Types of scams to avoid
New types of scams continue to emerge in which fraudsters lure you into providing confidential info – often via email, SMS, phone call, malware or remote access. Anyone can be a target.
Ultimately, it’s up to you to stay informed about scams and think twice before sharing your personal details online or over the phone.
Don’t wait until it’s too late. Report Fraud now.
It could be a scam if…
- What you are offered or promised sounds too good to be true
- The offer takes you by surprise, or the prize relates to a competition you never entered
- You’re given limited time to confirm your details or win the prize, catching you off guard
- You receive the information via a free email address (like Hotmail, Aim, Yahoo or Gmail)
- You are promised large sums of money for very little or no effort on your part
- You’re asked to provide money upfront, for whatever reason, to receive the money or prize
- You’re asked to confirm personal or account details via a hyperlink, icon or attachment in an email or over the phone
In a Stokvel scam, fraudsters advertise the club/scheme on social media platforms. They will entice others to join by having other people, who are part of the scam, show interest and praise the club.
How it works
- The invite to join the Stokvel club will be on social media platforms.
- They may use a profile with a high number of followers.
- They may be disguised as a savings club or holiday club.
- Part of the scammers will share false reviews on their experience. The false claims make use of words like "approved", "credited" and "registered".
- Once interest is shown, the communication will move from the public platform to a more private platform such as WhatsApp or Facebook Messenger.
- Once the intended party is recruited, the scammers will share an account number in which the monthly repayments are to be made to.
- For as long as you make the deposits, they will keep the scam running and ask you to recruit other members.
How to identify it
- Unsolicited invites to join the stokvel.
- No club constitution.
- No personal contact or face to face meeting with members.
- No access or sharing of financial statements.
What you can do
- Only join or form a stokvel with people you know and trust.
- Ignore aggressive, unsolicited invitations to join.
- Resist the temptation to join because some of your friends and family have joined.
- Conduct research on the stokvel.
Vishing has evolved from fraudsters impersonating the bank calling customers to request OTPs (one-time PINs). Fraudsters are now also instructing customers to conduct transactions such as Instant Money and Electronic Financial Transfers (EFT).
How it works
- You receive a phone call from someone who says they’re from your bank.
- You’re advised that the security of your account or funds are under threat.
- You’re instructed to conduct an Instant Money for authentication, reversal of debit orders or unauthorised transactions.
- The Instant Money may be to your own number or an alternative number which may reflect as Standard Bank on caller identification apps.
- You could also be instructed to transfer funds to a “secure account”.
- You’re then provided with an alternative account number to transfer funds into, claiming that it is for safekeeping.
- You oblige, executing instructions and paying funds over to fraudsters.
How to identify it
- There’s a sense of urgency in the phone call, giving you no time to think clearly.
- You are told they’re from the fraud department and have detected fraud on your account.
- You’re instructed to conduct an Instant Money for authentication, reversal of debit orders or unauthorised transactions.
- You could also be instructed to transfer funds to another bank or a Standard Bank account which will be deemed as a “secure account”.
- You may be provided with a telephone number to call back which may reflect as a Standard Bank number on a caller identification app.
Vishing is when fraudsters impersonate the bank and call customers to request OTPs (one-time PINs). The fraudsters will create a sense of urgency asking for OTPs and information to immediately stop fraud on your bank account, meanwhile they are using the OTPs to commit fraud. Know that the bank will never ask for your digital banking credentials, password, PIN, or one-time PIN (OTP) over the phone.
How it works
- You receive a phone call from someone who says they’re from your bank or pretend to be from UCount and ask for your card details including your OTP to transfer “rewards’ to your credit card
- You’re asked to update or verify your details
- You oblige, providing everything required to access your bank account
- In some cases, you receive an unverified SMS saying that the bank will soon be in touch to update or confirm your details, and then you receive the call
How to identify it
- There’s a sense of urgency in the phone call, giving you no time to think clearly
- You are told they’re from the fraud department, that funds have been fraudulently taken from your account, and you need to confirm your details so the funds can be returned to your account
- You’re asked to update or confirm your bank account number, PIN or password over the phone
- You’re asked to confirm an OTP for defrauded funds to be returned to your account
- You’re asked to call them back to confirm that you’re speaking to someone who’s genuinely from the bank (the call will be intercepted from the bank’s call centre to the fraudster)
Phishing is when fraudsters send you unsolicited emails in which they claim to be from a reliable organisation, like a bank or an email service provider.
