt to acquire your confidential information by sending out emails or other kinds of messages that direct you to bogus websites or phone lines. They believe that if they send out enough emails somebody will respond (or “bite”) and provide personal or financial information.

    These emails or messages claim to be from a particular company, so they often look legitimate. But these messages are actually sent by fraudsters, often at random. Any information you disclose on these bogus websites or phone lines is captured by the fraudsters.

    You can protect yourself by treating any unsolicited emails or calls that ask for confidential information with suspicion. If in doubt about the validity of a particular message, contact the company that supposedly sent you the message to make sure it’s genuine.

    If you have received a fraudulent or suspicious email, which you have not responded to please forward the e-mail to

    If you have responded to a phishing email please Contact us as soon as possible to help us protect you and your finances.

    Please note, we may send you emails from time to time. However, we will never send you an email asking for your security information or logon details, or direct you to a web page that asks for this information. We will also never send you an email with a link to Investec Online Banking.


    Computer Malware

    Malware is the collective term for any malicious software that might infect a computer, including Trojans, viruses and spyware. The development and spread of malware is becoming increasingly sophisticated and is driven by organised criminals for financial gain.



    A trojan is a type of malware that is capable of stealing information, recording your passwords and other personal details by capturing your keystrokes or taking screen shots of sites you visit. These details are then sent to the fraudsters to help them steal your money.

    Trojans can be installed from infected websites or storage devices connected to the computer and you may not even know that you are infected.

    The best way to protect yourself from trojans is to install firewalls and internet security software on your computer and to keep these things up-to-date.


    Computer Viruses

    Viruses are designed to replicate and multiply, spreading between computers. They can cause severe problems, sending out spam email, slowing down or crashing your computer, corrupting or deleting files, and sending confidential information to fraudsters. Viruses may even redirect your internet browser to spoof websites.

    The most effective protection is to keep your computer’s security up-to-date and anti-virus up-to-date.



    Spyware is designed to invade your privacy, gathering information about your computer and internet activity. Spyware can also be responsible for irritating pop-up adverts, slowing down your computer, and sending confidential information to fraudsters.

    Spyware can be installed from infected websites or storage devices connected to the computer and you may not even know that you are infected.

    The most effective protection is to keep your computer’s security up-to-date. Many anti-virus packages now come with built-in protection against spyware, so make sure you always have the latest version.


    Money mules

    Most bank accounts do not allow customers to make online cross-border transfers. Since most online fraudsters tend to be based outside the UK or SA, they need people to help launder the funds they receive from their scams. These people are called money mules and they are often innocent victims themselves.

    Money mules receive funds into their accounts that fraudsters have stolen. These funds generally come from other victims whose bank accounts UK have been compromised. The money mules are then encouraged to send the funds to the fraudsters overseas using a wire-transfer service, minus their commission.

    Money mules are recruited through a variety of methods, including spam emails, genuine job search websites, email responses to a victim's online CV, instant messaging and newspaper ads.

    This scam offers you the chance to earn some easy money for a few hours' work each week, but beware: Handling money that's been obtained fraudulently is a crime, even if you're not knowingly complicit in the crime.

    You can protect yourself from becoming involved by:

    • Treating any unsolicited job offers with suspicion, especially if the company is based overseas.
    • Verifying the details of any company that you’re considering working for.
    • Not giving your bank account details to anyone whom you don't know and trust.

    Assisting a criminal transfer of monies to another account could make you subject to criminal investigation, which may lead to your prosecution.

    Remember the golden rule: If it sounds too good to be true, it probably is.

  • Card Fraud

    Lost and stolen card fraud

    Counterfeit card fraud or skimming

    A counterfeit card can be a fake card or a valid one that’s been altered or recoded.

    Most cases involve skimming, when the data on your card’s magnetic strip is electronically copied on to another card without your knowledge.

    Skimming commonly occurs at retail outlets – particularly bars, restaurants and petrol stations – and at cash machines that have been illegally fitted with a skimming device. The stolen data is then used to create counterfeit cards.

    Most people are unaware that they’ve fallen victim to this fraud until their statements arrive.

    To protect yourself:

    • Don’t leave your card with bar or restaurant staff for long periods
    • Don’t let retail staff take your card away to process payments
    • Check cash machines for signs of tampering before you use them


    Card-not-present fraud

    This is the most common type of card fraud. It occurs when fraudsters steal your card details and use them to buy things over the internet or by phone, fax or mail. Always be aware of who you are dealing with.


