Fraud prevention

Protecting your data, identity, and money

Most of us think the world of fraud will never touch us. Until it does.

Know Fraud security image
In our increasingly digital age, cybercrime is on the rise. But not all fraud relies on sophisticated technology. Sometimes a common, simple deception can separate you from your money. 
When you know fraud, you are empowered to prevent it. Be vigilant, be proactive, be secure.

Attention: Alert

Whatsapp fraud alert
As with SMS or phone calls, it is possible for other users to contact you on WhatsApp. Unfortunately, some of these people could be fraudsters who may send spam, fake news, and phishing messages to deceive and manipulate you.
During the Covid-19 pandemic and lockdown, we have noticed a sharp rise in WhatsApp scams with fake profiles targeting our clients.
The messages appear to be from Investec and offer investment opportunities or make appeals for philanthropic contributions. We have attached some screenshots from these fake profiles. 
Remember – We’ll never ask you for personal or banking details over WhatsApp. 
If you receive a suspicious WhatsApp or SMS, please contact your Private Banker or the 24/7 global Client Support Centre on 0860 110 161 or +27 11 286 9663 immediately.

Protect yourself from fraud

Find out how fraudsters target their victims – and how you can protect yourself.

What we are doing to protect you

Learn what our vigilant Fraud and Security teams do every day to protect your most important assets.

Warning: coronavirus scams

Criminals are using the publicity around COVID-19 (coronavirus) to commit fraud. In the past weeks, a large number of individuals have received fraudulent texts to their mobile, claiming they have been fined for leaving the house multiple times. victims are then asked to click a link to provide personal and financial details. This is a scam. Avoid clicking on any links contained in texts or emails you were not expecting- fraudsters may be phishing for personal details, and your device can also be infected with malware. Please refer to our Focus article for more information.

Fraudsters are also taking advantage of the volatile situation in the financial sector and marketing fake investment opportunities, particularly in cryptocurrency. Be extra vigilant when making investment decisions: some more advice can be found here.
If you think you have fallen victim to a scam, contact us on 0330 123 1966 (UK) / 0860 110 161 (SA) immediately, as well as Action Fraud.




Reporting fraud on your account

Urgent contact numbers

To report a card that is lost or stolen, or if you suspect fraud on your card or account, please call us.
SA clients: 0860 110 161
(outside of SA, +27 011 286 9663)
UK clients: 0330 123 1966
(outside the UK, +44 20 7597 4044)

Emergency help

Are you a UK Private Bank client needing support?
Please see your emergency help page.




Recognising fraud and scams


Look for the basic warning signs - interest rates too high, fast returns, cold calls.


If instinct tells you something is too good to be true, it probably is.


If someone says they work for an organisation, check it independently.

See the many types of fraud and scams you could be a victim to




What do I do if I’m suspicious of someone who has contacted me saying they’re from Investec?

what to do fraud image
If you suspect that someone is pretending to be from Investec, do not hesitate – stop all communications (hang up/ don’t answer to the email) and call us via a known number you have, or the 24/7 global client service centre.
Rest assured – if the person who got in touch with you is indeed from Investec, they won’t mind if you call them back to our main office number.
If you receive a suspicious email, please forward it to [email protected] as an attachment, so we can deal with it.
It’s important that you let us know of impersonators. Even if you’re not a client, we believe that you should receive our fraud prevention support and advice.

Remember that fraudsters may contact you by telephone, email, SMS or text, letter or direct you to a website. These may look legitimate, with similar-sounding names to a bank or financial institution.


By adding official-looking logos, banking registration details, and company numbers, these well-crafted deceptions give the impression that everything is right. If you’re not sure, call the head office switchboard, and never use numbers supplied by the person of whom you’re suspicious.


If you’ve already transferred money or information to a fraudster, contact your bank immediately. The bank may not recover all of it, but if you move quickly, it will recover what it can.


We maintain a list of companies and people who claim to be from Investec. With your feedback, we can keep everyone informed. You can review our latest fraud alerts here.  

‘Investec will never request personal details or other sensitive information via email or ask you for your PIN. We will never request you to click on a link to access your account.’

Contact us

If you suspect fraud on your account, contact us immediately, at any time of the day or night.