How it works
- You receive an email request to update or confirm your details by clicking on a link or an icon, or to open an attachment
- This results in malware (malicious software) being deployed on your device
- It can also compromise your personal or digital banking credentials
How to identify it
- There’s usually a sense of urgency in the email, followed by a threat (like the suspension of your bank account)
- You need to respond quickly, not giving you time to think things through or ask someone for advice
- The email says you have been a victim of fraud, or due to receive funds, and you need to sign into your accounts by clicking on a the link to report the incident and cancel your bank card, or give permission to accept the sum of money
- You’re asked to supply your personal and account details via a hyperlink, attachment or icon, provided in the email
What you can do
If you receive a suspicious email containing links, report it as follows:
- Save the suspicious email. Be careful not to click on any link or icon in the suspicious email when you do this.
- Open your own new email.
- Add the suspicious email as an attachment to your new email.
- Send your email with the suspicious email attached to it to [email protected]
Smishing is when a fraudster sends you an SMS pretending to be a legitimate organisation (like Standard Bank) and tricks you into clicking on a link to share sensitive information which is used to access your digital banking profile to commit fraud.
- Don't store your credit card or banking information on your smartphone in case malware gets installed on your phone
- Regard urgent security alerts, offers or deals as warning signs of a hacking attempt
How it works
- You receive an SMS supposedly from a recognised organisation, like a bank, asking you to contact a toll-free number
- When you call the number, a fake automated voice-response system prompts you to provide sensitive details like your account number, password or PIN
- The fraudsters then have access to your details and can use them as they wish
- Nowadays, people use their smartphones for everything, including Internet Banking, so there is a lot of sensitive information at risk if the phone is exposed to fraudulent activities
- You may be less likely to scrutinise and deliberate SMSs with suspicious links. Clicking on these suspicious links may install malware onto your phone, or could take you to a spoof website where you will be asked to enter personal or confidential information
How to identify it
- You are asked to update or confirm your personal details, like your bank account number, PIN or password over the phone
- There’s a sense of urgency, followed by a threat: if you don’t update or confirm your details now, your account will be suspended
- This doesn’t give you much time to think clearly
- The SMS asks you to call a toll-free number
- Remember, your bank will never ask for your account details, password, PIN or OTP over the phone
What you can do
- Do not click on links or icons in unsolicited SMSs
- Do not reply to these SMSs. Delete them immediately
- Do not believe the content of unsolicited SMSs blindly. If you are worried about the content of the suspicious SMS, contact the bank immediately on 0800 222 050.
- Check that you are on the authentic/real site before entering any personal information
- If you think that your device might have been compromised, contact your bank immediately
- Create complicated passwords that are not easy to decipher and change them often
- Don't store your credit card or banking information on your smartphone in case malware gets installed on your phone
- Regard urgent security alerts, offers or deals as warning signs of a hacking attempt
Report a suspicious SMS as follows:
- Take a screenshot of the suspicious SMS on your cellphone. When you take a screenshot, include the cellphone number the SMS came from
- Open a new email
- Add the screenshot of the suspicious SMS as an attachment to your email
- Send your email with the screenshot of the suspicious SMS attached to it to [email protected]
This is when you’re tricked into allowing ‘Remote Access Control’ software to be downloaded onto your computer. Fraudsters use this software to take control of your computer remotely, adjusting your settings to leave the computer vulnerable to online banking fraud.
How it works
- Someone claiming to work in the bank’s security centre phones you, offering to help you with computer software upgrades
- In some cases, the fraudsters say they’re helping to stop or reverse fraudulent payments from your account and ask you to download and install remote access software
- You download the software, and the fraudster talks you through the installation process
- Once the software is installed, you’re asked to sign in to your Internet Banking profile and make a payment for the software
- Once you’re signed in, your computer goes blank
- You start receiving OTPs to confirm transactions you didn’t make
- The fraudster then reassures you that the OTP is required to complete the software installation, and asks you to forward the OTPs so they can complete the process
- The fraudster uses your OTPs to process the fraudulent transactions
How to identify it
- There’s a sense of urgency in the phone call, followed by a threat: your PC or laptop will be infected with a virus or malware if you don’t download the recommended software immediately, giving you no time to think about it or ask anyone for advice
- You’re asked to download ‘protective’ software and sign in to your Internet Banking profile to pay for the download which requires you to capture sensitive information, such as Internet Banking usernames and passwords
A spoofed website claims to be the legitimate website of a particular organisation and is set up to mimic the original website.
