Stressed Woman

Know your Risks

Things to be aware of when Banking

Identity Theft

Personal information can be used by criminals to assume your identity and acquire retail or bank accounts, or even defraud your insurance, medical aid and Unemployment Insurance Fund. In some instances, they impersonate you, and using social engineering, access your bank accounts and do transactions.


  • Restrict placing personal and confidential information in your wallet, purse and handbags.

  • Don’t disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax or even email.

  • Don’t write down PINs and passwords.

  • Don’t use Internet Cafes or unsecure terminals (hotels, conference centres etc.) to do your banking.

  • Use strong passwords for all your accounts and change them regularly.

  • Store personal and financial documentation safely. Always lock it away.

  • Keep PIN numbers and passwords confidential.

  • Verify all requests for personal information and only provide these when there is a legitimate reason to do so.

  • To prevent your ID being used to commit fraud if it is ever lost or stolen, alert the SA Fraud Prevention Service immediately on 0860 101 248 or at

  • Ensure that you have the relevant software to prevent cyber attacks.

  • When destroying personal information, either shred or burn it. DO NOT TEAR OR PUT IT IN THE GARBAGE OR RECYLING BAG

  • Should your ID or driver's license be stolen report it to the SAPS immediately

Sharing of Confidential Information to POsiing Banking Officials (Vishing)

Vishing is when a fraudster phones a victim posing as a bank official or service provider and uses social engineering skills to manipulate them into disclosing confidential information, while at the same time leading them to believe that they are speaking to the bank or service provider. This information is then used to defraud the victim.


  • Be aware that fraudsters are able mask their telephone numbers when calling in order to appear as a legitimate business or individual.

  • Never share personal and confidential information with strangers over the phone.

  • Also note that Banks will never ask you to confirm your confidential information over the phone.

  • If you receive a phone call requesting confidential or personal information, do not respond and end the call.

  • If message alerts are received on your phone indicating withdrawals or activity on your bank account or retail accounts, do not ignore them if you unable to identify the legitimacy thereof.

  • If you lose mobile connectivity under circumstances where you are usually connected, check whether you may have been the victim of a SIM swop.

Cellphone Banking Fraud (Smishing)

SMISHING, short for SMS Phishing, is where criminals send an SMS often purporting to be from your bank requesting your personal or financial information such as your account or PIN number. Clicking on these suspicious links may install malware onto your phone, or could take you to a fake website where you will be asked to enter personal or confidential information.


  • Do not click on links or icons in unsolicited SMSs.
  • Do not reply to these SMSs. Delete them immediately.
  • Do not believe the content of unsolicited SMSs blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm.
  • Check that you are on the authentic/real site before entering any personal information.
  • If you think that your device might have been compromised, contact your Ithala immediately.
  • Create complicated passwords that are not easy to decipher and change them often.
  • Don't store your banking information on your smartphone in case malware gets installed on your phone.
  • Regard urgent security alerts, offers or deals as warning signs of a hacking attempt.

419 Scam

A 419-scam is an illegal way of getting money from an individual/s by sending them an email promising that they will make a lot of money if they invest in a business activity, which in fact does not exist. The details given to the recipient (“Victim”) vary, but the common element is always large sums of money being mentioned to make it attractive. The modus operandi entails requesting the victims’ banking details as well as sums of money in advance, to facilitate the payment of the promised funds. Essentially, the promised money transfer to the victim never happens and in addition the fraudsters may use the victims’ banking details to withdraw money for themselves.


  • Email content that sounds too good to be true.

  • The promise of large sums of money for little or no effort on the victim’s part.

  • A request to provide money upfront as a processing/administration fee. The request usually contains a sense of urgency.

  • The victim does not know the person who has sent the email.

  • At times, the sender requests confidentiality.

  • An email which states that the victim has won a prize/lottery or has been left an inheritance.

  • Payments requested to be made by MoneyGram.

  • Genuine companies’ letterheads are utilised to convince the victim of the authenticity of the request.


  • The amount of money involved is usually substantial usually in millions of dollars or pounds.

  • The communication is generally sent by someone claiming to be in a position of authority, such as a Government Official, Prince, Chief, Doctor, Solicitor, Lawyer or Bank Official.

