know fraud listing image
 

Fraud

Protecting your data, identity and money

Most of us think the world of fraud will never touch us. Until it does.

Know Fraud security image

In our increasingly digital age, cybercrime is on the rise. But not all fraud relies on sophisticated technology. Sometimes a common, simple deception can separate you from your money.

 

  • Protect yourself from fraud. Find out how fraudsters target their victims – and how you can protect yourself.
  • What we are doing to protect you. Learn what our vigilant Fraud and Security teams do every day to protect your most important assets.

 

When you know fraud, you are empowered to prevent it. Be vigilant, be proactive, be secure.

“I have a been a victim of fraud, what next?”

If you have suffered from fraud, report this to us immediately by contacting the CSC (Customer Service Centre). We also urge you to report this to the authorities, online at the following websites;

If you are in the UK – www.actionfraud.police.uk

For SA – www.safps.org.za

fraud contact numbers image

How do I report fraud on my account?

Urgent contact numbers
 
If you need to report a card that is lost or stolen or if you suspect fraud on your card or account, please call the following numbers:
 

SA: 0860 110 161
(outside of SA +27 011 286 9663)

UK: 0330 123 1966
(outside the UK +44 20 7597 4044)

 
Are you a UK Private bank client needing support?
Please see our Emergency Help page.

fraud images

Fraud / Scams

They are both the same thing.

 
  • Look for the basic warning signs –Interest rates too high, fast returns, cold calls.
  • If your instinct tells you that something is too good to be true, then it probably is.
  • If someone says they work for an organisation – Call the main switchboard on a number you have search for, not the number you have been given. Check that person really exists and try to speak to ‘them’.
 

OUR A-Z OF FRAUD >

What do I do if I’m suspicious of someone who has contacted me?

what to do fraud image

If you suspect someone is impersonating Investec when contacting you, here is what you should know. Investec will never ‘cold call’ you (a cold call is an unsolicited call you don’t expect or request). We know our clients and they know us.

If you suspect that you have been contacted by someone pretending to be from Investec, contact us – even if you are not a client.

  • Call the 24/7 global CSC (Customer Service Centre)
  • Forward the email as an attachment and/or send us the web address to [email protected]
 
While fraudsters may contact you by telephone, they may also use other methods like email, SMS or text, letter or direct you a website. If you have already transferred money to a fraudster, contact your bank immediately. The bank may not recover all of it, but if you move quickly, it will recover what it can. 
 
We maintain a list of companies and people who claim to be from Investec, but we need feedback from you to keep everyone informed.
 
Please review our Fraud Alerts
 
Investec will never request personal details or other sensitive information via email or ask you for your PIN. We will never request you to click on a link to access your account.
Fraudsters will often create fake websites or email addresses with similar sounding names to a bank or financial institution. By adding official-looking logos, banking registration details and company numbers, these well-crafted deceptions give the impression that everything is legitimate. Always call the head office switchboard to verify, if you are suspicious. Never use numbers supplied by the person that you are suspicious of.

Protect yourself from fraud

 

It’s important that you protect yourself from fraud. Here are some helpful tips about online banking, your computer, mobile phone and other devices.

Investec online image

Investec Online

Our online banking service is hosted on a secure 128-bit encrypted server. This means that any information you send us is encoded for your protection.

Protect your identity

Protect your identity

Your personal details are valuable. Don’t respond to unexpected requests for validation of your security or personal details, by phone, text or emails.
Protect your devices

Protect your devices

Ensure no one has unauthorised access to your computer. Use a password to access your own computer, restrict access to prevent programme installations.
Firewalls and antivirus

Firewalls and antivirus

Always install a personal firewall product and antivirus protection product for your devices.
Malware image

Malware

Malware is a term for various forms of malicious software. It is transmitted via email attachments and infected websites.
Emails image

Emails

‘Phishing’ is when fraudsters send thousands of emails in the hope that they will catch a victim. It just takes one to make it worthwhile.

Contact Us

If you suspect fraud on your account, contact the 24/7 global CSC (Customer Service Centre) immediately.

What we are doing to protect you

what we do to protect you image

At Investec, fraud and risk management is a fundamental part of our business, and looking after our clients’ online security is no different.

