Security Awareness Centre
Welcome to Stanbic Bank’s Security and Safety Centre. Be prepared, stay alert and have peace of mind when using our internet banking portal, mobile app or cellphone banking system and remember to always report any suspicious banking and transaction activities to us immediately.
How to protect yourself
- Always be alert: scammers are well known for luring their victims into believing they are from recognised institutions, such as Stanbic Bank. Do not share any personal information or account details via email or telephonically
- Do not click on attachments, hyperlinks or icons in unsolicited emails: Even if they appear to be from Stanbic Bank. Delete the email immediately and visit your nearest branch, or call us directly to verify the email and information that you have received.
- Never share personal or confidential details: Do not disclose any personal or account details via email or telephonically, regardless of the information they might have on you.
- Keep an eye out for spoofed websites: Remember to always type the URL yourself in the internet browser to access the webpage, rather than clicking given hyperlinks.
- Report suspected fraud: if you think you have received a scam, or been victim to a scam, it is best to stop all forms of communication and report the incident immediately.
Here are a few more ways to keep your banking details protected:
- Create a strong password
- Change your password regularly
- Protect your password
- Don’t use the same PIN twice
- Change your PIN regularly
- Sign up for our payment notifications:MyUpdates
- Email statements-Have your bank statements emailed to you.
What are scams
A scam is any fraudulent business or deceitful scheme performed by a dishonest individual, group or company attempting to take money or something of value from an innocent, and often unsuspecting, individual. Since the rise of the internet, new forms of online scams have emerged, and fraudulent behaviour has since increased. Ultimately, it is up to us to stay informed about common scamming activities and be aware and cautious when active and using confidential information online.
What does a scam look like?
Scams come in many shapes and forms—an email, SMS, phone call or malware—and anyone can be victim to one. Scams often ask for your personal details and confidential information and this is the first step to knowing what to look out for.
It could be a scam if…
• The information presented to you sounds too good to be true.
• The offer, prize or communication has come out of the blue and you have not entered the competition or applied for the information that is being spoken of.
• The message requires a very quick response time to clarify your information or win the prize. This puts you under pressure and doesn’t give you much time to think about the validity of the information or talk to people you trust about the situation.
• You receive the information via a free email, for example, Hotmail, Aim, Yahoo or Gmail.
• You are promised large sums of money for very little, or no effort on your part.
• You are requested to provide money upfront, for whatever reason, before the proposed transaction can take place.
• You are requested to confirm personal or account details via a hyperlink, icon or attachment in an email or telephonically.
Type of Scams
SIM swap scam
Spoofed website scam
Dating and romance scam
Deposit and refund scam
Change of banking details scam
Key logger scam
Scams in detail
Phishing is an email scam, where fraudsters send emails to individuals and claim to be from a reliable organisation, such as a banking institution or an email service provider.
The email will attempt to trick you into supplying your account information for a number of reasons, such as your account information needing to be updated or validated, by asking you to click on a link or icon found within the email. Once clicked on, the link will launch a fake website that resembles a real website. On the website, you will be asked to share your personal bank account information, such as your username or password for your online banking profile or email account, or even your cell phone number and bank card details. Any information that you share on the fake website is captured by the fraudsters and then used to defraud you.
How to identify a phishing scam
There is usually a sense of urgency in the email, followed by a threat—the suspension of your bank account, for example—and you are required to respond quickly. This doesn’t give you much time to think about the situation at hand or speak to people you trust.
The email states that you have been a victim of fraud, or have received funds, and you need to log in to your accounts ‘here’ to report the incident and cancel your bank card, or give permission to release the sum of money.
You are required to supply your personal and account details via a hyperlink, attachment or icon, provided in the email.
A vishing scam is a common electronic technique that attempts to access your personal and account details using a telephone call.
You receive an unverified SMS stating that a Stanbic Bank official will contact you shortly to update or verify your account details and personal information. The scammers then contact you telephonically asking you to update or verify your information. You oblige, providing them with all the necessary information they need to access your bank account. Remember, Stanbic Bank will never ask for your banking details, password, PIN or One Time Password (OTP) over the phone.
How to identify a vishing scam
There is a sense of urgency in the phone call, followed by a threat: your account will be suspended should you not supply or verify the necessary information immediately. This doesn’t give you much time to think about the situation at hand or speak to people you trust.
You are requested to update, verify or confirm your personal account information such as bank account number, PIN and/or password telephonically.
What is a SIM swap scam?
In a SIM swap scam, scammers perform a SIM swap without your knowledge, allowing them to intercept phone calls, SMSs and messages.