SA: 0860 110 161 / +27 011 286 9663
UK: 0330 123 1966/ +44 20 7597 4044




Protect yourself from fraud

Stay safe online with these helpful tips

Investec online image

Use Investec Online

Our online banking service is hosted on a secure 128-bit encrypted server. This means that any information you send us is encoded for your protection.

Protect your identity

Protect your identity

Your personal details are valuable. Don’t respond to unexpected requests for validation of your security or personal details.
Protect your devices

Protect your devices

There’s no such thing as free wifi. Make sure no-one can access or install malware in your computer and mobile devices.
Firewalls and antivirus

Recognise malicious apps

Malware is a term for various forms of malicious software. It’s transmitted via email attachments and infected websites.
Keep emails safe

Keep your emails safe

From email hacking and ‘phishing’ to fake unsubscribe buttons, find out the ways fraudsters are trying to trick you.




What we do to protect you

what we do to protect you image

Predict, detect, prevent and respond

Looking after your security is a fundamental part of our business. We know that you want to receive an exceptional client experience, and staying safe is primordial.
As an Investec client, you benefit from the combination of our expertise in the security, risk, and fraud prevention disciplines.
The threat landscape evolves every day, and we work hard to adapt our security architecture, so as to manage associated risks.

Our security programme is broken up into three main components:

Fraud prevention


Information security

Fraud prevention

Fraud prevention

The Investec Fraud team works to protect our business and clients from becoming victims of fraud.


Investec has various layers of control, including prevention and deterrence, detection and mitigation, repair and recovery, investigation, and learning.


To do this, the team uses industry-leading real-time fraud detection systems to pick up potentially fraudulent payments.


The team is made of experienced professionals, who are part of various fraud-prevention forums and groups, and regularly attend events and conferences to stay a step ahead.


They also make sure that you, our client, is made aware of fraud threats with education campaigns and alerts, and help train Investec colleagues to also protect you, themselves and our business
from fraudsters.



Our Cybersecurity team actively seeks potential vulnerabilities within the Investec application and infrastructure architecture.


These experts use constant research to stay at the leading edge of changes in potential threats to the landscape of our technology and processes.


Using this knowledge, the team plays an important role in product development, making sure that all applications are secure by design. 


They also raise new threats they identify with the Information Security teams, to put preventative measures in place, and minimise potential cyber incidents.

Information security

Information security

Investec’s Information Security team is responsible for the systematic implementation and monitoring of technology. 


The team maintains a close relationship with the Fraud and Cybersecurity teams. They also meet security researchers and providers to ensure a best-practice approach to mitigating risk. 


By closely monitoring the security landscape, the team makes sure that we know about any threats, that we’re ready in case of incidents, and that we can quickly address any vulnerabilities.


There’s no ‘one size fits all’ approach to security. At Investec, we manage risk in a holistic way, combining these three disciplines.


Within each of these pillars, we categorise threats and threat actors according to likelihood, complexity, and impact. Each case is different, and this way we can assess, measure, and refine the risk level of each threat effectively.




Protect yourself from fraud

Helpful tips about online banking, your computer, mobile phone and other devices.

  • Investec Online

    Our online banking service is hosted on a secure 128-bit encrypted server. This means that any information you send us is encoded for your protection.

    • Your password protects your account from unauthorised access and no bank will ever ask you for it. Never email, write down or tell someone your security information or login details. 
    • The only time you will ever need to enter your Investec ID and password is when you log into Investec Online for your online banking at our website (

    Timed log out

    Investec Online logs you out if you don't use the service for 10 minutes. This gives you added protection if you forget to log yourself out. However, we recommend you always log out and end your session by using the ‘Log out’ button before closing the browser.

    Deactivation of your login details

    We'll automatically disable your access to Investec Online if three incorrect attempts are made to log in using your details. This is to stop fraudsters making repeated attempts to get into your accounts.
    • Register devices that you wish to access Investec Online from. This will help us detect when someone is trying to impersonate you on another device.
    • Only access Investec Online from your own devices, not from public computers, as your details could be recorded.
    • Please don’t leave a computer unattended while logged into Investec Online.
    • Never log into Investec Online via any emails with hyperlinks or shortcuts.
    • Never save any login IDs or passwords in your browser or on any of your devices. Disable, refuse, or decline any onscreen prompt on your computer that asks if you wish the computer to remember your passwords.
    • We encourage you to create complex passwords that are difficult to guess and time-consuming for hackers to crack. It should only be known by you and kept in a safe and secure place. Please avoid family or familiar names, numbers, and places, such as birthdays, phone numbers – any information that can be found on social media or the internet.
    • Please check your monthly statements and balances carefully. Many fraudulent transactions are for regular small amounts that occur over several months, disguised as a subscription you forgot you had or did not cancel. Fraudsters would prefer to empty your bank account if you have a large amount of cash spare. If not, they will gratefully accept monthly donations.
  • Protect your identity

