Fraud prevention

Protecting your data, identity and money

Most of us think the world of fraud will never touch us. Until it does.

Know Fraud security image
In our increasingly digital age, cybercrime is on the rise. But not all fraud relies on sophisticated technology. Sometimes a common, simple deception can separate you from your money. 
 
When you know fraud, you are empowered to prevent it. Be vigilant, be proactive, be secure.

Protect yourself from fraud

Find out how fraudsters target their victims – and how you can protect yourself.

What we are doing to protect you

Learn what our vigilant Fraud and Security teams do every day to protect your most important assets.
 
 
 

‘I have been a victim of fraud, what next?’

If you have suffered from fraud, report this to us immediately by contacting your Investec banker or relationship manager. We also urge you to report this to your local authorities.
 
 
 

Recognising fraud and scams

1

Look for the basic warning signs - interest rates too high, fast returns, cold calls.

2

If your instinct tells you that something is too good to be true, then it probably is.

3

If someone says they work for an organisation, check it independently.

Check out the many types of fraud and scams you could fall victim of

 
 
 

What do I do if I’m suspicious of someone who has contacted me saying they’re from Investec?

what to do fraud image
Investec will never get in touch with you if you haven’t asked us to.
 
If you believe someone is pretending to be from Investec, it’s important that you let us know – even if you’re not a client.
  • Call the 24/7 global client service centre
  • Forward the email as an attachment and/or send us the web address to [email protected] 
 
Remember that fraudsters may contact you by telephone, email, SMS or text, letter or direct you to a website. These may look legitimate, with similar sounding names to a bank or financial institution.
 
By adding official-looking logos, banking registration details and company numbers, these well-crafted deceptions give the impression that everything is right. If you’re not sure, call the head office switchboard, and never use numbers supplied by the person that you’re suspicious of.
 
If you’ve already transferred money or information to a fraudster, contact your bank immediately. The bank may not recover all of it, but if you move quickly, it will recover what it can. 
 
We maintain a list of companies and people who claim to be from Investec. With your feedback, we can keep everyone informed. You can review our latest fraud alerts here.  
 
‘Investec will never request personal details or other sensitive information via email or ask you for your PIN. We will never request you to click on a link to access your account.’
 
 
 

Protect yourself from fraud


Stay safe online with these helpful tips

Investec online image

Use Investec Online

Our online banking service is hosted on a secure 128-bit encrypted server. This means that any information you send us is encoded for your protection.

Protect your identity

Protect your identity

Your personal details are valuable. Don’t respond to unexpected requests for validation of your security or personal details.
 
Protect your devices

Protect your devices

There’s no such a thing as a free wifi. Make sure no-one can access or install malware in your computer and mobile devices.
Firewalls and antivirus

Recognise malicious apps

Malware is a term for various forms of malicious software. It’s transmitted via email attachments and infected websites.
Keep emails safe

Keep your emails safe

From email hacking and ‘phishing’ to fake unsubscribe buttons, find out the ways fraudsters are trying to trick you.

 
 
 

What we do to protect you

what we do to protect you image

Predict, detect, prevent and respond

Looking after your security is a fundamental part of our business. We know that you want to receive an exceptional client experience, and staying safe is primordial.
 
As an Investec client, you benefit from the combination of our expertise in the security, risk and fraud prevention disciplines.
 
The threat landscape evolves every day, and we work hard to adapt our security architecture, so to manage associated risks.
  

Our security programme is broken up into three main components:

  • Fraud prevention

    Fraud prevention

    The Investec Fraud team works to protect our business and clients from becoming victims of fraud.
     
    Investec has various layers of control, including prevention and deterrence, detection and mitigation, repair and recovery, investigation and learning.
     
    To do this, the team uses industry-leading real-time fraud detection systems to pick up potentially fraudulent payments.
     
    The team is made of experienced professionals, who are part of various fraud-prevention forums and groups, and regularly attend events and conferences to stay a step ahead.
     
