Avoid these common scams

Phishing occurs when fraudsters send an email, pretending to be from a trusted service provider or the bank, to trick you into to sharing your personal and banking information.

These emails often contain links that either take you to a fake website asking you to update or provide them with your personal information, or a fake online banking page, requesting you to update your banking details or enter your internet banking information. These links could be malicious and cause you to install malware on your phone and other devices. Fraudsters try to trick you into clicking on these links by saying that your ‘account will be blocked’ or that you need to ‘install new software to protect yourself’.

Look out for the following warning signs:

• There is usually a sense of urgency in these emails, followed by a threat e.g. ‘You need to log into your account to prevent it from being suspended’
• The email says that you have been a victim of fraud and you need to log into your account to report the incident and cancel your card
• The email says that you are due to receive a large deposit and you need to log into your account to give permission to receive the money
• Any requests for personal and account details via a hyperlink, an icon or attachment

Tips to be safe:

• Do not click on links in unsolicited emails and remember that we will never send you an email with a link to log into online banking
• Beware of fake contact numbers in fraudulent emails. Only contact us on our official number - 0860 10 20 43, which is on the back of your bank card. Save this number to your phone
• Never act on instructions to perform a send cash transaction, transfer money to a ‘safe account’ or approve a transaction to stop fraud or reverse unauthorised debit orders
• Never share confidential banking information, such as your banking PINs, with anyone. The bank will never call, SMS, email or direct message you to ask you this

Smishing is short for ‘SMS phishing’, and happens when fraudsters send an SMS, pretending to be from a trusted service provider or the bank, to get you to share your personal and banking information.

These SMSs often contain links that will either take you to a fake website, asking you to update and/or share your personal information - or a fake online banking login page, asking you to update your personal information and/or enter your Internet banking login details.

The links could also cause you to install malware, like a virus on your phone. Fraudsters try to trick you into clicking on the link by saying that your ‘account will be blocked’ or that you need to ‘install new software to protect yourself’.

A fraudster may also send an SMS, pretending to be from ‘Capitec’s Fraud Unit’ to inform you of ‘suspicious activity’ or ‘unauthorised debit orders’ on your account. The SMS may say that ‘Capitec’s Fraud Unit’ will call you, and it could also contain a number for you to call. Fraudsters do this to cause panic and to gain your trust.

Tips to be safe:

• Do not click on links in unsolicited SMSs, and remember that Capitec will never send you an SMS with a link to log into your online banking
• Beware of fake contact numbers in fraudulent SMSs. Only contact Capitec on our official number - 0860 10 20 43, which is also on the back of your bank card. Save this number to your phone
• Never act on instructions to sign into our banking app or online banking to perform a send cash transaction, transfer money to a ‘safe account’ or approve a transaction to stop fraud or reverse unauthorised debit orders
• Never share your personal banking information, such as your banking PINs, with anyone. The bank will never call, SMS, email or direct message you to ask you this

Vishing, also known as voice phishing, happens when fraudsters call you pretending to be from a trusted service provider or your bank. They aim to get you to share your personal and banking information over the phone or to approve or do a transaction that will result in you being scammed out of money.

Example one:

A fraudster calls you claiming to be from ‘Capitec’s Fraud Clearance Department’ to tell you there is a suspicious or unauthorised debit order(s) on your account. This call often happens in combination with a scam SMS informing you of unauthorised debit order(s) on your account.

To earn your trust, the fraudster may start the conversation by reminding you to never share any confidential banking information. Next, they may ask you to take action such as:

• ‘Authorising the refund’ by doing a transaction in your banking app, like a send cash transaction
• Sign in to online banking to ‘pay a levy’ to refund the debit orders
• Scan a QR code they send to you
• Switch off app notifications on your cellphone
• Generate a Token password in the banking app, and share it with them

Example two:

A fraudster calls you claiming to be from ‘Capitec’s Fraud Clearance Department’ to tell you that suspicious activity was detected on your account.

Once the fraudster causes you to panic and gains your trust, they may use different tactics to scam you out of money, such as:

• Trick you into sharing your confidential banking information like card details, online banking passwords or Remote PIN. They then use this information to commit identity fraud or steal your money
• Ask you to sign in on our banking app to ‘reverse the fraud’ by authorising a payment when in fact, you are authorising a transaction to pay the fraudster
• Instruct you to sign in to your online banking profile or banking app to transfer your money to a ‘safe account’ to prevent the fraud from happening

Tips to be safe:

• If someone calls and asks you to sign in to your online banking profile or banking app to reverse debit orders or stop fraud, hang up and call us immediately on 0860 10 20 43
• Remember, we will never ask you to do a send cash transaction, transfer money to a ‘safe account’ or approve a transaction to stop fraud
• Don’t share your confidential banking information with anyone. We will never call, SMS, email or direct message you to ask you this  

A money mule is someone who allows another person to use their account to move illegal money through the banking system. Criminals take advantage of  people’s good nature and vulnerability, or persuade them with money, to open a bank account in their name to be used by someone else. They also approach account holders with requests to use their accounts for one or more transactions, often in exchange for a small fee or reward.