How it works
- Spoofed websites usually carry a similar or identical logo to the organisation they are mimicking
- Typically, spoofed websites aim to associate a scam with a reputable institution and are set up to validate other scams such as the 419 or phishing scam
How to identify it
- You are asked to click on a hyperlink, attachment or icon provided in an email you are sent directing you to the spoofed website, rather than typing in the URL directly into the browser
- You are required to disclose personal details or account information on the website you were directed to via the email you receive
- The spoofed website, accessed via the given hyperlink in the email, does not have one of Standard Bank’s official website addresses or URLs that you usually use to access information or use to access online banking
What you can do
- If you receive a suspicious email containing links, please forward it to [email protected] for shutdown
This is when fraudsters gain unauthorised access to your email address, then send emails to your friends, family, and business partners to defraud them in your name.
How it works
- Fraudsters hack your email address through malware viruses
- They access your emails and contact list
- Emails are sent to your friends, family member or business partners
- Posing as you, they ask your family or friends for money
- They email your business partners with a banking details update, and ask for payments to be made to the new account
How to identify it
- When you start noticing emails are missing
- When you’re not receiving emails
- When you start to receive unexpected emails
- If your password has changed without you being aware
- Having unknown emails under your sent items
In a keylogger scam, software is used to record every keystroke entered on your computer, allowing fraudsters to use your personal information to defraud you.
How it works
- Once a keylogger scam is in place, fraudsters can access the keystroke details via a file on your computer, or have the details sent to them anonymously via email
- The keylogger records whatever you type on your computer, including passwords, PINs and usernames
- Fraudsters often target internet cafés, owing to the convenience of the computer terminals and anonymity attached to them
- They often steal your private login details for Internet Banking, Facebook and email account profiles
How to identify it
- Keyloggers can be hidden in an unfamiliar email attachments or hyperlinks, installed via a memory stick, or installed via rogue apps or malicious websites
- Be wary when other untrusted individuals use your computer, for whatever reason
- Always be alert to computer hardware or software changes
- Be cautious when using internet cafés
- Never disclose any confidential information on a public, unfamiliar computer
- Don’t open any emails, attachments or hyperlinks from unknown sources
A fraudster can access your personal and banking information on your stolen mobile phone, which is why it is critical that you de-link the stolen device from your digital profile immediately or contact the bank to report the device as stolen.
Take action by following our easy steps: How to de-link my stolen device.
In a SIM swap scam, fraudsters perform a SIM swap without your knowledge, allowing them to intercept your phone calls and SMSs.
How it works
- Typically, the SIM swap takes place after fraudsters have received your Internet Banking sign in details following your response to a phishing email or a vishing call
- Once fraudsters have access to your cellphone number and personal details, they can pose as you and request a new SIM card from your network service provider
- This gives them access to your phone calls, SMSs, OTPs and other notifications they can use to defraud you
How to identify it
- You are suddenly no longer receiving calls or messages on your cellphone
- You don’t receive the OTP you requested, even when trying a second time
- Your cellphone suddenly has no signal in a regular network area
A twin SIM scam is a relatively new and sophisticated form of fraud. Fraudsters duplicate your cellphone number onto another SIM card, allowing them to divert certain phone calls and SMSs.
How it works
- Fraudsters take control of your primary cellphone number by switching off the network coverage, diverting your phone calls and SMSs to the secondary ‘twin call’ cellphone number
- This gives them access to your OTP SMSs and any other notifications they can use to defraud you
How to identify it
- You are suddenly no longer receiving calls or messages on your cellphone
- You don’t receive the OTP you requested, even when trying a second time
- Your cellphone suddenly has no signal in a regular network area
What you can do
- If you suspect that you have been a victim of the twin SIM scam, contact your service provider and the bank immediately on 0800 020 600
A number porting scam is where fraudsters transfer your cellphone number from your current network service provider to another without you knowing.