  • They may use emotional bribery, such as claiming someone has died or is suffering from an illness.

  • The impression is given that you alone have been contacted, but the reality is that the same email was sent to multiple other people.

  • The victim is always promised either all, or a substantial percentage, of the money in return for assisting the fraudster in some way.

  • The victim will almost certainly be asked to communicate by email.


  • If you receive a scam email, do not reply.

  • You can however forward a copy of the e-mail to the Internet Service Provider from where the e-mail originated. example:;;abuse@compuserve.cometc

  • Forward the email to the South African Police Services at

  • If you have fallen victim, immediately contact the South African Police Services.

ATM Skimming

Unsuspecting victims are deceived into swiping their cards through hand held devices at ATM’s. The following scenario have been identified:

  • A person claiming to be working for the bank approached the client. Using various social engineering skills, the client is requested to re-activate the card by swiping the card through a device which is a skimming device. This can happen prior or after the client has already withdrawn money from the ATM. Often there would be a second or even third person loitering around the ATM, shoulder surfing for the PIN the moment the client uses the ATM.

  • In some cases, the ATM card reader entry slot is damaged. While the victim struggles to insert their card, the criminal will approach the victim and take the ATM card from the victim, often escorting the victim to another ATM to attempt the withdrawal. While on their way to the second ATM, the criminal gets hold of the card and it is skimmed. What makes this scenario so alarming is that the victim is handed back the original card only to discover that money was withdrawn from the account much later.

  • Scenarios also occur where the hand-held card reader is temporarily attached to the ATM together with a leaflet requesting that the unsuspecting bank client swipes their cards prior or, after making use of the ATM.

ATM Mounted Skimming

A skimming device can also be mounted over the ATM card slot. Most ATM skimming devices do not interfere with the ATM when utilised. These devices are created to look like a card reader slot and fit seamlessly over the slot, making them difficult to detect. The false reader in the skimming device acquires the magnetic strip data and the PIN is compromised by means of spy camera installed within the mould containing the skimming device.

Lebanese Loop

This is a technique used by criminals to trap a bank card inside the ATM by inserting a thin film of plastic into the ATM card slot. The plastic is rigged in such a way that both the plastic and trapped card can later be removed. The victim transacts at the ATM, and the cash and receipt are provided but the card remains trapped. The victim realises that the card has been retained by the ATM. The criminal is in the close vicinity and has already shoulder surfed to get the victims PIN. Once the victim leaves ATM, the criminal goes back to ATM and removes the trapped card and uses it, along with the PIN to withdraw cash immediately.

Card Swopping

While conducting a card transaction at the ATM, the victim is interfered with and the card swopped. This usually happens after the victim has already inserted the necessary PIN to transact. A criminal would have shoulder surfed the PIN prior to the card swop. Usually criminals who do card swopping work in groups of about three perpetrators. Some may distract the victim while the other attends to the actual swopping. The victim then leaves the ATM with someone else’s card. As in the case of card trapping with the Lebanese Loop, the card will be utilised immediately to maximise the reward before the victim realises what has transpired, and arranges for the card to be stopped.

Phishing /  Fake Website / Online Banking Fraud

Phishing emails request that users click on a link in the email, which will direct users to a site designed to fool users into thinking that it is legitimate to obtain, verify or update contact details or other sensitive financial information. The fake website will look almost identical to that of a legitimate or a well-known financial institution. Phishing emails which are a form of spam emails, are typically sent in large numbers to consumer email accounts. The criminals send them in the hope of tricking recipients into disclosing their personal information in bogus online platforms on the spoofed websites.


  • Do not click on links or icons in unsolicited emails.

  • Do not reply to these emails. Delete them immediately.

  • Do not believe the content of unsolicited emails blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm.

  • Type in the URL (Uniform Resource Locator or domain names) for your bank in the internet browser if you need to access your bank’s webpage.

  • Check that you are on the authentic/real site before entering any personal information.

  • If you think that your device might have been compromised, contact your bank immediately.

  • Create complicated passwords that are not easy to decipher and change them often.

For Lost or Stolen cards or to report any Fraud call 080 133 1130 (24hrs)