Examples of how criminals trick people into becoming mules:

A criminal will approach an individual in a public space such as a mall, taxi rank or on the street, and ask them if they want to make money. The criminal will provide the individual with a cellhone and SIM Card and ask them to open a bank account in their name and receive a fee in return. Once the account’s open, the individual hands over the phone, bank card and PIN to the criminal and receives a small fee in exchange. The criminal now has full access to the bank account and will use the account to move illegal money, without the individual knowing that they are enabling this.

Other examples include:

Criminals post fake job adverts on employment sites. In the advert, individuals are offered a way to earn quick cash. When they learn more, it’s not really a job at all. Instead, the job is to receive a certain amount of money into their bank account. Then, they must transfer some of it to another account while keeping some of the money for themselves.

Remember: you could be charged and convicted of a crime if you helped a criminal, even if you did so unknowingly. This could lead to a prison sentence, and you could be banned from opening a bank account again.

If you get reported for having acted as a money mule, your name and ID number will be listed by the Southern African Fraud Prevention Service (SAFPS), which hosts a database of the names of people involved in various types of fraudulent behaviour. Being listed on the SAFPS database has severe consequences because it is shared with financial services providers.

Tips:

• Never allow others to use your bank account to deposit or transfer money
• Never open a bank account in your name on behalf of another person, even if you know the person or are offered a payment or reward to do this
• Report lost or stolen ID documents to SAPS and SAFPS to prevent criminals from opening bank accounts using your identity
• Never share your personal or financial information with anyone you don't know
• Never respond to unsolicited emails or messages from individuals or companies asking for access to your bank account or promising money in exchange for help
• Always check with your bank for unusual or unexpected deposits into or transfers out of your account

Fraudsters may use different tactics to get their hands on your personal information. Once they have enough information about you, they can take over your identity and use it to open retail or bank accounts or take up credit in your name.

Personal information includes your ID, passport, driver's licence, email, payslip, municipal bills, bank statements

Tips to be safe:

• Use strong passwords and PINs for your banking and online accounts
• Never share your banking PINs or passwords with anyone
• Register to receive SMS updates or in-app messages when you transact
• Get your free credit report from every credit bureau every year to know your status and accounts:
  • https://www.experian.co.za/
  • https://www.transunion.co.za/
  • https://www.xds.co.za/
• Register for alerts offered by credit bureaus to notify you of new accounts that may be opened in your name
• Check your bank statements regularly and call us immediately on 0860 10 20 43 if you notice suspicious transactions
• Be alert when you use social media platforms. Never share your personal information on public platforms
• Don’t respond to emails or SMSs containing links that require you to sign in to online banking or to update your personal information

What to do if your identity documents have been lost or stolen, if you discover that your identity has been used to open a bank account or subscribe to a service, or take up a product without your consent:

• Immediately report the identity theft to the South African Police Service and the company, bank or financial institution where the fraud occurred
• Register lost or stolen identity documents and apply for a free Protective Registration listing with Southern Africa Fraud Prevention Service (SAFPS) https://www.safps.org.za/. This service alerts SAFPS members, which includes banks and credit providers that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder

Criminals use many tricks to try to get your card and/or information that is on the card to steal your money.

Common tricks include:

• Skimming of your card information through a skimming device at an ATM or at a shop. They do this by distracting you at the ATM or when you let your card out of your hands and sight. They also shoulder surf your PIN (looking over your shoulder to see your PIN)
• Card swapping and shoulder surfing your PIN at an ATM by distracting you
• Calling you, pretending to be from the bank, saying that they need to reverse a fraudulent transaction or debit order
• Sending you an email or SMS with a link to a webpage where you need to capture your card information. Once a fraudster has your card and/or confidential card information, they may use it to withdraw money at the ATM, make online purchases or register a digital wallet.

