We remain committed to protecting your information, but we also need you to ensure that you have taken effective security measures when transacting over the Internet. For queries please contact our 24-Hour Fraud Hotline on 0800 222 050.

Phishing misleads users into sharing sensitive information (i.e. passwords, credit card details or bank account numbers), for malicious purposes, via electronic means or communication.

Perpetrators of phishing attacks lead you to believe you are performing a familiar action and take advantage of that established trust to harvest confidential or authentication level information from you.

Phishing occurs via almost any electronic communication:

• Website forgery
• Email phishing (commonly done via spoofing)
• Link manipulation
• SMSs
• Phone calls (vishing)
• Instant messaging

How to prevent phishing

• We will never ask you for personal or private information online, either via a website or an email
• Do not give sensitive details – such as your operator ID, customer selected PIN (CSP), password, card details, account numbers, ID numbers, OTP cell number, email address or email password – to anyone, not even a bank employee, no matter how legitimate the request seems
• Never reveal personal or financial information in an email, and do not respond to emails asking for this information. As a rule, Standard Bank will never request sensitive information of you without authentication
• If you are unsure of whether an email request is legitimate, try to verify it by contacting the organisation directly via a phone call or out of band communication using a trusted contact number. Remember not to use the contact information provided by the suspicious party
• Be suspicious of unexpected or unsolicited phone calls, emails or even personal visits from individuals asking about employees or requesting other internal information. Always try to verify the identity of the person directly with the organisation they claim to represent
• Be cautious when following links sent in emails. If you're suspicious, always type in the website address you usually use, rather than clicking on any links provided
• Pay attention to the URL contained in an email. The URL may seem legitimate at first glance, but if you look closely, malicious website URLs differ slightly and may use a variation in spelling or a different domain (e.g. standardbank.trust.com vs standardbank.com)
• Forward suspicious emails to [email protected] for the appropriate action to be taken.

Smishing is the cell phone equivalent to phishing. Instead of being directed by email to a website, a text message is sent to your cell phone with a request to click on a link. The link causes a Trojan to be installed on your cell phone.

Email spoofing is a malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver.

Since you are more likely to open an email from a person or company that you recognise, they trick you into opening the forged email, asking you to make a payment, to reveal personal and confidential information, or to download an attachment.

At Standard Bank we mitigate this risk by doing a telephonic verification with you or the authorised representatives of your account before we process a payment or act on any other instruction.

How to prevent email spoofing

While there isn’t a way to stop email spoofing, there are some basic security steps you can take to protect yourself from falling victim to it.

• Always verify sensitive messages or instructions you receive via email by calling the sender first
• Use your primary email account to communicate only with people you know and trust
• When you share your email address on a website or post information on a public online forum, use a second email account that you won't mind deleting later
• Be wary of senders who ask you to reveal information or perform an action that would put you or your organisation at risk
• Do not leave your computer unlocked if you are not using it

How to identify a spoof website

Carefully check the URL of the site you are accessing. If it is not one of the Standard Bank Group's official website addresses, it is likely to be a spoof site.

Some of our official URLs are:

www.standardbank.co.za

www.businessonline.standardbank.com

Always remember:

We will never ask you to update personal information like PINs or passwords via an email or over the phone.

Keystroke logging is a system of "recording" a series of keystrokes and then "playing back" the recording to replicate the actions of the user. It is used by fraudsters to access information about internet users, such as passwords, credit card and banking information, personal details, and more, to use in identity theft and other malicious deeds.

Keystroke logging can take place via software or hardware installations.

Key logging software makes a copy of all your keystrokes and saves the details to a file on your hard drive. Key logging software can be installed by the attacker in a number of ways. It can be hidden in an e-mail attachment you received, in downloaded software, and in malware. Key logging hardware can be installed by the attacker when working on your computer by simply plugging a memory stick or other physical device into your computer. Hardware and USB key loggers are physical equivalents that work by intercepting the communication between your keyboard and your terminal. The keypresses are typically either stored offline until the attacker can retrieve them or sent digitally over the internet to the attacker’s server.

Example of a hardware key logger

Before a key logger is installed

After a key logger is installed

How to prevent phishing

• Ensure that you have effective access control to your computer and associated work environment
• Be alert to changes in your computer hardware – hardware key loggers can look similar to common computer equipment, so check your personal computer regularly
• Ensure that the computers on your network have the latest security patches
• Do not download attachments from unknown sources
• Do not open attachments that have unrecognised file extensions
• Limit administrative access to authorised users only
• Ensure individual login accounts for each Business Online operator
• Ensure passwords are sufficiently complex and changed regularly
• Monitor access to servers and internal networks
• Implement audit logs to promote accountability

A spoofed website claims to be the legitimate site of an organisation and is set up to look like the original.

