Protect yourself from fraud
Think you’ve fallen victim to fraud?
Please contact us on +44 (0)1624 645000 between Monday and Friday, 8am to 8pm (UK time), except for UK public holidays.
For all other times, please call +44 (0)20 8167 3223.
For information on the latest scams, please visit our client notices page
We will never ask you for your personal or security details, such as your full passwords, Visa PINs, or the names of authorised signatories on your account. We will sometimes send you a one-time passcode, to verify that payments or online purchases are genuine. Our staff will never ask you for these passcodes.
Use our mobile app or Online Wealth Service to make payments, transfers and exchange currencies. This is the most secure and fastest way of transacting.
You can also use Qwil, the secure messaging app, to communicate with the team, receive documents and stay in touch, regardless of your location.
We do our utmost to protect you from fraud, and it is why we often call you back on the contact number we hold for you to verify instructions.
Regularly check your financial transactions on all your bank accounts, either on printed statements or, better still, more frequently online.
If you are contacted by anyone identifying themselves as a Nedbank Private Wealth representative, but they do not follow our usual procedures, or if they ask you to tell them your passwords, passcodes, or Visa PINs, hang up. Then call Nedbank Private Wealth on the number you usually use.
Protect yourself with a strong password
Strong passwords include letters, numbers, capitals and special characters – the longer the better.
Cash machines (ATMs) can be used to access your secure data through hidden cameras to collect your pin, before the machine retains your card. If your Visa Platinum debit card is retained by a machine, please call us immediately.
Scams by retail or hospitality staff who take your card out of sight and copy them are more common than you might think. If you think your Visa Platinum debit card may have been copied, please call us immediately.
Always look for the padlock symbol next to a web address. This should mean that your connection is encrypted and your login information cannot be intercepted.
Your online login details are unique and you should never share details, passwords or PINs with anybody else. Passwords and PINs should be regularly updated and always use different passwords for different accounts. If you need to store them, please use a password vault.
Types of fraud
Social engineering
This is where scammers use online information or conversations to gather personal information, and then use this information to ask you to confirm your identity.
By using specific details about you, the criminal can be very convincing and trick people into divulging more information, such as account numbers, passwords and the answers to security questions
Phishing
A form of social engineering, phishing is either generic or specific, and takes on many forms. They all essentially seek the same outcome, i.e. that you reveal sensitive or confidential personal information by:
- Threatening to revoke access to your account if you do not act immediately
- Promising you a reward for logging into your account via the link provided
- Indicating there is a confidential update that you can only retrieve by entering in your credentials
- Physically getting you to do something, e.g. allow access to a building
- Inducing you to download a file that contains malicious software (malware).
As mentioned, phishing can be across different channels, including:
- Smishing, which is where people are targeted by text or SMS messages
- Spear-phishing (also known as whaling), which is a highly targeted phishing attack masquerading as a legitimate email
- Vishing, which is by phone or voice.
Spoofing
Often used in conjunction with social engineering, spoofing recreates emails, text messages and phone calls to deceive the recipients. Email addresses – from third parties or within your company – can be spoofed, as can phone extensions.
Malware
Malware is software that is designed to steal information or money. There are broadly four types of mal(icious) + (soft)ware:
- Viruses: attached to a separate piece of software, it reproduces and ‘infects’ when that software is run
- Worms: these are similar to viruses, but don’t need human interaction to cause damage
- Trojans: as with the original wooden horse, these appear to be legitimate pieces of software that allow criminals access to information
- Grayware: these are unwanted applications that limit the performance of computers and systems, leading to security risks.
Ransomware (where you need to pay a ransom to enable it to be removed) and spyware (hidden programs that collect information to distribute via the internet to criminals) are the most concerning of all malware.
Authorised Push Payment (APP) fraud
An APP fraud is one where you authorise an electronic transfer payment without realising it is fraudulent. APP frauds can arise from a number of sources including investment scams, impersonation, social engineering, extortion and theft or loss of personal information. Electronic bank transfer payments include Faster Payments Service (FPS) and Clearing House Automated Payment Service (CHAPS). For information on the UK rules for APP fraud reimbursement click here.