What to look out for

  • Email spoofing (identity theft)

    Spoofing is when hackers send out forged emails, making it seem like the email is from someone or a company it’s not.

    Hackers spoof mail headers in email messages to fool spam filters into letting certain emails through. Hackers then pretend to be someone else, and because you’re more likely to open an email from someone or a company you know than an email from a total stranger, they trick you into opening the forged email, asking you to make a payment or to reveal personal and confidential information.

    At Standard Bank we mitigate this risk by doing a telephonic verification with you or the authorised representatives of your account before we process a payment or act on any other instruction.

    How to protect yourself

    While there isn’t a way to stop spoofing, there are some basic security steps you can take to protect your email account.

    • Always verify sensitive messages or instructions you receive via email by calling the sender first.
    • Use your primary email account to communicate only with people you know and trust.
    • When you share your email address on a website or post information on a public online forum, use a generic email account that you won't mind to delete later.
    • Do not leave your email open or at least not maximised on your computer screen when you’re not actively using it.
  • Phishing

    The act of misleading online banking users into sharing sensitive information – such as passwords, credit card details or bank account numbers – via a fraudulent website, is known as phishing.

    Perpetrators of phishing attacks lead you to believe you are dealing with a reputable organisation, such as Standard Bank, and then steer you to an unofficial website where they ask you to enter your information. They then capture your input and use the details to access your accounts.

    In some instances, the website to which you are directed is an almost exact replica of the real website. Unsuspecting victims are unaware that they are being led into a trap.

    Standard Bank will never ask you for personal or private information online, either via a website or an email. You should not give sensitive details – such as your operator ID, customer selected PIN (CSP), password, card details, account numbers, ID numbers, OTP cell number, email address or email password – to anyone, not even a bank employee, no matter how legitimate the request seems.

    You should also be very wary of entering sensitive information in pop-ups, even if they are on bona fide sites.

    For more information on phishing, click here.

    Smishing ( SMS Phishing)

    This is the cellphone equivalent to phishing. Instead of being directed by email to a website, a text message is sent to your cellphone with a request to click on a link. The link causes a Trojan to be installed on your cellphone.

  • Keystroke logging

    Keystroke logging is a system of "recording" a series of keystrokes and then "playing back" the recording to replicate the actions of the user. This technique is used by fraudsters to access information about internet users without their knowledge or consent.

    Keystroke logging attacks bypass all other controls. They are easy to implement and provide attackers with useful account, identity and intellectual property information. It is important to be aware of this type of security breach, understand how it is used and implement ways to detect it.

    Keystroke logging can take place via software or hardware installations.

    Key logging software makes a copy of all your keystrokes and saves the details to a file on your hard drive. This file is then retrieved by the attacker.

    Hardware key loggers are physical devices that are usually installed between your keyboard and the computer. Certain types of key loggers may fit within your keyboard and therefore be difficult to detect. These devices log keystrokes and store them on the key logger device itself. The attacker then retrieves the device to access the keystrokes stored in it. Hardware key loggers can look similar to common computer equipment. Be especially cautious when you see new peripherals or cables attached to your keyboard.

    For more information on keystroke logging, click here.

  • Spoof websites

    A spoof website claims to be the legitimate site of a particular organisation and is set up to look like the original.

    Spoof websites usually have similar logos to the original sites, and in some cases they may even be identical. The domain name or web address is also similar to that of the original website and will often use words related to the company's name or products.

    The intention of a spoof website is usually to associate a scam with a reputable institution. Spoof websites are set-up to "validate" 419 scams , for example, and phishes are able to reprogram a browser's bookmarks or favourites to redirect them to a spoof website.

    The safest way to access an authentic site is by carefully checking the URL (web address) or typing it in every time you visit the site. Often these URLs will look very similar to the ones you are familiar with.

    For more information on spoof websites, click here.

