Phishing (email) and smishing (SMS) involve fraudsters asking you to click on a link that takes you to a fake website where you’re asked to enter personal information.

The fraudsters convince you to follow the link by saying your account has been accessed or that it will be blocked.

Or they say you’ve had a large deposit made into your account, or you need to install new software to protect yourself.

Vishing is social engineering over the phone and involves fraudsters calling you posing as bank staff and asking for personal information.

They also pose as representatives from the fraud department and scare you into giving them your card PIN or Online Banking password to stop a fraudulent transaction.

Fraudsters also use ‘caller identity spoofing’, where a call appears to be made from a legitimate or known number, so they can get your personal information.

Tips

  1. Don’t click on links in messages from unknown sources. Nedbank will never ask you to sign in to Online Banking through an attachment or link.
  2. Never give anyone your Online Banking password, Nedbank ID and password or card PIN and CVV number (the 3- or 4-digit security number found on the front or back of your card). Nedbank will never call you to ask for these details.
  3. Always read your Approve-it messages carefully before accepting them.
  4. Never share an OTP with anyone.
  5. If you have the Money app on your mobile device and it’s lost or stolen, contact Nedbank to deactivate the app.
  6. Hover your mouse over any hyperlinks to see the actual URL. On mobile devices, long-press the hyperlink to see the URL.
  7. Don’t respond to phishing emails. If you receive a suspicious email, forward it to phishing@nedbank.co.za
  8. Make sure you have the latest antivirus software installed on all your devices.
  9. Install the latest updates or patches on your operating system as soon as they are available.
  10. Don’t trust caller identity. Fraudsters use number-masking software to make it look like the call is from Nedbank when it is not.
  11. If you get an SMS for a SIM swap or number port you did not request, or seem to lose cellphone connectivity for a long time without reason, call your service provider and let us know immediately on 0800 110 929.
  12. If you receive an SMS notification or an Approve-it for a transaction you didn’t perform, call us on 0800 110 929 or use the Report Fraud function on the Money app.
  13. Check your statements frequently and let us know as soon as you see any unfamiliar transactions.

Fraudsters use SIM card swaps and number porting to commit fraud. Once they have your cellphone number, you no longer receive calls or SMS, and your phone has no signal. The fraudsters pose as you to intercept calls and get your banking notifications.

How it works

  • They call your service provider pretending to be you and ask for your cellphone number to be transferred to a new SIM card. Or they ask for your number to be ported to another service provider.
  • They present a stolen or fraudulent ID and answer security questions posed by the service provider as if they are you.
  • They then call you repeatedly so you turn your phone off in anger. This gives them time to do a SIM swap or port your number without you knowing.

Tips

  1. Protect your personal information and be careful who you share it with.
  2. If you get an SMS for a SIM swap or number port you didn’t request, or seem to lose cellphone connectivity for a long time without reason, call your service provider and let us know immediately on 0800 110 929.
  3. Inform us as soon as you change your cellphone number. Your bank notifications go to the cellphone number loaded on our system.
  4. Check your bank statements regularly and query any unauthorised transactions.
  5. Contact your service provider if you notice anything suspicious.
  • Cell C: 084 140
  • MTN: 123 stop (123 7867)
  • Telkom: 081180
  • Virgin Mobile: 0741 000 123
  • Vodacom: 082 1946

This is a form of phishing that targets businesses by sending emails to finance departments impersonating a Chief Executive or Chief Financial Officer to trick employees into making an urgent payment. The employees make the payment and the fraudsters get away with the money.

Financial institutions and businesses are the primary targets of these scams, which take a lot of planning to be successful.

How it works

  • Fraudsters determine who in an organisation is able to make large payments, then source their contact details and any other information they can use to make the request seem more legitimate.
  • They make use of social engineering to gather information. They trawl through social media sites and may even contact employees to gather information.
  • They may even get a copy of the email template and signature used by the targeted executive to make the request seem more legitimate.
  • The fraudsters then draft an email from the executive requesting a payment be made into an external account. They forward the mail to the targeted employee, hoping that payment will be made.
  • They rely on employees never questioning or verifying an instruction from an executive. We often don’t take the time to look at the format, layout, grammar and punctuation in emails, we quickly scan through them before we act.