    They also make sure that you, our client, is made aware of fraud threats with education campaigns and alerts, and help train Investec colleagues to also protect you, themselves and our business
    from fraudsters.
  • Cybersecurity

    Cybersecurity

    Our Cybersecurity team actively seeks potential vulnerabilities within the Investec application and infrastructure architecture.
     
    These experts use constant research to stay at the leading edge of changes in potential threats to the landscape of our technology and processes.
     
    Using this knowledge, the team plays an important role in product development, making sure that all applications are secure by design. 
     
    They also raise new threats they identify with the Information Security teams, to put preventative measures in place and minimise potential cyber incidents.
  • Information security

    Information security

    Investec’s Information Security team is responsible for the systematic implementation and monitoring of technology. 
     
    The team maintains a close relationship with the Fraud and Cybersecurity teams. They also meet security researchers and providers to ensure a best-practice approach to mitigating risk. 
     
    By closely monitoring the security landscape, the team makes sure that we know about any threats, that we’re ready in case of incidents, and that we can quickly address any vulnerabilities.
     

Fraud prevention
Cybersecurity
Information security

Fraud prevention

The Investec Fraud team works to protect our business and clients from becoming victims of fraud.
 
Investec has various layers of control, including prevention and deterrence, detection and mitigation, repair and recovery, investigation and learning.
 
To do this, the team uses industry-leading real-time fraud detection systems to pick up potentially fraudulent payments.
 
The team is made of experienced professionals, who are part of various fraud-prevention forums and groups, and regularly attend events and conferences to stay a step ahead.
 
They also make sure that you, our client, is made aware of fraud threats with education campaigns and alerts, and help train Investec colleagues to also protect you, themselves and our business
from fraudsters.

Cybersecurity

Our Cybersecurity team actively seeks potential vulnerabilities within the Investec application and infrastructure architecture.
 
These experts use constant research to stay at the leading edge of changes in potential threats to the landscape of our technology and processes.
 
Using this knowledge, the team plays an important role in product development, making sure that all applications are secure by design. 
 
They also raise new threats they identify with the Information Security teams, to put preventative measures in place and minimise potential cyber incidents.

Information security

Investec’s Information Security team is responsible for the systematic implementation and monitoring of technology. 
 
The team maintains a close relationship with the Fraud and Cybersecurity teams. They also meet security researchers and providers to ensure a best-practice approach to mitigating risk. 
 
By closely monitoring the security landscape, the team makes sure that we know about any threats, that we’re ready in case of incidents, and that we can quickly address any vulnerabilities.
 
 
There’s no ‘one size fits all’ approach to security. At Investec, we manage risk in a holistic way, combining these three disciplines.
 
Within each of these pillars, we categorise threats and threat actors according to likelihood, complexity and impact. Each case is different, and this way we can assess, measure and refine the
risk level of each threat effectively.

Protect yourself from fraud

Helpful tips about online banking, your computer, mobile phone and other devices.
  • Investec Online

    Our online banking service is hosted on a secure 128-bit encrypted server. This means that any information you send us is encoded for your protection.
    • Your password protects your account from unauthorised access and no bank will ever ask you for it. Never email, write down or tell someone your security information or login details. 
    • The only time you will ever need to enter your Investec ID and password is when you log into Investec Online for your online banking at our website (Investec.com)

    Timed log out

    Investec Online logs you out if you don't use the service for 10 minutes. This gives you added protection if you forget to log yourself out.However, we recommend you always log out and end your session by using the ‘Log out’ button before closing the browser.