    • Your personal details are valuable. Don’t respond to unexpected requests for validation of your security or personal details, by phone, text, or emails.
    • Limit the number of personal details you share online (ie date/place of birth on social media sites etc)
    • Review what social media sites or Google and other search engines know about you – erase what you don’t wish to be known.
    • Create and use different passwords for each service provided by Investec and other financial service providers.
    • Protect your printed or physical information and destroy or shred unwanted personal documents, old paper statements, and credit and debit cards.
    • Never use complimentary computers in airport lounges and hotels to do your banking.
    • If you need to use Investec Online while travelling, use international roaming or buy a SIM card in the country you’re visiting. Remember, if you don’t have roaming on your phone, you won’t get SMS payment notifications and may not be aware of fraudulent transactions until you’re back home.

    Are you travelling?

    Before travelling, contact our 24/7/365 global Client Support Centre or let your banker know that you’re away. We will be able to monitor your profile for any suspicious or fraudulent activity.
    You can also enter your travel dates on Investec Online and the App before your travel.
  • Protect your devices

    Your computer

    • Ensure no one has unauthorised access to your computer.
    • Use a password to access your own computer, restrict access to prevent programme installations.
    • Destroy or delete anything containing login details or security information, even if Investec has sent it to you.

    Free Wi-Fi

    Please do not use free public Wi-Fi when trying to access your banking and online transactions.

    In fact, do not try to access any account that requires a user name and password – even social media, when using free Wi-Fi, because of ‘sniffing’. ‘Sniffing’ is the phrase used by fraudsters to capture data from your laptop or mobile phone. When you launch an app (especially those that have stored your user ID and password), your security details are re-sent every time you launch the app, sometimes in an unencrypted form. Then, when you view your email accounts or social media posts, your security details are captured and used by fraudsters, who begin creating a profile of you.

    Watch this video for more


    Registration of your devices

    • Always register your devices that require access to Investec Online. We will send you an alert if someone tries to register another device.
    • Please do not ignore that alert or simply accept the notice, as this is the beginning of someone attempting to take over your account.
    • We will also be alerted if you access the Investec Online from another machine, so please be aware and take time to register new devices and delete old ones.
  • Firewalls and antivirus

    Always Install a personal firewall product and antivirus protection product for your devices. The firewall sits between your computer and the internet and acts as a security guard, restricting what can enter and leave your computer. Hackers try to access or infect home computers by connecting to your computer while you’re surfing the internet. The best way to protect your computer from unauthorised connections from the internet is to install a personal firewall. There are several options on the market, some of which are free. 

    At first, the firewall may ask you what you want to allow in or out of your computer. However, it soon learns to make these decisions independently, based on the decisions you make early on. The most important point is never to allow anyone else to connect to your computer.

  • Malware

    Malware is a term for various forms of malicious software. It is transmitted via email attachments and infected websites. Here are the most common -

    • Key loggers – Programs that record all keystrokes performed on an infected computer. This gives the attackers access to anything that may have been typed in such as account numbers, passwords, and PINs. This is transmitted when you are online and the fraudsters can begin to take over people's accounts.
    • Spyware – Software that tracks and stores a person’s movements on the internet, then provides pop-ups based on a person’s spending habits, to lure them to a fake website in an attempt to trick them into entering their account details.
    • Ransomware – A nasty form of malware that encrypts all information on the infected computer and demands a ransom fee to be paid in order to unlock the data. This type of infection can result in significant data loss. 
    • Trojans – Running in the background and hiding from view, these programmes frequently open a ‘back door’ into a computer, allowing a fraudster to access information or take full control over the machine. This allows them to intercept banking details and passwords as they are keyed in.
    • Counterfeit or ‘cracked’ software - Acquiring ‘cheap’ computer operating or business software may not prove to be cheap in the long run, as fraudsters like to offer this online, but secretly add their own ‘added value’ – such as trojans/malware which can read your security details and passwords. Purchase genuine software. Keep your internet browser and other software on your computer up to date with the latest security patches, to protect yourself and your money. 