Typically, the SIM swap takes place after the scammers have received your login details as a result of you responding to, for example, a phishing email. Once scammers have access to your cellphone number and other personal information, they can pose as you and request a new SIM card from your cellular service provider. They will then have access to your phone calls and SMSs, including the OTP SMS facility as well as any other notifications they could use to their fraudulent advantage.
How to identify a SIM swap scam
• You are suddenly no longer receiving calls or messages on your cellphone.
• You do not receive the OTP you have requested, even when trying a second time.
• Your cellphone suddenly has no network signal in a usual network area
A smishing scam attempts to access your personal and confidential information via an SMS.
You receive an SMS proposing to be from a recognised organisation, such as Stanbic Bank, requesting you to contact a toll-free number. When contacting the toll-free number, you’re met by a fake automated voice-response system prompting you to provide sensitive details such as your account number, password and PIN. Once the necessary information has been supplied, the scammers have access to the details and can use the information as they wish.
Smishing scams are becoming more common, as well as dangerous, owing to the increased popularity of mobile banking. Nowadays, people use their smartphones for everything including online banking, so there is a lot of sensitive information at risk if the phone is exposed to fraudulent behaviour.
How to identify a smishing scam
• There is a sense of urgency, followed by a threat—if you don’t update or verify your information now, your account will be suspended—and you are encouraged to respond quickly. This doesn’t give you much time to think about the situation at hand or speak to people you trust.
• The SMS requests you to call a toll-free number.
• You are required to update, verify or confirm your personal details and confidential account information, such as bank account number, PIN and/or password, telephonically.
Spoofed website scam
A spoofed website claims to be the legitimate website of a particular organisation, and is set up to mimic the original website.
Spoofed websites usually have similar logos to the original organisation that they are mimicking and, in some cases, may even be identical. Typically, the intention of a spoofed website is to associate a scam with a reputable institution, and is set up to validate other scams such as the 419 or phishing scam.
How to identify a spoofed website scam
• You are required to click on a hyperlink, attachment or icon provided in an email you are sent directing you to the spoofed website, rather than typing in the URL directly into the browser.
• You are required to disclose personal details or account information on the website you were directed to via the email you receive.
• The spoofed website, accessed via the given hyperlink in the email, does not have one of Stanbic Bank’s official website addresses or URLs that you usually use to access information or use to access online banking
Identity theft is the theft of personal information—ID, passport, driver’s licence, payslip, municipal bills and bank statements—to be used for illegal, fraudulent purposes. Details can be retrieved by stealing your wallet or purse, which may contain your ID, credit card as well as mail containing bank and credit card statements. Fraudsters are also known for rummaging through dustbins looking for private documents containing personal information and can even intercept confidential emails. Also be vigilant when completing your personal information on a form so individuals who physically observe you and watch your keystrokes as you enter your personal details and banking information do not gain access to this sensitive information.
How to protect yourself against identity theft
• Manage your personal information wisely. Store personal and financial documents away safely.
• Destroy personal financial information by tearing, shredding or burning before throwing it away.
• Monitor account statement cycles so that you know when you can expect your statement as well as when they have not arrived.
• Don’t carry unnecessary information in your wallet or purse.
• Create strong PINs and passwords: don’t use obvious choices such as birth dates and first names, and keep PINs and passwords safe.
• Never disclose personal information by email or telephone.
Online shopping allows consumers to buy goods and services directly from a merchant over the internet. While shopping online has many advantages—convenience, speed and a wide selection—online shopping also has its downfalls. As with anything you do online, any time you need to provide personal details such as your email address, phone number and bank card information, you need to be vigilant and aware of online scams and fraudulent activities common to the online world.
While the benefits of online shopping are considerable (convenient, extensive information and customer reviews and wide selection, amongst many other things), it is imperative to be aware when using online shopping platforms as online fraud is one of the most widespread forms of cybercrime.
How to avoid online fraud
Make sure that the company is reputable: only purchase goods and services online from companies that you recognise and trust. If you are unsure of an organisation, ask around.
Ensure the site is secure: look for security symbols such as an unbroken lock or key and that the URL begins with “https” not “http”, this means that no one but you and the merchant can view your payment information.
Keep a record of your transactions: save and print all online confirmations of your orders. Check your bank statements regularly and report any suspicious activities to Stanbic Bank immediately.
Never pay for goods or services over email: paying via email is not secure. You should never send payment information such as your card details and CVV number via email.
Never disclose any confidential information: don’t tell the merchant any passwords or PINs. This information is for your use and knowledge only.
Avoid using public computers: don’t use public computers (e.g. internet cafés) for personal and online banking including online shopping as they may contain spyware.