    To protect yourself:

    • Avoid entering your card details on shared or public computers
    • Always remember to log out of any websites where you’ve entered your card details
    • Only enter your card details on secure sites (ie, those whose web address begins with ‘https’ and have a padlock in the browser window)
    • Keep a close eye on your statements and report any fraudulent transactions immediately


    What should I do if I've fallen victim to card fraud

    Contact us immediately if you think you are or may be a victim of fraud on your Investment Account, Investec card or Bank account.

  • ATM Frauds

    In 2013, there has been an increase in ATM card swapping and jamming:
    Card swapping usually happens when a fraudster claims that the ATM is faulty and offers a client assistance. He/she will then swop the client’s card and use it at another ATM to withdraw funds.

    With card jamming, an ATM is tampered with and will hold a client’s card in the card reader. The fraudster will then collect the card and attempt to withdraw funds from the account at a later stage.


    Tips to keep safe at ATMs:

    • Contact us immediately report any suspicious activity to them.
    • If anyone offers to assist you at an ATM or is lurking around the area, rather go to another ATM.
    • Keep your PIN safe at all times. Don't write your PIN down or save it on a device, rather memorise it.
    • Make sure you are using the correct card at the ATM and make sure you get the correct card back when you are done.
    • Be aware of any skimming devices and mini cameras attached to the ATM and look out for any sign of tampering with the card reader slot.
    • If you receive an SMS notification for a transaction that you are unaware of, please contact the Investec Client Support Centre immediately.
    • If the ATM keeps your card or it is lost or stolen, please contact the Client Support Centre immediately to cancel the card.
  • Courier or Police Scams

    Typically a courier card scam involves customers being tricked into handing over their bank cards and PINs to fraudsters.

    The scam starts with an unexpected phone call from someone claiming to be from the bank's fraud department, the police, or National Fraud Authority.

    The caller will claim to have identified fraudulent transactions on your account and that your card has been compromised.

    To gain your trust they may ask you to verify the call by phoning the telephone number printed on the back of your card, or give you another number to call.

    This technique holds your phone line open, so that when you try to dial out, they can intercept and re-answer the call, claiming to be the Bank or Law Enforcement.

    The fraudster will advise that your bank card must be collected to protect your card and assist an investigation. Usually they ask you to put your card into an envelope for a courier to collect and provide you with a fake reference number.

    Now you'll be asked to enter your PIN into the phone, or put it into the envelope with the card.

    A courier comes to your home and collects the card. With your card and PIN, they can now gain access to your account and carry out fraudulent transactions.

    PLEASE NOTE: The bank may genuinely call you for fraud prevention purposes to verify whether a transaction is genuine. We will NEVER ask to collect your card, for your PIN number, card details or Online/Telephone banking log-in credentials.

  • Cheque Fraud

    How does cheque fraud occur?

    Cheque fraud takes place when a fraudster uses a stolen or counterfeit cheque to pay for goods and services. More than 90% of fraudulent cheques are stopped before any loss occurs. But even so, cheque fraud still costs millions of pounds a year.

    These losses can be compounded when the fraud also involves an ‘overpayment’. This occurs when the fraudster – who is often part of an organised gang – targets the seller of a high-value item, such as a car, and offers to pay using a stolen or counterfeit cheque made out to more than the price of the goods. Once the cheque clears, the victim is asked to transfer this ‘overpayment’ to a third party, as well as handing over the item to the fraudster.

    When the real cheque owner discovers that money has been stolen from his or her account, the victim can be obliged to repay the total sum – even if this happens several weeks later.

    How to protect yourself against cheque fraud

    • Don’t accept cheques from anyone unless you know and trust them, especially when a high-value cheque is involved.
    • Be aware that there’s a risk that money credited to your account from a cheque could be reclaimed if the cheque turns out to be stolen or counterfeit.
    • Always consider other ways of accepting payment for high-value items – a CHAPS payment (or guaranteed, same-day bank transfer) is ideal. Be especially wary if the buyer is unwilling to pay or split the relatively small cost involved with you.
    • Keep your chequebook in a safe place.
    • Report any missing cheques to your bank immediately.
    • Always check your bank statements thoroughly.

    What should I do if I've fallen victim to cheque fraud

    Contact us immediately if you think you are or may be a victim of fraud on your Investment Account, Investec card or Bank account.