How it works
- Number porting often happens after fraudsters have received your Internet Banking sign in details through a vishing call or phishing email
- During porting, some network service providers may send you an SMS confirming that your number has been transferred to another service provider
- If you ignore the SMS, the fraudster can complete the porting and gain access to your phone calls, SMSs, OTPs and other notifications they can use to defraud you
How to identify it
- You are suddenly no longer receiving calls or messages on your cellphone
- You don’t receive the OTP you requested, even when trying a second time
- Your cellphone suddenly has no signal in a regular network area
What you can do
- If you suspect that you have been a victim of the number porting scam, contact your service provider and the bank immediately on 0800 020 600
The deposit and refund scam attempts to steal goods or services from your business without making the necessary payments.
How it works
- Fraudsters order goods or services from your business, supposedly making the payment into your account
- This is done mostly by means of an EFT payment where they pay you an amount that’s less but amend the proof of payment for the amount due
- A fake proof of payment is sent to you, and your business delivers the goods without checking if the correct payment is reflecting in your bank account
- Later on, you learn that the payment is for the incorrect amount
- In other cases, fraudsters may cancel the order and request an urgent refund
- Or, they claim to have ‘mistakenly’ deposited funds into your account via EFT
- The caller sends you proof of payment and asks for an immediate refund
How to identify it
- You are asked to refund someone urgently after cancelling an order, or the payment is made in ‘error’
- You’re asked for an urgent refund before you can verify with the bank that the payment was made into your account and is valid
- You don’t know the person requesting the refund
- You’re unable to reach the person by phone to confirm the request
What you can do
- Make use of our Escrow service to reduce the risk of fraud when selling products or services.
This scam happens when an individual/company receives an email notification that one of their suppliers’ banking details have changed. The supplier has been impersonated by a fraudster and the email notification is coming from the fraudster with the intention that the individual/company will change the known suppliers’ banking details. Payments are then made to the fraudster’s account instead of the suppliers.
How it works
- You receive an email, letter or fax supposedly from a recognised supplier
- You are informed of a change in bank account details and asked to update your records accordingly
- However, these ‘new’ bank account details are false
- Your monthly payment is then paid to the scammer instead of your supplier
How to identify it
- The request doesn’t come from your usual ‘contact’ or point of contact at the supplier
- The request for change of bank details wasn’t made via official correspondence or using the contact details that you have in your database
- In some instances, fraudsters may spoof the email address of the supplier or falsify the email address to look like that of the supplier
- If you ever receive such a request, confirm it with a contact you trust before changing any bank account details
How to identify it
- Alert your stuff, clients and suppliers to this type of fraud
A dating and romance scam typically plays on your emotional and compassionate side in an attempt to steal funds.
How it works
- Fraudsters create fake profiles on legitimate dating websites or social media platforms to meet new people and, in time, lure them into their con
- They invite you to be their friend or talk to them online
- They are experts at sharing fake personal information to build trust and create a relationship with you
- Once you’re friends, they ask you to send them money to help them out of a personal crisis, or pay for their travel expenses to visit you
- Once you’ve sent them money, you’ll likely never hear from them again
How to identify it
- You receive a friend notification or invite from someone you don’t recognise
- You have only spoken to the person online via social media or a dating website
- They ask you for an upfront payment or to disclose sensitive details
- You notice an inconsistency in the communication that’s sent to you
- They have an out-of-the-ordinary job – they work in the army or air force – and need you to help them financially
What you can do
- Watch out for emails where content has been pasted into the email, the fonts and font sizes always vary, or where the emails are not personally addressed to you i.e. “Hi beautiful”. Scammers often target several victims at the same time and make use of the same content in their emails to all victims
- Never send money to anyone that you are communicating with over the internet
- Look out for inconsistencies in the communication that is sent to you. Syndicates often have several people manning their online dating sites so you could possibly be chatting to two or three different people
- Be wary of people who keep promising to meet you but then always cancel at the last minute
- Don’t give someone money to come and visit you
- Should you arrange a meeting with someone you have met online, ensure that you meet in a public area and possibly with friends
- Be careful how much personal information you share on social networking sites. Scammers can use this information to target you with a scam
- Should you suspect that you are being targeted by a scammer, stop all communications immediately and report it to the online dating service
This type of scam aims to exploit potential holidaymakers by falsely advertising ideal holiday packages, accommodation, or timeshare on the internet through seemingly legitimate classified ads or websites.