Dating and romance scam
A dating and romance scam typically attempts to play on an individual’s emotional and compassionate side in an attempt to steal funds.
Scammers create fake profiles on legitimate dating websites or social media platforms to meet new people and, in time, lure them into their con. They will invite you to be their friend or talk to them online and are experts at sharing fake personal information in order to build trust and create a relationship with you. Once they have established the desired connection, they may try to convince you to send them money, or disclose sensitive information, either to help them out of a personal crisis or so that you pay for their travel expenses to apparently visit you. Once you have sent them the funds, it is likely you will never hear from them again.
How to identify a dating and romance scam
• You receive a friend notification or invite from an individual you don’t recognise or know.
• You have only spoken to the individual online via a dating website or social media platform.
• You have never met in person, only conversed online, and they are asking you for an upfront payment or to disclose sensitive details.
• You notice an inconsistency in the communication that is sent to you.
• They have an out-of-the-ordinary job—they work in the army or air force—and need you to help them financially.
A holiday scam seeks to exploit potential holiday makers by falsely advertising ideal holiday packages, accommodation or timeshare on the internet via legitimate-looking, professional classified adverts or websites.
You come across a website or are sent an email promoting an incredible holiday package. The deal is only running for a couple hours, so before time runs out, you quickly purchase the accommodation package through the website, which you believe to be genuine, using your card details. The purchase goes through; however, you never receive the package you paid for. The website, and deal, was fake. The holiday scammers now have access not only to your funds but also to your bank account details, which they can use fraudulently.
How to identify a holiday scam
• If the holiday package sounds too good to be true, it most probably is.
• You come across the accommodation deal on a website you do not recognise or are sent the promotion via an unsolicited email.
• The URL begins with ‘http’ not ‘https’.
• There is a sense of urgency with the holiday deal: you only have five hours left before the deal closes, or there are only two packages left. This doesn’t give you much time to think about the situation at hand or talk to the people you trust.
• You are encouraged to disclose personal information quickly online.
• In the email you receive, you are required to click on the hyperlink, attachment or icon to view and pay for the holiday package.
• You are unable to contact a reputable agency to confirm the holiday package. The contact details include foreign phone numbers, or the owner / property manager is not responding to emails.
Deposit and refund scam
The deposit and refund scam attempts to steal goods or services from a business without actually making the necessary payments.
Scammers will order goods or services from your business, supposedly making the payment into your account. This is done mostly by means of a fraudulent or stolen cheque. A fake proof of payment is then sent to you, and your business delivers the goods to the perpetrator. Later on, it is uncovered that the cheque is fraudulent and that no funds were transferred to your business’ account. In other instances, the scammer may cancel the order and request an urgent refund.
Alternatively, scammers may also deposit a fraudulent cheque into your account only to then contact you stating that they ‘mistakenly’ deposited funds into your account. The caller will ask you to refund the amount immediately, and will send you the proof of payment.
How to identify a deposit and refund scam
• You are requested to refund an individual urgently after he has cancelled his order, or the payment is made in ‘error’.
• You are requested to refund an individual urgently before you have time to verify with Stanbic Bank that the deposit was made into your account and that it is indeed valid.
• You don’t know the supposed person requesting the refund.
• You are unable to phone the requestor on a predetermined number to confirm the request
Change of banking details scam
A change of banking details scam attempts to steal funds through supplying false information of a change of bank account details.
You receive an email, letter or fax supposedly from a recognised supplier. The communication informs you of a change in bank account details and asks you to update your records accordingly. These ‘new’ bank account details are, however, false. Your monthly payment is therefore paid to the scammer and not your supplier as originally intended. Always be wary of changing account details. If a request is received, before changing anything, first confirm with the respective supplier, with a contact you trust, in writing or by telephone.
How to identify a change of banking details scam
• The request you receive to change your supplier’s bank account details doesn’t come from your usual ‘contact’ or point of contact at the supplier.
• The request for change of bank details wasn’t made via official correspondence or using the contact details that you have in your database.
Key logger scam
A keylogger scam is a software or hardware computer program that records and logs every keystroke entered on the particular computer. The keylogger helps scammers to save and gain access to confidential information.
Once a keylogger scam has been put in place, scammers can access the keystroke details via a file on the respective computer, or can have the details sent to them anonymously via email. The keylogger records every keystroke entered on the computer, including personal and confidential details such as passwords, PINs and usernames. This private information can then be used for fraudulent activities.
