Learn about fraud and scams

Phishing is when an attacker sends you a fraudulent email, pretending to be a trusty source like an established company or a bank. They aim to trick you into sharing sensitive information like your ID number, banking details, online banking login credentials, PIN, password, OTP, or cellphone number.

Look out for these suspicious-looking emails and don't click on links that ask you to provide login information. 

Fraudsters try and make you:

• Click on malicious links or open malware-containing attachments
• Disclose sensitive information such as account passwords

Warning signs:

• Absa will NEVER send emails with links or attachments redirecting you to a login page that requests you to share your username and password, or passcode
• Make sure your emails are coming from a verified email address and not from a spoofed email address
• Check for grammar and spelling errors
• Always validate URLs for legitimacy
• Don't download remote access software or grant strangers access to your devices
• Be cautious of emails promising unreal rewards, competitions that you never entered, or urgent threats
• No reputable institution, especially a bank, will reach out to you for sensitive information

Vishing is when a fraudster calls you directly and pretends to be a bank representative. They aim to trick you into sharing sensitive information like your ID number, banking details, online banking login credentials, PIN, password, OTP, or cellphone number.

They will encourage you to act urgently and pretend like your account is at risk of being hacked or exposed if you don't.

Protect yourself:

• Never share PINs, passwords, passcodes, or card CVV numbers with someone on the phone
• Beware of fraudsters diverting numbers, especially if they ask you to call back
• If calls or OTPs cease unexpectedly, contact your service provider to check for SIM swapping
• Do not provide a received OTP to anyone; report such incidents to the bank
• Avoid downloading software from suspicious sources

Fraud scenario:

• Caller requests personal information that Absa would never ask for
• Caller presents unlikely issues, like a blocked or hacked account
• Caller prompts a call back with false validation, accompanied by an OTP not initiated by you

SMiShing is when a fraudster sends you urgent, deceptive text messages, threatening that your account will get blocked if you do not react. They aim to trick you into sharing sensitive information like your ID number, banking details, online banking login credentials, PIN, password, OTP, or cellphone number.

Absa will never send you an SMS with a link on it. Report any suspicious SMS activity and delete the SMS. 

How to identify SMiShing:

• Shortened URLs, especially using bit.ly
• Requests for personal information a bank would never ask for
• Differences in style and sign-off compared to legitimate messages from Absa

A fraudster can perform an illegitimate SIM swop with your cellphone service provider. If a fraudster has a false copy of your identity number or has all of your personal details available they can manipulate your cellphone number to receive SMSes that should be going to you, for example, an OTP.

This means that they are one step closer to logging into your account. This is why you must never share personal information like your ID number, banking details, online banking login credentials, PIN, password, OTP, or cellphone number with strangers or suspicious digital sources. 

Protect yourself:

• Activate app authentication on your mobile banking app to stop fraudsters from using SIM swopping to access your account
• Protect your personal, bank account and cellphone account information when you are talking to strangers or busy online
• Immediately investigate when you notice that you are not receiving calls and messages
• Keep your phone switched on – otherwise, you will not notice when your SIM card has been swopped

Tips to prevent cheque fraud:

• Wait for clearance
  If you are accepting a cheque as payment, wait for it to clear before handing over goods or issuing a refund
  
  
• Beware of overpayment
  Be cautious if you receive a cheque exceeding the owed amount (scammers might ask you to deposit it and return the excess, indicating potential fraud)
  
  
• Report lost cheques
  Immediately report lost, stolen, or missing cheques
  
  
• Do proper cheque filling
  When filling out a cheque, avoid leaving space before the payee's name or amount (cross out unused spaces)
  
  
• Keep your chequebook secured
  Keep your chequebook in a safe place at all times and don't let strangers have access to it
  
  
• Avoid blank cheques
  Never sign a blank cheque that does not have an amount and all other information filled in
  
  
• Reconcile regularly
  Make sure you are checking your bank and cheque statements regularly
  
  
• Use 'Not Transferable'
  Mark cheques with "Not transferable" between two transverse lines for intended beneficiary assurance
  
  
• Use secure mailing
  When posting a cheque, use a non-transparent or dark envelope without staples/paper clips and make sure your mailing service provider is reliable
  
  
• Reject faxed deposit slips
  Never accept faxed bank deposit slips as proof of payment
  
  
• Look for handwriting
  Make sure that there is consistent handwriting and pen use on cheques received
  
  
• Look for alterations
  Verify that your cheques received do not have any visible alterations

Prevent supplier fraud by always verifying changes received from suppliers, and always ensuring that supplier/beneficiary banking details are authentic; be cautious of diverted correspondence.

If you suspect fraud, report it to your relationship executive immediately, or contact Absa Customer Service at +2673159575. Reporting to the police is also highly recommended. 

What to watch out for:

• Counterfeit documents
  Beware of scanned company letterheads with blurred logos on counterfeit invoices
  
  
• Email discrepancies
  Watch for confirming emails from nearly identical addresses, differing by a single easily overlooked letter
  
  
• Bank changes
  Always verify requests to change bank details with your regular contact
  
  
• Invoice scrutiny
  Train staff to check invoices for irregularities and report suspicions to a known contact
  
  
• Designated contacts
  Consider setting up single points of contact for regular payments to specific companies
  
  
• Secure Disposal
  Shred business and supplier documents containing letterheads
  
  
• Private banking details
  Avoid publishing bank account details online to prevent fraudulent use
  
  
• Review change requests
  Scrutinize past requests to change account details to ensure authenticity
  
  
• Client awareness
  Warn clients about potential fraudulent instructions, safeguarding them from acting on false information

How to prevent tech support scams:

• Update software
  Keep software current with the latest security patches
  
  
• Avoid unexpected calls
  Never grant computer control to an unexpected third party
  
  
• Doubt caller ID
  Don't solely rely on caller ID for authentication, as numbers can be spoofed
  
  
• No financial info
  Never provide passwords, credit card details, or financial information to unsolicited tech support claims