  • Protect your email account from hacking and fraud

    Protect your email account from hacking and fraud

    Email is now critical to your day-to-day activities and is used for more than simply communicating with friends and colleagues. For example, you may use your email to:

    • Store receipts and statements
    • Store the registration information for purchased software
    • Assist with the recovery of password for websites such as iTunes and eBay
    • Store details about airline and hotel bookings, with passport and ID information
    • Receive confirmation of financial transactions

    Your email account is now immensely valuable and needs to be protected from loss or theft by criminals, who use a variety of techniques to try and steal the password to access your account:

    • Guessing a simple passwords
    • Tricking you to enter your password into a fake site (this is called phishing)
    • Installing a virus on your computer to capture the password as you log in (this is increasingly common in public internet cafes and airport lounges)

    To protect your email account from being stolen, you can take some simple steps:

    • Use a strong password
      A dictionary word used for a password can be ‘brute forced’ in seconds. Ideally, make it a phrase (ILikeIceCream) and then add some numbers (19ILikeIceCream76). This would be nearly impossible for the criminals to guess (and easier for you to remember).
    • Don’t trust unsolicited emails and don’t click on the links in unsolicited emails.
      Criminals often send out emails that look like they came from your Bank, SARS or Professional Institutions (eg SAMA, SAICA, etc) with links to fake websites where they capture your passwords as you try to log in.

      Investec will never ask you to enter your username or password via an email. If you do receive a with a link to log in, it is a fake and an attempt to defraud you.
    • If your email provider (Gmail, Outlook, Yahoo, etc) supports strong or two-factor authentication, make sure you use it. The following section provides details of how to do this.
    • If you suspect that your email account has been compromised, change your password immediately (from a known and trusted PC). 
    • The following section gives you advice on enabling strong or two-factor passwords on your email accounts.


    Google provide a service (similar to online banking) where they will send you an SMS with a unique PIN which you will then need to enter to access your account. This is the best way to protect your account details from being stolen.

    Also ensure that you request Google to notify you by email and phone when any changes are made to your account. If you do, you will receive an email with information about any changes you have made to your account’s security settings.

    How to set up two-step verification on Gmail

    • Sign into your Google Account settings page by clicking on your name or picture in the upper right corner of the screen and then click on ‘Account’.
    • On the left tab, click on ‘Security’ and then ‘Edit’ under ‘2-Step verification’. 
    • You will then see a step-by-step guide to help you through the setup process.
    • Once you are done, you will be taken to the two-step verification settings page again. Be sure to review your settings and add backup phone numbers.
    • You are done! Next time you sign in, you will receive an SMS with a verification code.

    Easy Gmail setup for Android users

    If you only access your Google Account from Android devices, you can use a short walkthrough to set up the Google Authenticator application on your phone. With Google Authenticator, you can generate verification codes on your phone even if your phone is not connected to a network.

    • Sign into your Google Account settings page by clicking on your name or picture in the upper right corner of the screen and then click on ‘Account’.
    • On the left tab, click on ‘Security’ and then ‘Edit’ under ‘2-Step verification’. Then click on ‘Settings’.
    • Android users (4.0 or older) will see a screen with the option to install the Google Authenticator app.
    • If you prefer to receive codes by SMS instead of using the Google Authenticator app, click on the link at the bottom of the screen that says ‘You can receive codes by text message (SMS) or voice instead’ and follow the instructions to complete the setup.
    • If you would like to use Google Authenticator, click ‘Send me the app’ to install the app on your phone and follow the instructions on your screen to complete the setup process.
    • You are done! Next time sign in, you will be prompted to enter a code you will receive from the Authenticator app.


    Yahoo checks not only the password when somebody attempts to log into your account, it also looks at the location and computer where the attempt is made. If it looks suspicious (such a device you have never used before), Yahoo! Mail can require more than just your password, but you must have enabled two-step authentication.

    If you have enabled two-step authentication, a second step is necessary to complete login. This can be a code sent to your mobile phone or answering security questions. You can also turn off the latter and require only mobile phone verification.

    The Yahoo! Mail account is then as secure as your password and access to your mobile.

    How to protect your account with two-step authentication

    To add a second layer of authentication for suspicious login attempts (from a new country, for example) to your Yahoo! Mail account:

    • Hover the mouse cursor over your name or icon in the top Yahoo! Mail navigation bar
    • Select ‘Account Info’ from the menu
    • If prompted, type your Yahoo! Mail password under ‘Password'
    • Click on ‘Sign In’
    • Under ‘Sign-In and Security’, follow the ‘Set up your second sign-in verification’ link
    • Under ‘Further Protect Your Account’ make sure ‘Check this box to turn on the second sign-in verification’ is checked
    • If you already have a mobile phone number associated with your account, click on ‘Use Current Phone’ to use it for two-step authentication or click on ‘Use New Phone’ to use a different phone number.

    Please note that the form on this page may not allow you to enter phone numbers in all the countries Yahoo! can actually deliver verification codes to. You can add those mobile numbers on your account (see below).