How it works
- You come across a website or you’re sent an email promoting an incredible holiday package
- The deal is only running for a couple hours, so before time runs out, you quickly pay for the package through the website, which you believe to be genuine, using your credit card details
- The purchase goes through, but you never receive the package you paid for
- The website and the deal were fake
- The fraudsters now have access to your funds and your bank account details
How to identify it
- If the holiday package sounds too good to be true, it most probably is
- You come across the deal on a website you don’t recognise or you are sent the promotion via an unsolicited email
- The URL begins with ‘http’ and not ‘https’
- There is a sense of urgency with the holiday deal: you only have 5 hours left before the deal closes, or there are only two packages left
- This doesn’t give you much time to think about what you’re doing or ask for advice
- You are encouraged to disclose personal details quickly online
- In the email you receive, you are required to click on the hyperlink, attachment or icon to view and pay for the holiday package
- You’re unable to contact a reputable agency to confirm the holiday package
- The contact details include foreign phone numbers, or the owner or property manager isn’t responding to emails
What you can do
- If you receive a suspicious email containing links, please forward it to [email protected] for shutdown
This is when fraudsters infiltrate online platforms for buying and selling goods. You’re asked to pay upfront for whatever it is you want to buy on the site. You pay the seller, but they don’t deliver the goods.
How it works
- Fraudsters advertise goods on popular websites
- You contact the seller to buy the goods
- Once you have agreed on the price and how the goods will be delivered, you’re asked to pay in advance
- You will be given an account number to deposit funds, or you’ll be asked to send money to their digital wallet
- Once they have your money, they don’t deliver the goods and block your phone calls
How to identify it
- You’re asked to make payment upfront for goods you haven’t seen yet
- The seller doesn’t want you to view the goods but puts you under pressure to make the payment
- The seller says the goods are in another province and will be delivered to you once you’ve paid
What you can do
- Make use of our Escrow service to reduce the risk of fraud when buying products or services online.
A 419 scam, or advance fee scam, is a form of upfront payment or money transfer scam. While the details of a 419 scam can vary, large sums of money are usually involved.
How it works
- You receive an email, fax or letter promising you large amounts of money (via an inheritance or lottery winning)
- To gain access to the funds, you are asked to pay an upfront fee
- Various reasons are given for the upfront fee, including exchange control or customs duty fees and bank charges
- You may be given login details for a false website that looks like your bank’s website, and reflects your inflated bank balance
- Once you’ve made the advance payment, you won’t hear from the fraudsters again
- Of course, the promised transaction never takes place
How to identify it
- Out of nowhere, you receive an unbelievable promise of large sums of money (usually millions of dollars or pounds) for little or no effort on your part
- You have no idea where this proposed money is coming from
- You are asked to provide money upfront as a processing or admin fee to access the funds
- There’s usually a sense of urgency, followed by an emotional bribe (someone has passed away or is suffering from an illness), prompting you to respond quickly
- This doesn’t give you much time to think about what you’re doing
- You don’t know the people who have sent the communication, although they usually claim to be in a position of authority from a trusted organisation
- You’re required to supply your personal and account details via a hyperlink, attachment or icon provided in the email
Money Mule or Mule Accounts is when criminals approach bank customers with requests to have funds paid into their accounts and often offer them a reward to use the account.
The money that is paid into the account is often the proceeds of another crime. The account holder can be charged with money laundering, even if it was unknown at the time that the money was proceeds of crime.
How to identify it:
- Someone approaches you to use your account to receive monies for the sale of a vehicle/items to which you have no connection, with the promise of a reward or small payment.
- You are approached to open up an account for an individual who does not have the legitimate documentation to open an account at a bank.
The consequences:
Allowing proceeds of crime to be laundered through your bank account, knowingly or unknowingly, is a criminal offence. Bank clients can be charged and convicted for money laundering and even receive a prison sentence.