Tips

  1. Make sure the email address on the email received is correct and matches the email address on your business system. Fraudsters will make small changes, like adding a full stop or changing a letter, hoping you won’t notice.
  2. If you get an email that seems strange or out of the ordinary, contact the sender and confirm that the email came from them. Do not click on links in a suspicious email, as you might unknowingly download malware onto your computer.
  3. Be careful what information you share on social media. Fraudsters use social media to gather information on their targets.

Fraudsters send fake emails that look like they come from your bank or an IT company.

These emails have attachments containing malicious software, which is downloaded onto your device when you click on the attachment.

Once your device is infected with the malware, fraudsters gain access to everything stored on it and monitor your keyboard and record whatever you type. This includes your Online Banking sign-in credentials.


How it works

  • You’re sent a fake proof of payment or bank statement, and click on an attachment in the email.
  • Someone calls you from an IT company, offering to help you download fake security software.
  • You’re prompted to authorise an action to execute, install or upgrade software.


Tips

  1. Don’t authorise an action to execute, install or upgrade software.
  2. Do not open attachments or click on links from unknown sources.
  3. Beware of any attachments that end in .exe, .cab, .htm or .jar. These attachments often contain malicious software.
  4. Hover your mouse over hyperlinks to see the actual URL. On mobile devices, long-press the hyperlink to see the URL.
  5. Make sure you have the latest antivirus software installed on all your devices.
  6. Install the latest updates or patches to your operating system as soon as they are available.
  7. Scrutinise your bank statements frequently. If you see unfamiliar transactions, notify us immediately on 0800 110 929.
  8. If you receive a suspicious email, forward it to phishing@nedbank.co.za
  9. Get more information on antivirus packages at av-comparatives.org, which frequently tests leading antivirus software.

Fraudsters collect email usernames and passwords for email accounts. Once they access your account, they read all your emails, access your contacts and send emails pretending to be you.

They may even send you emails from people you have a financial relationship with, telling you that their banking details have changed so that you pay money into accounts they have access to.

How do fraudsters get your email details? 

  • You may be tricked into clicking on a link in an SMS or email, that says you’re running out of storage space and if you do not validate your credentials your emails will be deleted.
  • Your computer may be infected with malware that allows fraudsters to monitor your keyboard or search for saved passwords.
  • You may have registered on a website with the same credentials as your email account, and this website was hacked.

What to do if your email account has been compromised

  1. Have the device you accessed the email address from checked for malicious software and disinfected by a specialist.
  2. Change your email password immediately on a different, trusted computer.
  3. Use 2-factor authentication to protect your email account, like an SMS notification sent to your cellphone.
  4. Send an email to all your email contacts to inform them of your email compromise and ask them to contact you immediately if they have received any recent emails from you.
  5. Phone the Nedbank Call Centre on 0860 555 111, as well as your banker, financial planner, suppliers and any other persons you conduct financial affairs with. Check if they have received any recent email requests or instructions from you.

Someone calls you posing as a representative from an IT company or service provider. They offer to help solve a computer problem, or try to sell you a software licence.

How it works

  • You get a call from someone saying they’re from your network service provider or IT company.
  • You’re asked to give them access your device to solve a problem, like upgrading your security software, removing viruses or increasing your network speed.
  • You’re asked to buy a software licence.
  • You’re asked for your credit card details to pay for repairs or software you ordered.
  • You’re directed to a fraudulent website to enter your credit card details and personal information.

Tips

  1. Never give a third party control of your device, unless you can confirm they’re a legitimate representative of an IT support team from a company you trust.
  2. IT companies never cold call you to do repairs on your device or sell you software.
  3. Never give your credit card information to someone claiming to be from an IT company’s technical support team.
  4. Make sure your devices’ antivirus software is always up to date.
  5. Install the latest updates or patches to your operating system as soon as they are available.