 

We combine expertise from the security, risk and fraud disciplines to protect our clients while delivering an exceptional client experience. We endeavour to adapt our security architecture to manage associated risks against the backdrop of an ever-evolving threat landscape.

Our security programme is broken up into three main components:

  • Fraud prevention

    Fraud

    The Investec Fraud team is responsible for protecting both Investec and its clients from becoming victims of fraud. 
     
    We have various layers of control including prevention and deterrence, detection and mitigation, repair and recovery, investigate and learn. We achieve this by using industry leading real-time fraud detection systems to detect potentially fraudulent payments.  
     
    Our experienced team maintain its knowledge by attending various industry forums and conferences, ensuring that our clients are made aware of fraud threats and educating clients on how to protect themselves from fraudsters.
  • Cybersecurity

    Cybersecurity

    We actively seek potential vulnerabilities within the Investec application and infrastructure architecture.
     
    Through constant research, our cybersecurity professionals are on the leading edge of changes in both the mindsets and practices of potential threats to the Investec process and technology landscape. 
     
    Using this knowledge, the Cybersecurity team plays an active role during the product development lifecycle, ensuring applications are secure by design.
     
    Furthermore, new threats identified through research are raised with the Information Security teams to put preventative measures in place and minimise potential cyber incidents.
  • Information security

    Information security

    Investec’s Information Security team is responsible for the systematic implementation and monitoring of technology. 
     
    We maintain a close relationship with our Fraud and Cybersecurity teams. Through various private engagements with security researchers and providers, Information Security ensures a best practice approach to mitigating risk. 
     
    By closely monitoring the security landscape, Information Security ensures incident readiness and threat visibility while proactively addressing known vulnerabilities to the organisation.Through combining fraud, cybersecurity and information security, a holistic approach to risk management is achieved, with a focus on prediction, detection, prevention and response. 
     
    There is no ‘one size fits all’ approach to security. Within each of these pillars, threats and threat actors are categorised according to likelihood, complexity and impact to the organisation. This ensures a tailored approach to individual risks that can be measured and refined for effectiveness.

Fraud prevention
Cybersecurity
Information security

Fraud

The Investec Fraud team is responsible for protecting both Investec and its clients from becoming victims of fraud. 
 
We have various layers of control including prevention and deterrence, detection and mitigation, repair and recovery, investigate and learn. We achieve this by using industry leading real-time fraud detection systems to detect potentially fraudulent payments.  
 
Our experienced team maintain its knowledge by attending various industry forums and conferences, ensuring that our clients are made aware of fraud threats and educating clients on how to protect themselves from fraudsters.

Cybersecurity

We actively seek potential vulnerabilities within the Investec application and infrastructure architecture.
 
Through constant research, our cybersecurity professionals are on the leading edge of changes in both the mindsets and practices of potential threats to the Investec process and technology landscape. 
 
Using this knowledge, the Cybersecurity team plays an active role during the product development lifecycle, ensuring applications are secure by design.
 
Furthermore, new threats identified through research are raised with the Information Security teams to put preventative measures in place and minimise potential cyber incidents.

Information security

Investec’s Information Security team is responsible for the systematic implementation and monitoring of technology. 
 
We maintain a close relationship with our Fraud and Cybersecurity teams. Through various private engagements with security researchers and providers, Information Security ensures a best practice approach to mitigating risk. 
 
By closely monitoring the security landscape, Information Security ensures incident readiness and threat visibility while proactively addressing known vulnerabilities to the organisation.Through combining fraud, cybersecurity and information security, a holistic approach to risk management is achieved, with a focus on prediction, detection, prevention and response. 
 
There is no ‘one size fits all’ approach to security. Within each of these pillars, threats and threat actors are categorised according to likelihood, complexity and impact to the organisation. This ensures a tailored approach to individual risks that can be measured and refined for effectiveness.

Protect yourself from fraud

Helpful tips about online banking, your computer, mobile phone and other
devices.
  • Investec Online

    Our online banking service is hosted on a secure 128-bit encrypted server. This means that any information you send us is encoded for your protection.
    • Your password protects your account from unauthorised access and no bank will ever ask you for it. Never email, write down or tell someone your security information or login details. 
    • The only time you will ever need to enter your Investec ID and password is when you log into Investec Online for your online banking at our website (Investec.com)

    Timed log out

    Investec Online logs you out if you don't use the service for 10 minutes. This gives you added protection if you forget to log yourself out.However, we recommend you always log out and end your session by using the ‘Log out’ button before closing the browser.