What you can do:
- Do not open a bank account in your name on behalf of another person, irrespective of the circumstances.
- Do not allow your account to be used by another person to deposit or transact with, even if the person is known to you.
- If you suspect that the money you are being paid with is the proceeds of crime, immediately report this matter to the police.
- If you need further assistance, call our 24-hour fraud line on 0800 020 600.
There are several investment scams that you may be exposed to. The most common scams include:
- Pyramid schemes and Ponzi schemes
- Pump-and-dump
- Property scam
1. Pyramid schemes and Ponzi schemes
A pyramid scheme is a business model whereby you need to recruit other members into the business to receive payments or services. This type of investment promises big returns in a very short time.
In truth, the money that you receive for recruiting new members get paid as “dividends”, and it seems as though your money has grown; however, the business simply took someone else’s money and gave it to you.
How to identify it:
- A fee or initial investment is required to join the scheme.
- The scheme operator promises high returns over a short period.
- You’re asked to recruit more investors to get more rewards.
- Participants are sometimes taught how to avoid detection methods.
- These schemes are often disguised as stokvels and may even use virtual currencies like Bitcoin.
- You get incentivised according to your investment and categorised into a tier. For example, silver, gold and platinum membership.
- Investors complain (usually on social media) that returns have dried up. The scheme operator typically shifts blame to the banks and promises that payments are imminent.
- There is general secrecy e.g. you don’t know where the funds will be invested or in what. • You are requested to invest your pension fund or savings/capital.
- These schemes operate on trust – and an invitation to invest often come from someone that you know.
- User groups mainly use WhatsApp to communicate due to the belief that the app offers end-to-end encryption and, therefore, anonymity.
A Ponzi scheme is similar to a pyramid scheme; however, you don’t need to recruit new members. The person who sets up the business is responsible for recruiting new investors, who will bring money into the business as they join. When you are paid your return, you are being paid the money that the investors brought in, rather than profits from legitimate business activity. The business will close when there are not enough new members to keep paying the older members.
How to identify it:
- The scheme operator promises high returns within a short period.
- In some cases, the scheme operator will use fake qualifications or references to entice investors.
- High returns are paid initially so that investors are lured into investing more money.
- The scheme operator often promises guaranteed returns.
- The actual business model is usually secretive.
- The scheme operator becomes unavailable and returns dry up. Usually, the scheme collapses soon thereafter.
2. Pump-and-dump
When a person purchases shares in a relatively unknown business at a low price, they spread fake news and information about the business to inflate the business’s value and make it look like an attractive investment opportunity. The investors will then buy these shares at a higher price as they believe they are buying shares from a good business. Once all these shares are bought, the person who started the scam, runs away with everyone’s money, and the investors are left with shares of no real value.
3. Property scam
A property scam is when someone tries to purchase a property that is not for sale or pretends that there is a property for sale when there isn’t. The scammer will then charge legal or admin fees to buyers and then runs off with the money.
How to identify it:
- The “seller” of the property will not show you the property
- The “seller” of the property pushes you to make fast decisions
- The “seller” of the property requests that you pay certain fees before the sale can continue
- The “buyer” offers you a very high price or the exact asking price for the property
What you can do:
If you are the victim of a scam you can report it to:
- The South African Reserve Bank
- The South African Financial Intelligence Centre
- The Financial Sector Conduct Authority
Fraudsters call customers and pretend to be from the bank to advise them that there’s fraud on their account. The customer is then requested to send an Instant Money voucher to themselves to stop the fraud. Upon receipt of the Instant Money voucher, the customer is asked to read back the voucher details and PIN to validate the transaction and confirm that it is successful.
How to identify it:
- Fraudsters will call and pretend to be from the bank to assist with how to send Instant Money.
- The call will have a sense of urgency to coach customers on how to reverse debit orders using the Instant Money option.
- They will ask you to share your OTP (One-Time PIN) as part of an authentication process. No bank will ever ask you to do this.
What you can do:
- We will never ask you to send an Instant Money voucher to yourself.
- We will never ask that you send vouchers to yourself for authentication.
- We will never ask you to share your OTP with anyone.