Spoofed websites usually have similar logos to the original sites and, in some cases, they may even be identical. The domain name or web address is also similar to that of the original website and will often use words related to the company's name or products.

The intention of a spoof website is usually to harvest confidential level information or to deploy viruses/ malware onto the victim’s computer. The safest way to access an authentic site is by carefully checking the URL (web address) or SSL/TLS certificate. Often these URLs will look very similar to the ones you are familiar with.

How to protect yourself from a phishing website

Be suspicious of any website that requires you to download an attachment or input information over an insecure or open connection. Not only is the website untrusted but the connection is susceptible to a man in the middle attack.

Always remember:

We will never ask you to update personal information like PINs or passwords via an email or over the phone.

With a 419 scam, also known as an advanced fee scam, an SMS or email – often in broken English – is sent to a recipient, usually from someone with a sad story, claiming to be in a foreign country, and making an offer that would result in a large pay off for the recipient.

Most 419 scams ask for your banking details, and request you to make an advance payment as a ‘deposit’ to facilitate the payment of the funds. Not only will you never receive the money promised, but the scammers may also use your banking details to withdraw money from your account.

How to protect yourself from 419 scams

• If it looks too good to be true, it probably is
• There are no get-rich-quick schemes. The only people who make money are the scammers
• Do not let anyone pressurise you into making decisions about money or investments. Always get independent financial and/or legal advice
• Do not open suspicious or unsolicited emails, also known as spam. Delete these emails immediately without opening them
• Never reply to a spam email, even if it is to unsubscribe. By replying you are verifying your email address to the scammers
• Never send your personal, credit card or online account details in an email
• Money laundering is a criminal offence. Do not agree to transfer money for someone else. Don’t let the fact that a letter sounds enticing or genuine trick you
• If you still think the letter may be genuine, make sure you seek the advice of an independent professional (a lawyer, accountant or financial planner) before committing any money

Always remember:

We will never ask you to update personal information like PINs or passwords via an email or over the phone. There is a lot of information about these scams available on the internet. If you would like to find out more, search online for “419 scams” or “advance fee”.

This deposit refund scam is when criminals contact you telling you that an amount of money was deposited into your bank account by accident, or that they have paid you a deposit for an urgent order that must be delivered immediately.

The scammer either asks you to refund the deposit, or to release the order, amount and they send you a ‘proof of payment’. The ‘proof’ is either a copy of a deposit slip, a cheque, or an altered Internet banking payment confirmation.

Below are scenarios of scams that you should be aware off:

Scenario A

• You are approached via telephone or email with an urgent order.
• A deal is structured, usually involving a direct deposit into your bank account.
• A copy of the stamped bank deposit slip for cash is faxed to you.
• Goods are released to fraudsters.
• A fraudulent cheque is deposited instead of cash and the deposit slip is fraudulently amended.
• The cheque is unpaid due to it being fraudulent.
• Your bank account is debited.
• You are unable to contact the "client" and suffer the loss

Scenario B

• You are approached via telephone or email with an urgent order.
• A copy of a stamped bank deposit slip for cash, for a higher amount than originally agreed upon, is faxed to you.
• The "client" then contacts you and requests that the excess amount be returned via electronic transfer to a specified account.
• On the strength of the faxed copy of the deposit slip, you refund the excess amount, unaware that a fraudulent cheque was deposited instead of cash and the deposit slip was fraudulently amended. The cheque is unpaid.
• Your bank account is debited.
• You are unable to contact the "client" and suffer the loss as the funds have already been withdrawn from the fraudster's account.

Scenario C

• You are approached via telephone or email with an urgent order.
• A copy of a stamped bank deposit slip for cash, for a higher amount than originally agreed upon, is faxed to you.
• An internet transfer receipt is fraudulently manipulated to reflect a "transfer" to your account. The transfer could be for the exact amount of the order as in scenario A, or for an amount in excess of the agreed amount as in scenario B.
• The fraudulent internet receipt is faxed to you.
• The goods are released to the criminals, or the "excess" refunded as previously described.
• Your bank account is debited.
• You are unable to contact the "client" and suffer the loss as the funds have already been withdrawn from the fraudster's account.