    If you have not yet set up a mobile phone number or chose ‘Use New Phone’

    • Enter your phone number under ‘Second Sign-In Verification Setup: Add Mobile Phone’ 
    • Click ‘Receive SMS’
    • Type the verification code received at the number under ‘Enter code’. The code is not case-sensitive
    • Click on ‘Verify Code’
    • To request SMS message verification under ‘Your second sign-in verification is turned on’, choose ‘Use only my mobile phone number for verification’.
    • For a two-step authentication with a password and security question, you can choose ‘Use either my security question or mobile phone number for verification’.

    Two-step authentication will only apply when you are accessing through the website, not when you are using an App on your phone or PC.

    How to add a mobile number not recognised on the two-step verification form

    To set up a new mobile phone number for recovering access to Yahoo! Mail:

    • Click your name or avatar in the top Yahoo! Mail navigation bar
    • Select ‘Account Info’ from the menu
    • Follow the ‘Update password-reset info’ link under ‘Sign-In and Security’
    • Click ‘Add another under Mobile Numbers’
    • Enter your mobile phone number
    • Click the country code to pick a different one
    • Click on ‘Save’. 


    To enable two-step authentication, visit the and then navigate to Here, you will see a link to set up two-step verification.

    Please note: You cannot have other Microsoft accounts linked to the Microsoft account you are trying to enable two-step authentication for. If you do, you will be prompted to unlink the accounts.

    There is a short wizard. All you really need to do is be contacted via one of the alternate methods you previously supplied, for example a second email address. Microsoft will send a code to that account with the message “We need one more way to make sure you’re you”. When you enter the code, it enables the two-step verification.

    Use two-step authentication

    Two-step authentication is used in two ways - a security code or an app password. Put simply, whenever you need to sign into anything with your Microsoft account credentials (username and password), try doing so normally. If it works, great. Otherwise, you could be prompted to enter a security code. If not, you will need an app password.

    Security code

    If you have signed into Windows 8 with a Microsoft account and trusted the PC, you would have seen the security code prompt: ‘Microsoft will send a text message to your mobile phone that contains this code’.

    You must then enter that code on the website or in Windows or wherever you are prompted.

    That is one form of two-step authentication - your Microsoft account credentials plus the security code.

    App password

    You can now also create an app password for those apps or devices that do not work with the security code system.

    One example is Microsoft Outlook 2013. If you had previously configured Outlook for Hotmail or and then configured the underlying Microsoft account, the next time you use the application, you will be prompted to enter your credentials again. Your normal password will not work - you need an app password.

    You can generate an app password at the, again from

    Just tap the link ‘Create a new app password’ under App Passwords. When you do, you’ll be provided with an app password that you can type (or copy and paste) into the application.

    This also works from mobile browsers like the one on Windows Phone. This is handy because you may run into this issue with mobile apps as well.  You can then use the phone’s copy and paste capability to get the app password into the mobile app that’s not authenticating properly against your Microsoft account.

    Authenticator mobile app

    When you need to generate a security code but have no cellular coverage, for example when you are flying, Microsoft provides a mobile app called Authenticator that can generate these codes in offline mode.

    You need to configure the Authenticator app to work with your Microsoft account. Visit on

    But this time, click the ‘Set up’ link under Authenticator app. In the next screen, you will be prompted to pair your phone with your Microsoft account using a bar code tag.

    In the Authenticator app on Windows Phone, tap the Add (+) app bar button to add your account.

    Then, tap the ‘Scan’ button that resembles a camera icon to scan the bar code. The app will quickly scan the bar code and then generate a code that you can type into the web page. Then, click the ‘Pair’ button to complete the process.

    Going forward, the app will generate a new code automatically every 30 seconds. If you ever need to use a code to sign into your Microsoft account and your phone is offline, you can use this app to get the code.

  • Companies not connected to the Investec Group

    It has come to our attention that members of the public are receiving telephone calls and correspondence from the following people and companies:-

    Maurice O’Leary, Compliance Director
    Miss. Noleen Charles, Client Services Manager
    Objective Returns PLC
    2nd Floor, Beaux Lane House
    Lower Mercer Street
    Dublin 2
    Tel: 00353 1902 3930
    Fax: 00353 1902 3934

    Quoting the FCA regulation number: 580716

    The Financial Conduct Authority (FCA) already has a warning message on their website concerning Objective Returns. Please refer to the FCA’s website:-

    Please note neither of the aforementioned persons or companies are connected to or represent Investec Private Bank PLC or any other Investec Group Company.