- Protect your personal information and don’t share it with anyone.
Fraudsters are sending phishing emails in an attempt to lure you into sharing your banking details. Beware of fake eStatements or bank notifications that require you to take an action like a click-through or attachment to download.
How to tell the difference between a fake Standard bank email from a real one:
- We will never greet you by your email address. We always use your name.
- We will never ask you to confirm personal or financial information in an email.
- Always verify emails telling you about suspicious account activity by calling your bank.
- Scam emails often look odd, with a messy layout and spelling mistakes.
- We will never ask you to enter your email address and Internet Banking password to open a statement; eStatements only require you to enter your ID number.
- We will never link you directly to our Internet Banking sign-in page or any other page that asks for your security or personal details via a link or attachment.
- We will never email you links requesting your bank sign-in details, such as CVV, OTP or ATM PIN.
How to protect yourself from this type of fraud:
- Ensure that you use anti-virus software to protect your PC, laptop and mobile devices.
- Hover over links to check the senders’ identity but do not click.
- Look for strange links with numbers, hyphens, misspellings or sub-directories.
- Search for the sender details and verify that they are legitimate.
- Beware of unexpected emails - Be cautious of opening any emails that you weren’t expecting (even if you think you recognise the sender), and don’t open any links or HTML attachments.
What you can do:
- Even if you’re unsure, you can send any suspicious e-mails to [email protected]
- If you are worried that you’ve clicked on any of the links or attachments on a phishing email, contact our Fraud Line immediately on 0800 222 050
- Delete these emails from your mailbox as soon as possible
View phishing sample emails to learn more.
In this scam, fraudsters intercept client communication i.e. with their lawyers or a similar trusted entity (usually in conveyancing and property transactions). The scam exists to trick recipients into making payments into the wrong bank account.
How it works:
- The scammers intercept email communications from attorneys or similar service providers.
- They then copy the letterhead and format of this company and fabricate the email address so that it looks familiar to clients.
- The fraudulent email will inform clients of a change of banking details and instruct them to make future (or immediate) payments into this new account.
- This scam has led to great frustration and strained business relationships.
How to identify it:
- Watch out for uncommon or new elements in your regular business email communications, such as missing letterheads, signatures, etc.
- Always compare the email address that you have received the information from with previous communications.
- Confirm banking details telephonically (and be sure to phone the number you know, not the one on the email).
- Legal firms should inform their clients of this scam and assure them that business banking details will not change.
- Legal firms must also be on the lookout for strange or uncommon activity on their email servers, including large quantities of mails in their sent items, complaints about spam from their company and high bounce rates on outgoing mail.
Tax season usually means that phishing scams increase and then banks are being impersonated by fraudsters, advising customers to click on a link to download their IT3(b) Certificates for tax purposes.
How to identify it:
- Check if the subject header and closing are aligned with the paragraph text.
- All Standard Bank communication is personalised and will include your name.
- Check for punctuation at the end of sentences.
- Fraudsters will ask you to click on a malicious link.
- Note the fake email address when you hover over the “link” or “click here”.
- They will ask you to share your OTP. No bank will ever ask you to do this.
- The message uses outdated branding with incorrect positioning.
What you can do:
- Remember, we will never send your income tax certificate via a link in an email.
- We will never ask you to download your tax certificate, transfer UCount Rewards or share your OTP via an email link, SMS or phone.
- If you receive an email claiming to be from Standard Bank with an attachment or link for your income tax certificate, do not click on the link or open the attachment and delete the email immediately.
- Hover over the link to confirm the email address or website is legitimate (check that the website is https and not http), if it is not from a website or email address that you know, delete the email immediately.
- If you receive a suspicious email containing links, please forward it to [email protected] for shutdown
- If you need further assistance, call our 24-hour fraud line on 0800 020 600.
Our UCount Rewards programme has become a target of phishing attacks.
In this scam, you might receive an email claiming to be from UCount and stating that your rewards are now ready to be redeemed. You are then requested to "click here" to redeem or validate your points.
How to identify it:
- Check the style and format of the fake email and compare it to an original UCount email.
- Check for alignment of all the banners, errors within the banner and overall alignment of the paragraphs.
- Check for errors like “And” with a capital letter in the middle of two words.