How to protect yourself from a deposit refund scam

• Be suspicious of any request for a refund due to overpayment
• Phone the bank and enquire whether the deposit is a cheque or cash deposit before you make the refund. Don't use any numbers provided by the suspected fraudster. Always use the number you would normally use, or look up the number of the bank
• Request a special clearance on cheque deposits or wait until they have cleared completely.
• Be cautious of clients who want to ‘keep their distance’
• Retain complete records
• Don't be pressurised by any claims of urgency; don't relax controls and procedures; and don't proceed if you have any doubts
• Be suspicious of a faxed confirmation of payment receipt from someone requesting a refund. Rather contact the bank for confirmation of receipt of the funds and the manner of payment
• Report the incident the South African Police Service and provide them with all the details of the request

In this scam, you will receive a letter on a company letterhead that appears to be authentic (or an email from a company that you believe is one of your trusted suppliers) informing you of a change to their bank account details.

The letter may be accompanied by a ‘cancelled cheque’ showing the ‘new’ bank account details.

As soon as you make a payment to the 'new' account, the fraudster withdraws the funds immediately.

How to protect yourself from banking details scams

• Always call the beneficiaries (creditors) before updating or changing their banking details on your systems
• Alternatively, you can make use of the account verification service (AVS)
• Always check for spelling and grammar errors, or other mistakes that will give the fraudsters away

A computer virus is a type of malicious program (or “malware”) that, if executed, replicates itself by modifying other computer programs and inserting its own code or making copies of itself on the computer system. Virus writers use social engineering (email, USBs, downloaded material, foreign websites, etc.) as a point of entry into an organisation or system to start the spread of viruses.

Email is one of the primary avenues of attack that is commonly exploited. Email addresses and address groups are publicly visible and will often be a botnet’s avenue into an organisation. Users need to be highly suspicious of attachments received by mail from any source as ‘spoofing’ of mail addresses is a common tool employed by syndicates and botnets. Spoofing occurs when the sender address is manipulated to appear as if it originates from a mailbox that belongs to someone else.

Be cautious – you could receive an email with a virus-infected attachment from addresses that are known to you. If you receive a random email that seems suspicious, even if it is from someone you know, check with them by means of out-of- band communication (e.g. SMS) first before opening any attachments.

Virus programmes have different objectives that include the following:

• Damaging the programs and data on your computer
• Using your computer and it internet connection to spread viruses by collecting account numbers and passwords
• Using your computer to generate high volumes of traffic that can contribute to slowing down internet traffic
• Infecting your computer and using it to cause further damage via email and the internet

How to prevent virus attacks

• Be wary of opening email attachments unless you are 100% sure what they are and where they came from
• Make sure that your anti-virus software is always kept up to date

There are many forms of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other intentionally harmful programs.

How to protect yourself from file malware

Harmful content




Be wary when opening Microsoft Office-associated files as they may contain content that can be harmful. In cases where the image below is displayed, be especially wary as the file contains a script that can be executed against your machine




Unauthorised Applications


Pay special attention to warnings that an application or service is about to be started. There is no reason that any document from Standard Bank group will ask you to perform such an action




Dridex Malware




In extreme cases, malicious parties have been known to execute Dridex malware, which can hide behind functionality you are accustomed to seeing. This is a method of imbedding malicious software or scripts within a file and tricking a user to execute such software or scripts through user interaction.

Ransomware is a type of virus or malware. The difference is that where a typical virus may go after your operating system or programs, ransomware goes after your data. By using cryptography in line with international standards or better, ransomware encrypts your data with a public key.

What is PKI? Ransomware utilises public key cryptography or PKI. The victim’s data is encrypted using a globally accepted encryption algorithm and a public key. The data can only be decrypted using the same algorithm and a private key.

Victims can have folders, hard drives or entire networks encrypted. The syndicate’s business model is to hold the private keys ransom and threaten to destroy them unless the victim pays a fee to release the them.

Instructions on how to pay the syndicate concerned via cryptocurrency are often displayed on the victim’s laptop. Once the ransom is paid, the private keys are sent to the victim’s machine to decrypt their data. Ransomware syndicates have been known to extremely professional in assisting and responding to their victims.

As an industry, ransomware projected earnings are comparable to streams in the illegal drug trade. The WannaCry ransomware outbreak of May 2017, worked similarly and took advantage of a Windows zero-day vulnerability to execute itself, encrypt machines and propagate across the internet. Standard Bank system availability was unaffected.

How to protect yourself from ransomware attacks

• Update your software regularly
• Make sure to keep antivirus software up-to-date, so it blocks the latest emerging ransomware
• Be wary of suspicious emails and pop-ups, and do not click on dubious links
• Create backups of your data and store it somewhere safe, like on a physical hard drive