    Deactivation of your login details

    We'll automatically disable your access to Investec Online if three incorrect attempts are made to log in using your details. This is to stop fraudsters making repeated attempts to get into your accounts.

    • Register devices that you wish to access Investec Online from. This will help us detect when someone is trying to impersonate you on another device.
    • Only access Investec Online from your own devices, not from public computers, as your details could be recorded.
    • Please don’t leave a computer unattended while logged into Investec Online.
    • Never log into Investec Online via any emails with hyperlinks or shortcuts.
    • Never save any login IDs or passwords in your browser or on any of your devices. Disable, refuse or decline any onscreen prompt on your computer that asks if you wish the computer to remember your passwords.
    • We encourage you to create complex passwords that are difficult to guess and time consuming for hackers to crack. It should only be known by you and kept in a safe and secure place. Please avoid family or familiar names, numbers and places, such as birthdays, phone numbers – any information that can be found on social media or the internet.
    • Please check your monthly statements and balances carefully. Many fraudulent transactions are for regular small amounts that occur over several months, disguised as a subscription you forgot you had or did not cancel. Fraudsters would prefer to empty your bank account, if you have a large amount of cash spare. If not, they will gratefully accept monthly donations
  • Protect your identity

    • Your personal details are valuable. Don’t respond to unexpected requests for validation of your security or personal details, by phone, text or emails.
    • Limit the amount of personal details you share online (ie date/place of birth on social media sites etc)
    • Review what social media sites or Google and other search engines know about you – erase what you don’t wish to be known.
    • Create and use different passwords for each service provided by Investec and other financial service providers.
    • Protect your printed or physical information and destroy or shred unwanted personal documents, old paper statements, and credit and debit cards.
    • Never use complimentary computers in airport lounges and hotels to do your banking.
    • If you need to use Investec Online while travelling, use international roaming or buy a SIM card in the country you’re visiting. Remember, if you don’t have roaming on your phone, you won’t get SMS payment notifications and may not be aware of fraudulent transactions until you’re back home.

    Are you travelling?

    Before travelling, contact our 24/7/365 global Client Support Centre or let your banker know that you’re away. We will be able to monitor your profile for any suspicious or fraudulent activity.

     

    You can also enter your travel dates on Investec Online and the App before your travel.

  • Protect your devices

    Your computer

    • Ensure no one has unauthorised access to your computer.
    • Use a password to access your own computer, restrict access to prevent programme installations.
    • Destroy or delete anything containing login details or security information, even if Investec has sent it to you.

    Free Wi-Fi

    Please do not use free public Wi-Fi when trying to access your banking and online transactions.
    In fact, do not try to access any account that requires a user name and password – even social media, when using free Wi-Fi, because of ‘sniffing’. ‘Sniffing’ is the phrase used by fraudsters to capture data from your laptop or mobile phone. When you launch an app (especially those that have stored your user ID and password), your security details are re-sent every time you launch the app, sometimes in an unencrypted form. Then, when you view your email accounts or social media posts, your security details are captured and used by fraudsters, who begin creating a profile of you.
    Watch this video for more

     

    Registration of your devices

    • Always register your devices that require access to Investec Online. We will send you an alert if someone tries to register another device.
    • Please do not ignore that alert or simply accept the notice, as this is the beginning of someone attempting to take over your account.
    • We will also be alerted if you access the Investec Online from another machine, so please be aware and take time to register new devices and delete old ones.
  • Firewalls and antivirus

    Always Install a personal firewall product and antivirus protection product for your devices.The firewall sits between your computer and the internet and acts as a security guard, restricting what can enter and leave your computer. Hackers try to access or infect home computers by connecting to your computer while you’re surfing the internet. The best way to protect your computer from unauthorised connections from the internet is to install a personal firewall. There are several options on the market, some of which are free. 
    At first, the firewall may ask you what you want to allow in or out of your computer. However, it soon learns to make these decisions independently, based on the decisions you make early on. The most important point is never to allow anyone else to connect to your computer.