    Deactivation of your login details

    We'll automatically disable your access to Investec Online if three incorrect attempts are made to log in using your details. This is to stop fraudsters making repeated attempts to get into your accounts.
    • Register devices that you wish to access Investec Online from. This will help us detect when someone is trying to impersonate you on another device.
    • Only access Investec Online from your own devices, not from public computers, as your details could be recorded.
    • Please don’t leave a computer unattended while logged into Investec Online.
    • Never log into Investec Online via any emails with hyperlinks or shortcuts.
    • Never save any login IDs or passwords in your browser or on any of your devices. Disable, refuse or decline any onscreen prompt on your computer that asks if you wish the computer to remember your passwords.
    • We encourage you to create complex passwords that are difficult to guess and time consuming for hackers to crack. It should only be known by you and kept in a safe and secure place. Please avoid family or familiar names, numbers and places, such as birthdays, phone numbers – any information that can be found on social media or the internet.
    • Please check your monthly statements and balances carefully. Many fraudulent transactions are for regular small amounts that occur over several months, disguised as a subscription you forgot you had or did not cancel. Fraudsters would prefer to empty your bank account, if you have a large amount of cash spare. If not, they will gratefully accept monthly donations
  • Protect your identity

    • Your personal details are valuable. Don’t respond to unexpected requests for validation of your security or personal details, by phone, text or emails.
    • Limit the amount of personal details you share online (ie date/place of birth on social media sites etc)
    • Review what social media sites or Google and other search engines know about you – erase what you don’t wish to be known.
    • Create and use different passwords for each service provided by Investec and other financial service providers.
    • Protect your printed or physical information and destroy or shred unwanted personal documents, old paper statements, and credit and debit cards.
    • Never use complimentary computers in airport lounges and hotels to do your banking.
    • If you need to use Investec Online while travelling, use international roaming or buy a SIM card in the country you’re visiting. Remember, if you don’t have roaming on your phone, you won’t get SMS payment notifications and may not be aware of fraudulent transactions until you’re back home.

    Are you travelling?

    Before travelling, contact our 24/7/365 global Client Support Centre or let your banker know that you’re away. We will be able to monitor your profile for any suspicious or fraudulent activity.
     
    You can also enter your travel dates on Investec Online and the App before your travel.
  • Protect your devices

    Your computer

    • Ensure no one has unauthorised access to your computer.
    • Use a password to access your own computer, restrict access to prevent programme installations.
    • Destroy or delete anything containing login details or security information, even if Investec has sent it to you.

    Free Wi-Fi

    Please do not use free public Wi-Fi when trying to access your banking and online transactions.
    In fact, do not try to access any account that requires a user name and password – even social media, when using free Wi-Fi, because of ‘sniffing’. ‘Sniffing’ is the phrase used by fraudsters to capture data from your laptop or mobile phone. When you launch an app (especially those that have stored your user ID and password), your security details are re-sent every time you launch the app, sometimes in an unencrypted form. Then, when you view your email accounts or social media posts, your security details are captured and used by fraudsters, who begin creating a profile of you.
    Watch this video for more

     

    Registration of your devices

    • Always register your devices that require access to Investec Online. We will send you an alert if someone tries to register another device.
    • Please do not ignore that alert or simply accept the notice, as this is the beginning of someone attempting to take over your account.
    • We will also be alerted if you access the Investec Online from another machine, so please be aware and take time to register new devices and delete old ones.
  • Firewalls and antivirus

    Always Install a personal firewall product and antivirus protection product for your devices.The firewall sits between your computer and the internet and acts as a security guard, restricting what can enter and leave your computer. Hackers try to access or infect home computers by connecting to your computer while you’re surfing the internet. The best way to protect your computer from unauthorised connections from the internet is to install a personal firewall. There are several options on the market, some of which are free. 
    At first, the firewall may ask you what you want to allow in or out of your computer. However, it soon learns to make these decisions independently, based on the decisions you make early on. The most important point is never to allow anyone else to connect to your computer.