    Mobile phone

    • Apps - Use only those ‘apps’ that are downloaded from official sites. Free apps from unofficial sources may have malware, the same as counterfeit or ‘cracked’ computer software.
    • Antivirus - Ensure you have an antivirus installed if your operating software allows it. Just like your laptop or main computer, keep the antivirus and software up to date. 
    • Jailbroken devices - Jailbreaking a mobile device is the process of removing the software restrictions embedded by the device manufacturer, which may include the security protection mechanisms. In order to keep your account information secure, you are not able to use the Investec mobile apps on a jailbroken device.
    • Passwords protection - Make sure you secure your mobile device by setting a passcode greater than a four-digit PIN or fingerprint scanning if your device supports this functionality. 

    Lost your mobile phone?

    If you lose your device, call our 24/7global Client Support Centre to disable it, or disable the device yourself via Investec Online. Once disabled, it can no longer be used to access our online services.
  • Emails

    Fake email messages or phishing

    ‘Phishing’ is when fraudsters send thousands of emails in the hope that they will catch a victim. It just takes one to make it worthwhile. The email may look real, but there are always small clues to warn you.

    • What is the full email address used – does it look odd?
    • How are you greeted? Dear Customer / Your name / Nothing?
    • Does it ask you to log in from a link on the email?
    • Does it say there are security issues?
    • Does it advise you that it is urgent and immediate?

    Always take time to read an unexpected email. Fraudsters are counting on you being far too busy or worried so you don’t think clearly and will do what they request.

    Spoofing and hacking emails

    A ‘spoof’ email is where a fraudster will send you a Phishing email, but it is from a name you may know.  Well-known global corporates email formats are copied and fraudsters trick you into believing your package or order needs your attention by clicking on a link, to obtain your security details.

    Recently this has developed into sending specific emails (also called ‘spear phishing’). This might relate to a real estate sale or purchase or hospital expense, claiming to be from a lawyer and requiring your payment, to the attached bank details.

    Fraudsters obtain details through various means and can create a spoof mail that looks legitimate and you are expecting it, making it even easier for them to persuade you to make the payment.



    Fraudsters have obtained access to your email account and are able to read and create emails in your name. This means they can mail your friends and contacts, as well as knowing what financial deals you may have underway and create that ‘spoof’ email to encourage you to make a payment. Please change your password if you see or receive any unusual activity.


    Don't unsubscribe on emails from random advertisers

    To check if your email is valid, fraudsters send a spoof/spam email with shopping, sports, or holiday offers. If you click to unsubscribe, they will then have a valid email address and can target you as they try to obtain more information about you.


    Review your sent and deleted items folder

    Take time to check your sent and deleted items folder on your computer. Are there messages you have not sent?  Your computer may have a virus or your email account may have been hacked or compromised. 

    Don’t store confidential information in your emails folders. Store personal documents and emails on your computer in a secure folder on your computer.  You can also securely store documents in My Briefcase on Investec Online. 


    Attachments or links

    Avoid clicking on any links or opening attachments included in unexpected emails, texts, or social media messages. These may be disguised as a tax refund, parcel delivery, invoices to get you to click on them.

  • Text messages

    In the same way that email addresses can be spoofed, so can phone numbers. That way, it can look as though you’re receiving a call from a trusted number – even your bank’s genuine one. Text messages from spoofed numbers can appear in an existing thread of messages. 


    Recently, many consumers have been receiving fraudulent texts asking them to confirm a transaction they did not authorise, or verify a new beneficiary that has been added. However, the message will contain a link to click through to, if you don’t recognise the transaction. This leads to a phishing page, where victims are asked to input their details. Alternatively, the compromised site can download malware to your device.


    • If you get a message about account activity you were not expecting, call your bank immediately on a trusted number. 
    • Don’t click on links contained in this type of SMS.
    • If you want to access online banking, do so through the app or known website, which you can find on Google. 
    • You can also report suspicious texts by forwarding the original message to 7726, which spells SPAM on your keypad.

‘I have been a victim of fraud, what next?’

If you have suffered from fraud, report this to us immediately by contacting our client service centre. We also urge you to report this to the authorities online at the following websites:
If you are in the UK –
In South Africa –