  • Malware

    Malware is a term for various forms of malicious software. It is transmitted via email attachments and infected websites. Here are the most common -
    • Key loggers – Programs that record all key strokes performed on an infected computer. This gives the attackers access to anything that may have been typed in such as account numbers, passwords and PINs. This is transmitted when you are online and the fraudsters can begin to take over peoples accounts.
    • Spyware – Software that tracks and stores a person’s movements on the internet, then provides pop-ups based on a person’s spending habits, to lure them to a fake websites in an attempt to trick them into entering their account details.
    • Ransomware – A nasty form of malware that encrypts all information on the infected computer and demands a ransom fee to be paid in order to unlock the data. This type of infection can result in significant data loss. 
    • Trojans – Running in the background and hiding from view, these program frequently open a ‘back door’ into a computer, allowing a fraudster to access information or take full control over the machine. This allows them intercept banking details and passwords as they are keyed in.
    • Counterfeit or ‘cracked’ software - Acquiring ‘cheap’ computer operating or business software may not prove to be cheap in the long run, as fraudsters like to offer this online, but secretly add their own ‘added value’ – such as trojans/malware which can read your security details and passwords. Purchase genuine software. Keep your internet browser and other software on your computer up to date with the latest security patches, to protect yourself and your money. 

    Mobile phone

    • Apps - Use only those ‘apps’ that are downloaded from official sites. Free apps from unofficial sources may have malware, the same as counterfeit or ‘cracked’ computer software.
    • Antivirus - Ensure you have antivirus installed, if your operating software allows it. Just like your laptop or main computer, keep the antivirus and software up to date. 
    • Jailbroken devices - Jailbreaking a mobile device is the process of removing the software restrictions embedded by the device manufacturer, which may include the security protection mechanisms. In order to keep your account information secure, you are not able to use the Investec mobile apps on a jailbroken device.
    • Passwords protection - Make sure you secure your mobile device by setting a passcode greater than a four-digit PIN or fingerprint scanning, if your device supports this functionality. 

    Lost your mobile phone?

    If you lose your device, call our 24/7global Client Support Centre to disable it, or disable the device yourself via Investec Online. Once disabled, it can no longer be used to access our online services.

  • Emails

    Fake email messages or phishing

    ‘Phishing’ is when fraudsters send thousands of emails in the hope that they will catch a victim. It just takes one to make it worthwhile. The email may look real, but there are always small clues to warn you.
    • What is the full email address used – does it look odd?
    • How are you greeted? Dear Customer / Your name / Nothing?
    • Does it ask you to log in from a link on the email?
    • Does it say there are security issues?
    • Does it advise you that it is urgent and immediate?

    Always take time to read an unexpected email. Fraudsters are counting on you being far too busy or worried so you don’t think clearly and will do what they request.

    Spoofing and hacking emails

    A ‘spoof’ email is where a fraudster will send you a Phishing email, but it is from a name you may know.  Well-known global corporates email formats are copied and fraudsters trick you into believing your package or order needs your attention by clicking on a link, to obtain your security details.
    Recently this has developed into sending specific emails (also called ‘spear phishing’). This might relate to a real estate sale or purchase or hospital expense, claiming to be from a lawyer and requiring your payment, to the attached bank details.
    Fraudsters obtain details through various means and can create a spoof mail that looks legitimate and you are expecting it, making it even easier for them to persuade you to make the payment.
     

    Hacking

    Fraudsters have obtained access to your email account and are able to read and create emails in your name. This means they can mail your friends and contacts, as well as knowing what financial deals you may have underway and create that ‘spoof’ email to encourage you to make a payment. Please change your password if you see or receive any unusual activity.
     

    Don't unsubscribe on emails from random advertisers

    To check if your email is valid, fraudsters send a spoof/spam email with shopping, sports or holiday offers. If you click to unsubscribe, they will then have a valid email address and can target you as they try to obtain more information about you.
     

    Review your sent and deleted items folder

    Take time to check your sent and delted items folder on your computer. Are there messages you have not sent?  Your computer may have a virus or your email account may have been hacked or compromised. 
    Don’t store confidential information in your  emails folders. Store personal documents and emails on your computer in a secure folder on your computer.  You can also securely store documents in My Briefcase on Investec Online. 
     

    Attachments or links

    Avoid clicking on any links or opening attachments included in unexpected emails, texts or social media messages. These may be disguised as a tax refund, parcel delivery, invoices to get you to click on them.