- When you hover over “click here”, the URL address is not linked to UCount.
- The overall look and feel of the fake email are not aligned to the UCount Rewards look and feel.
- Note: UCount does not make reference to cashback.
What you can do:
- UCount will never email you links to redeem your rewards.
- UCount will never request your bank sign-in details, including CVV, OTP or ATM PIN.
- Please do not provide this information to anyone via email, SMS or telephonically.
- If you receive an email claiming to be from UCount with an attachment or link to redeem your rewards, do not click on the link or open the attachment.
- Hover over the link to confirm the email address or website is legitimate (check that the website is https and not http). If it is not from a website or email address that you know, delete the email immediately.
- If you receive a suspicious email containing links, please forward it to [email protected] for shutdown
- If you’re unsure of how to check your balance, refer to the Standard Bank App or check on your Internet Banking profile.
- If you need further assistance, call our 24-hour fraud line on 0800 020 600.
Your cellphone stores far more information than you may be aware of. A fraudster can access your personal and banking information on your stolen cellphone, which is why it is critical that you de-link the stolen device from your digital profile.
Contact your service provider and the bank immediately on 0800 020 600 to report the device as stolen.
It is critical to remember the following:
- Your phone is like a bank card - you need to keep it safe
- Immediately de-link your stolen device from your digital banking profile or contact us on 0800 222 050 (South Africa) or +27 10 249 0015 (International)
- Never save passwords on your devices
- Always be vigilant when using your phone in public
How to block your device on the Banking App when your phone gets stolen:
- Sign into your Banking App on an alternative device.
- Tap on “More”.
- Select “Settings”.
- Scroll down to “Devices”, then tap on “Unlink” next to the stolen device name to de-link the Banking App from your stolen phone.
How to de-link your Internet Banking profile when your phone gets stolen:
- Sign into your Internet Banking profile on an alternative device.
- Go to your homepage and select “More”.
- Select “Settings”.
- Scroll down to the “Devices”. The device you’re currently using and which your app is linked to will be highlighted in bold. Select “Unlink” to remove the app from the device.
- Click on “Unlink” to continue or “Back” to exit.
What strong authenticators can I set up on my Banking App?
Ensure your sign-in credentials on your Standard Bank App are at maximum security by setting up one of the following strong authenticators:
- Digit app code
- Your fingerprint
- Face-ID to sign into your Banking App when using a smartphone
- Biometric
How do I activate strong authenticators on my Banking App?
- Sign into your Banking App
- Tap “More” and then click on “Settings”
- Select “Sign-in preferences”
- Add your preferred sign-in method
Ensure your device has the latest operating system software and note the following:
- We will never contact you by phone, email or SMS to request your bank account details, PIN or OTP
- This information is confidential – never share it with anyone
- Register for free for MyUpdates to receive real-time SMS or email alerts on transactions on your account
- If you detect suspicious activity, call our Fraud Line on 0800 020 600
CNP fraud can happen without the card or cardholder being present. Fraudsters can memorise or copy your card number, expiry date.
You should:
- Stay alert when using your cards and making payments
- Don’t let your card out of your sight when making payments
- Check that you’ve received your own card back after every purchase
- Sign your card on the signature panel as soon as you receive it
- Review your account details and transactions on a regular basis
- Register for MyUpdates
Fraudsters can duplicate your card by ‘skimming’ or copying your card details with a device they place in an ATM and POS card slot.
To get your PIN, they’ll either set up a hidden camera, or watch you type it in. While you can’t prevent your card being skimmed, you can prevent fraudsters from learning your PIN.
You should:
- Always cover the ATM keypad when entering your PIN
- Always be careful and alert when using an ATM
- If, for any reason, you become suspicious, cancel the transaction and remove your card. Never let your card out of sight when making a payment
Fraudsters offer assistance at ATMs to distract you to see your PIN and then either swop your card (you get another card thinking it is yours) or your card gets ‘swallowed’ by the ATM via a trapping device that the fraudster has inserted in the ATM.
You should:
- Never accept help from strangers at an ATM
- If someone interrupts you, cancel the transaction, remove your card and leave immediately
- Always check that the card you receive is your card
- Stop your card at the ATM immediately if you think it has been compromised