  • Viruses

    A computer virus is a type of malicious program (or “malware”) that, if executed, replicates itself by modifying other computer programs and inserting its own code or making copies of itself on the computer system. Virus writers use social engineering (email, USB’s, downloaded material, foreign websites, etc.) as a point of entry into an organisation or system to start the spread of viruses.

    Email is one of the primary avenues of attack that is commonly being exploited. Email addresses and address groups are publicly visible and will often be a botnet’s avenue into an organisation. Users need to be highly suspicious of attachments received by mail from any source as “spoofing” of mail addresses is a common tool being employed by syndicates and botnets. Spoofing occurs when the sender address is manipulated to appear as if it originates from a mailbox that belongs to someone else.

    Be cautious – you could receive an email with a virus-infected attachment from addresses that are known to you. If you receive a random email that seems suspicious, even if it is from someone you know, check with them by means of out-of- band communication (e.g. SMS) first before opening any attachments.

  • 419 "Nigerian" scam

    A “Nigerian” scam, or advance fee scam, is a form of upfront payment or money transfer scam. It is called a 419 Nigerian scam because it originated in Nigeria, but it can be sent from anywhere in the world. 419 is the section of Nigeria’s criminal code that outlaws the practice.

    The scam works as follows: The intended victim is requested to make a payment in advance to process the release of funds from a foreign country or bank. The scammers usually contact you by email or letter and offer you a share in a large sum of money that they want to transfer out of their country. They may tell you about money trapped in central banks during civil wars or coups, often in countries currently in the news. Alternatively, they may tell you about massive inheritances that are difficult to access because of government restrictions or taxes in the scammer’s country.

    Scammers ask you to pay money or give them your bank account details to help them transfer the money. You are then asked to pay fees, charges or taxes to help release or transfer the money out of the country through your bank. These “fees” may even start out as quite small amounts. If paid, the scammer will make up new fees that require payment before you can receive your supposed “reward”. They will keep making up excuses until they think they have got all the money they can get out of you. You will never receive the money that was promised.

    For more information on advance fee scams, click here.

  • Deposit refund scam

    Perpetrators of deposit scams pose as debtors of your business. The scam involves depositing fraudulent cheques into your account, knowing that they will be dishonoured. After the deposit is made, the perpetrator informs you that they have made a cash deposit into your account but erroneously paid more than what is owed to you. The perpetrator then requests a refund of overpayment.

    When you check your account for confirmation of the deposit, the funds appear to be there as a cheque deposit is not specified. The perpetrator may even send you a fraudulent payment receipt.


    After you have made the refund payment to the perpetrator, the cheque is dishonoured.

    Deposit refund scam – scenario A
    Deposit refund scam – scenario B
    Deposit refund scam – scenario C
    How to avoid becoming a victim of a deposit scam

  • Banking details scam

    In this scam, you will receive a letter on a company letterhead that appears to be authentic (or an email from a company that you believe is one of your trusted suppliers) informing you of a change to their bank account details.

    The letter may be accompanied by a "cancelled cheque" showing the "new" bank account details.

    As soon as you make a payment to the 'new' account, the fraudster withdraws the funds immediately.

    Always verify with the beneficiaries (Creditors) before updating or changing your beneficiaries (Creditors) banking details on your systems. Alternatively make use of the Account Verification Service (AVS).

  • File malware

    1. Harmful content

    Be wary when opening Microsoft Office-associated files as they may contain content that can be harmful to your environment! In cases where the below image is displayed, be especially wary as the file contains a script that can be executed against your machine.

    2. Unauthorized Applications

    Pay special attention to warnings that an application or service is about to be started.There is no reason that any document from Standard Bank Group will ask you to perform such an action.

    3. Dridex Malware

    In extreme cases, malicious parties have been known to execute Dridex malware, which can hide behind functionality you are accustomed to seeing.

    Dridex malware is a method of imbedding malicious software or scripts within a file and tricking a user to execute such software or scripts through user interaction.