Keylogger scammers often target internet cafés, owing to the convenience of the computer terminals and anonymity attached to them. Scammers insert the spyware into the computers, recording every keystroke typed on the various keyboards. The keyloggers log any information and actions taken on the computers including private login details for internet banking profiles, email account profiles, Facebook profiles etc. and then forward the recorded details to the scammers at large, enabling them to log in and access the respective profiles.
How to identify a keylogger scam
• Keyloggers could be hidden in an email attachment, can be installed via a memory stick or can be installed via rogue apps and malicious websites. Be wary when other untrusted individuals use your computer, for whatever reason.
• Always be alert to computer hardware or software changes.
• Be cautious when using internet cafés. Don’t disclose any confidential information on a public, unfamiliar computer.
• You have received an unfamiliar email containing unknown attachments and hyperlinks. Don’t open any emails, attachments or hyperlinks from unknown sources.
A 419 scam, or advance fee scam, is a form of upfront payment or money transfer scam.
You receive an email, fax or letter containing an offer promising you large amounts of money (via an inheritance, lotto winning etc.). In order to gain access to the funds, you are requested to pay an upfront fee. Various reasons are given for the upfront fee including exchange control fees, customs duty fees and bank charges. Although the exact details of a 419 scam varies, very large amounts of money are usually involved. Essentially, once you have made the advance payment, the scammers has received everything that they want from you and may cease communication. Needless to say, the promised transaction never takes place.
419 scammers are also known to create spoofed websites in an attempt to validate the intended 419 scam. In addition to the email, you may be given login details for a false website that appears to be Standard Bank’s internet banking. The fake webpage will show you your inflated bank balance. The hope is that if you see a larger bank balance, you will more likely fall victim to the 419 scam.
How to identify a 419 scam
• Out of the blue, you receive an unbelievable promise of large sums of money (usually millions of dollars or pounds) for little or no effort on your part.
• You have no idea where this proposed money is coming from.
• You are requested to provide money upfront, as a processing or administration fee, in order to access the funds.
• There is usually a sense of urgency, followed by an emotional bribe (someone has passed away or is suffering from an illness), prompting you to respond quickly. This doesn’t give you much time to think about the situation at hand or speak to the people you trust.
• You do not know the people who have sent the communication, although they usually claim to be in a position of authority from a trusted organisation.
• You are required to supply your personal and account details via a hyperlink, attachment or icon provided in the email.
Card fraud is the unauthorised use of your credit or debit card, following the theft of your personal information and bank details. Always be cautious when using your banking cards, especially at ATMs, as fraudsters use a variety of card fraud methods to deceive their victims.
Card skimming is the illegal electronic duplication of your credit or debit card and a card has to be inserted into a skimming device in order for it to be copied. Victims of this fraud are usually unaware of the banking transactions until they receive their bank statements, or payment notifications, showcasing the transactions that they didn’t make.
Fraudsters attempt to distract you while at the ATM, or when conducting a bank transaction, swapping your bank card for a counterfeit card without your knowledge. Card swapping fraudsters are known to work in groups as it is easier to distract you and retain your card and information or when someone physically observes you and watches your keystrokes as you enter your personal details and banking information.
Card not present (CNP) fraud
CNP fraud takes place when neither the card nor the cardholder is present whilst conducting the bank transaction. Fraudsters may memorise or write down your card number, expiry date and CVV (three digits at the back of your bank card) without your knowledge when your card is handed over for payment. With this information, criminals are able to transact fraudulently on the internet or phone as if they are the genuine cardholder.
How to protect yourself against card fraud
• Stay alert at all times when using your cards and making payments.
• Always be vigilant while using ATMs.
• Remain aware of your surroundings and don’t allow anyone or anything to distract you. If you get distracted during your ATM transaction, cancel it immediately.
• Change your PIN immediately if you believe it has been compromised.
• Stand close to the ATM and cover your PIN when punching it in.
• Create strong PINs for your various accounts and don’t use the same PIN for your different accounts
• Don’t request or accept help from anyone while at an ATM.
• Never force your card into the ATM slot as it might have been tampered with.
• Don’t let your card out of your sight when making payments and ensure that you get your own card back after every purchase.
• Review your account details and transactions on a regular basis. Query any disputed transactions with Standard Bank immediately.
• Shred or tear up your card receipts and statements before you discard them.
• Always check transaction slips for correct purchase amounts before signing them.
Make use of any additional Standard Bank security features, such as MyNotifications and One-Time Password (OTP), so that you are alerted to any account movements in real time.
How to report an incident
STEP 1: Immediately call us via CCC to report fraud or theft. Please have your card or account number or identity number on hand.
STEP 2: Provide the Client Contact Centre agent with as much information as possible about the incident including what personal and banking details have been compromised.