Have you ever got a text message saying your bank account has been frozen? Or an email demanding that you verify your login details or risk losing access? It’s likely a scam.

Recently, we have also seen a surge in reports of text messages that look like they’re from your bank. These messages often warn you that you’ll soon receive a call or a link asking you to:

• Reverse a debit order.
• Change your login details because your account has been ‘compromised’.
• Click on a link for a so-called exciting new product.
• Access a bank statement with a link that takes you to a fake site to share your login details.
• Click on a link to remove a 'suspicious' device that has been linked to your profile.
• Access proof of payments through links.

We’ve also seen fraudsters pretending to be other trusted organisations, like airlines or service providers, offering fake specials on flights or products. All these scams are designed to get you to click on a link and share your personal or banking details.

Fake bank messages are becoming more convincing – and more common. This example of a scam text message on our website claimed to be from the bank. It used official-looking branding, urgent wording, and a dangerous link. If you were to receive that message, click on the link and enter your details, you could hand criminals full access to your bank account.

These scams are part of an ongoing wave of cybercrimes that use phishing and smishing (SMS phishing). Here’s what to watch out for – and how to protect yourself.

How to spot a fake bank communication

Fraudsters rely on fear. Most scam messages aim to scare you into acting quickly. They often claim that your account has been blocked or compromised, or that you need to ‘verify’ your information to prevent fraud. They use these scare tactics to pressure you into acting on impulse.

The majority of these fake messages ask you to click on a link to:

• Access a proof of payment or bank statement.
• Reverse a fraudulent transaction or debit order.
• Update your details to avoid your account from being blocked due to a FICA restriction.
• Download security software to keep your account safe.
• Deactivate an unknown mobile device that was added to your banking profile.

Scam messages may even use Nedbank logos and colours to appear official and include links to fake websites that look like our Online Banking homepage – fraudsters have even gone as far as creating websites that try to mimic our Money app.

They try to create panic, threaten you with serious consequences, and demand immediate action, then ask for secret information like your password, card number, or OTP – or that you approve an in-app approval message on your banking app.

Previously, these fake communications often contained errors in spelling and grammar, but scammers have been using AI to help fix this. We have noticed that they sometimes use the incorrect and/or inconsistent branding, such as old logos or incorrect fonts – and they will come from unfamiliar addresses or mobile numbers.

What a real Nedbank communication looks like

We’ll never ask you to share secret information like your card PIN, online banking password, or OTP. Here’s what to expect from us:

Emails

Our official emails come from addresses ending in @nedbank.co.za – we do sometimes use links to direct you to information pages, but we will never ask you to insert secret information on a webpage you accessed through a link. If we need you to take action, we’ll direct you to the Money app or Online Banking.

SMS and WhatsApp messages

While we do use multiple numbers for SMSes, we will never ask you to respond with secret information. If an SMS seems off, even in the slightest, contact us via Enbi on the Money app, or give us a call to verify that the SMS is real.

Our WhatsApp messages will only be sent through our verified WhatsApp Business account. You’ll see a blue verification badge (a blue circle with a white tick) next to our name, along with the ‘Business account’ label – this confirms that it’s genuinely us. Currently, our primary WhatsApp line is 071 414 4651. We use this channel for services like FICA, and to share information about your products, changes to your products, and important matters like your card renewal.

Phone calls

If we call you, we may ask for basic personal details to confirm your identity, such as your ID number. But we’ll never ask for secret information like your password, PIN, or OTP over the phone. If the bank calls about a transaction, simply say: ‘Yes, it’s mine’ or ‘No, it’s not mine’. Don’t share any secret information or approve anything.

What’s safe to share?

You can safely confirm the following:

• Your full name.
• Your ID number.
• The last few digits of your account number.

You should never:

• Reveal your full card number, expiry date, or card security code (CSC) (the 3- or 4-digit security number on the front or back of your card).       
• Share your online banking login details.
• Reveal your card PIN.
• Share OTPs.
• Approve requests that you didn’t initiate.

If you're unsure, end the conversation and contact us directly. It’s better to double-check than to risk compromising your money or identity. Fraudsters are getting creative now – they could even go as far as giving you the real name and employee number of a genuine Nedbank employee. So, if you call us to confirm whether that person’s employed by Nedbank, we might say yes – because they could be. But that doesn’t mean the contact was legitimate. The only way to be sure is to contact the person directly using the official Nedbank channels and not the number the fraudster gave you.

Think it might be a scam? Stop and report it

If something feels off, trust your instincts.

• Don’t click on suspicious links or attachments from unknown senders or suspicious email addresses.
• Never share your Online Banking login details or card PIN, OTP, expiry date, or CSC with anyone
• Read your banking notifications carefully. Taking a few extra seconds to read the message could prevent fraud.
• Send phishing emails and screenshots of suspicious messages to us at phishing@nedbank.co.za

·       Report it to our Fraud Hotline on 0800 110 929.

Stay safe, stay alert

Fraudsters constantly change tact    ics, but you can stay ahead by knowing what to look for. If you’re ever unsure whether a message or call is really from us, call Nedbank directly or visit your nearest branch.

We’ll never ask for your Online Banking login details, card PIN, CSC, or an OTP. Not on email, SMS, WhatsApp, or over the phone.

When in doubt, don’t click – report it!