Phishing (email) and smishing (SMS) involve fraudsters asking you to click on a link or an attachment that takes you to a fake website where you must enter your personal information, for example your Nedbank ID and password or your card number and PIN.
Fraudsters convince you to follow these links by sending you communications that looks like it comes from Nedbank, saying that your account has been accessed, that you need to update your account or install new software to protect yourself.
Sometimes fraudsters also send you a fake proof of payment or a bank statement as an attachment to an email. Once you have clicked on this attachment, you’re prompted to enter your Nedbank ID and password or card number and PIN to open the attachment, giving the fraudsters access to your credentials.
Vishing is social engineering over the phone. Fraudsters call you and pretend to be a bank employee, asking for your personal information. They may also try to trick you into calling them by sending a SMS saying that a transaction is being processed on your account, or that a new debit order has been registered on your account. When you then call the number in the SMS, the fraudsters ask you for your personal information to ‘reverse’ the debit order or transaction, hoping to get their hands on your banking details.
They also pose as representatives from Nedbank’s fraud department and urge you to give them your card PIN or Nedbank ID and password to stop a ‘fraudulent transaction’ or ‘reverse’ a debit order. They even try to convince you to accept an Approve-it message or share a one-time password (OTP) with them, hoping that you won’t read the message carefully and notice that they are indeed trying to transact on your account.
Fraudsters also use caller identity spoofing, when a call appears to be from a legitimate or known number to get their hands on your personal information. Once they have your Nedbank ID and password or card number and PIN, they can access your Online Banking profile and download the Money app.
- Don’t click on links in messages from unknown sources.
- Nedbank will never ask you to sign into Online Banking through an attachment or a link.
- Never give anyone your Nedbank ID and password or card PIN and CVV number (the three- or four-digit security number on the front or back of your card). Nedbank will never call you to ask for these details, not even a portion of it.
- Never share an OTP with anyone.
- Always read your Approve-it messages carefully before accepting them and decline the transaction if you didn’t make it and report the incident to Nedbank immediately on 0800 110 929.
- Keep your passwords safe. Don’t store them on your device or in your browser and don't use the same username and password for all your logins. Your username and password should also be different.
- Always ensure that you have the latest version of your banking app loaded on your device.
- If you have the Money app on your mobile device and it’s lost or stolen, contact Nedbank to deactivate the app immediately on 0800 110 929.
- When calling back to confirm a call from Nedbank, don’t just confirm if the person works at Nedbank. Talk to the individual to find out if they have indeed contacted you.
- Hover your mouse over any hyperlinks to see the actual URL. On mobile devices, you can long-press the hyperlink to see it.
- Don’t respond to phishing emails. If you receive a suspicious email, forward it to email@example.com immediately.
- Make sure you have the latest antivirus software installed on all your devices and install the latest updates or patches on your operating system as soon as they become available.
- Don’t trust caller identity. Fraudsters use number-masking software to make it look like the call is from Nedbank when it’s not.
- If you receive an SMS for a SIM swap or number port you did not request or seem to lose cellphone connectivity for a long time without reason, call your service provider and let us know immediately on 0800 110 929.
- Do not do your banking on a public computer found at libraries, cyber- or internet cafes and hotels, and avoid using Wi-Fi hotspots.
- Check your statements frequently and let us know as soon as you see any unfamiliar transactions.
- Report fraud by calling us on 0800 110 929.