  • Malware

    Malware is a term for various forms of malicious software. It is transmitted via email attachments and infected websites. Here are the most common -
    • Key loggers – Programs that record all key strokes performed on an infected computer. This gives the attackers access to anything that may have been typed in such as account numbers, passwords and PINs. This is transmitted when you are online and the fraudsters can begin to take over peoples accounts.
    • Spyware – Software that tracks and stores a person’s movements on the internet, then provides pop-ups based on a person’s spending habits, to lure them to a fake websites in an attempt to trick them into entering their account details.
    • Ransomware – A nasty form of malware that encrypts all information on the infected computer and demands a ransom fee to be paid in order to unlock the data. This type of infection can result in significant data loss. 
    • Trojans – Running in the background and hiding from view, these program frequently open a ‘back door’ into a computer, allowing a fraudster to access information or take full control over the machine. This allows them intercept banking details and passwords as they are keyed in.
    • Counterfeit or ‘cracked’ software - Acquiring ‘cheap’ computer operating or business software may not prove to be cheap in the long run, as fraudsters like to offer this online, but secretly add their own ‘added value’ – such as trojans/malware which can read your security details and passwords. Purchase genuine software. Keep your internet browser and other software on your computer up to date with the latest security patches, to protect yourself and your money. 

    Mobile phone

    • Apps - Use only those ‘apps’ that are downloaded from official sites. Free apps from unofficial sources may have malware, the same as counterfeit or ‘cracked’ computer software.
    • Antivirus - Ensure you have antivirus installed, if your operating software allows it. Just like your laptop or main computer, keep the antivirus and software up to date. 
    • Jailbroken devices - Jailbreaking a mobile device is the process of removing the software restrictions embedded by the device manufacturer, which may include the security protection mechanisms. In order to keep your account information secure, you are not able to use the Investec mobile apps on a jailbroken device.
    • Passwords protection - Make sure you secure your mobile device by setting a passcode greater than a four-digit PIN or fingerprint scanning, if your device supports this functionality. 

    Lost your mobile phone?

    If you lose your device, call our 24/7global Client Support Centre to disable it, or disable the device yourself via Investec Online. Once disabled, it can no longer be used to access our online services.
  • Emails

    Fake email messages or phishing

    ‘Phishing’ is when fraudsters send thousands of emails in the hope that they will catch a victim. It just takes one to make it worthwhile. The email may look real, but there are always small clues to warn you.
    • What is the full email address used – does it look odd?
    • How are you greeted? Dear Customer / Your name / Nothing?
    • Does it ask you to log in from a link on the email?
    • Does it say there are security issues?
    • Does it advise you that it is urgent and immediate?

    Always take time to read an unexpected email. Fraudsters are counting on you being far too busy or worried so you don’t think clearly and will do what they request.

    Spoofing and hacking emails

    A ‘spoof’ email is where a fraudster will send you a Phishing email, but it is from a name you may know.  Well-known global corporates email formats are copied and fraudsters trick you into believing your package or order needs your attention by clicking on a link, to obtain your security details.
    Recently this has developed into sending specific emails (also called ‘spear phishing’). This might relate to a real estate sale or purchase or hospital expense, claiming to be from a lawyer and requiring your payment, to the attached bank details.
    Fraudsters obtain details through various means and can create a spoof mail that looks legitimate and you are expecting it, making it even easier for them to persuade you to make the payment.
     

    Hacking

    Fraudsters have obtained access to your email account and are able to read and create emails in your name. This means they can mail your friends and contacts, as well as knowing what financial deals you may have underway and create that ‘spoof’ email to encourage you to make a payment. Please change your password if you see or receive any unusual activity.
     

    Don't unsubscribe on emails from random advertisers

    To check if your email is valid, fraudsters send a spoof/spam email with shopping, sports or holiday offers. If you click to unsubscribe, they will then have a valid email address and can target you as they try to obtain more information about you.
     

    Review your sent and deleted items folder

    Take time to check your sent and delted items folder on your computer. Are there messages you have not sent?  Your computer may have a virus or your email account may have been hacked or compromised. 
    Don’t store confidential information in your  emails folders. Store personal documents and emails on your computer in a secure folder on your computer.  You can also securely store documents in My Briefcase on Investec Online. 
     

    Attachments or links

    Avoid clicking on any links or opening attachments included in unexpected emails, texts or social media messages. These may be disguised as a tax refund, parcel delivery, invoices to get you to click on them.