Tips to prevent card fraud:

When at the ATM or a retailer/merchant

• Set your daily card limits for cash withdrawals, card machine purchases and online/scan to pay limits according to your own payment behaviour. Do not set higher limits than necessary; instead, set temporary limits when you need to do higher value transactions
• Use your free hand and your body to shield your PIN from any prying eyes or hidden cameras when you transact at an ATM or a shop
• Never hand your card over to anyone when making a payment – never let it out of your sight
• Call the bank immediately if your card is not returned by an ATM and ensure that your card is stopped before leaving the ATM
• Always check that it is your card that you get back after transacting at an ATM or at a shop/merchant
• Stop and report lost or stolen cards immediately

When shopping online

• Never share your card PIN, expiry date and CVV number (the 3-digit number on the back of the card) over the phone or capture them on a webpage that you accessed from a link in an email or SMS
• When you shop online, shop on well-known websites. When you want to buy from an unknown merchant, make sure the website is secure, do an online search of the retailer and read reviews. Read their return policy and check whether they offer secure payment methods
• Beware of unrealistically low-priced products – if it sounds too good to be true, it is probably a scam
• When you can, use Capitec Pay to make online payments. Capitec Pay is a fast and secure way to make online payments without entering your card or bank account details
• Carefully read your approve it messages before authorising transactions

Other tips

• Never share an OTP with anyone
• If you receive a message that your card was successfully added to Apple, Google or Samsung Pay and you did not initiate the registration, contact us immediately to stop your card
• Set your preferred message type and amount to receive money in and money out transaction messages for your account. Remember that you can receive transaction messages free on our app
• Review your transaction history regularly and contact the bank immediately if you notice a transaction that you did not authorise
• Never let someone else make any card purchases with your card. Remember the card is issued to you and you alone

If your card and/or confidential card information/PIN have been compromised, stop your card immediately using any of the following channels:

Our banking app:

• Sign in to our app
• Choose Cards
• Tap on the card that you wish to stop
• Choose Stop Card
• Choose a reason for the stop

or

WhatsApp:

• Send “Hello” to our verified WhatsApp number on 067 418 9565
• Choose Self-service options
• Choose Stop Card
• Choose the card that you want to stop from the list

or

Online banking for business bank cards:

• Sign in to online banking
• Choose Cards
• Choose Stop Card
• Choose a reason for the stop

or

Call us:

• Personal banking: 0860 10 20 43
• Business banking: 0860 30 92 50

Fraudsters have different ways to trick you at an ATM. They may shoulder surf, card swap, card skim, and trap cards inside ATMs to your personal card information, or your card. We want you to be safe when using an ATM, so look out for these tactics:

Common ATM fraud scams:

Card swapping:

Fraudsters may disturb you while you’re busy with a transaction at the ATM. They often work in groups to swap cards. One person may distract you while another does the card swapping. They will also ‘shoulder surf’ your PIN, which means that they stand close enough behind or around you to see you key in your PIN.

You then leave the ATM with someone else’s card. The fraudster will start to use your card immediately to try and get as much out of your account before you realise what happened.

Card skimming at ATM:

Fraudsters will put in a device that looks exactly like the slot you put your card into, called a skimming device into the ATM. These devices look exactly like the ATM and can be difficult to notice. The fake card reader will take data from the magnetic strip on your card, while your PIN can be seen with a small camera on the skimming device.

Card trapping (Lebanese loop):

Fraudsters use this tactic to trap your bank card inside the ATM by putting a thin layer of plastic into the card slot of the ATM. This layer of plastic keeps your card trapped inside for scammers to remove later. This means that you could use the ATM and receive your cash without any issues, but your card remains trapped. The fraudster is usually nearby and would’ve ‘shoulder surfed’ the PIN, to withdraw cash immediately using your once you leave.

Suspecting fraud at the ATM?

If you think that someone may have interfered while you were transacting at the ATM and that your card and PIN may have been compromised, stop your card immediately using any of the following channels:

• Our banking app:
  • Sign in to our app
  • Tap Cards
  • Tap on the card that you wish to stop
  • Choose Stop Card
  • Choose a reason for the stop

• WhatsApp:
  • Send “Hello” to our verified WhatsApp number on 067 418 9565
  • Choose Self-Service Options
  • Choose Stop Card
  • Choose the card that you want to stop from the list

• Call us on 0860 10 20 43

Tips to be safe:

• Always cover the keypad when you enter your PIN, even if you’re alone. Fraudsters may use hidden cameras at ATMs.
• To keep both your card and PIN safe, don't let anyone stand too close to you
• Set a daily withdrawal limit that suits your needs to protect yourself in the event that your card and PIN are stolen
• Do not allow anyone to help you at the ATM. Rather go into a branch if you need help
• Finish your transactions at the ATM patiently. Make sure the card that comes out of the machine is yours and secure it with the cash you receive before leaving the ATM
• Never allow your children to draw money using your card since they're the most vulnerable to fraudsters
• If you are disturbed or interfered with while transacting at the ATM, your card may be skimmed without your knowledge. Cancel the transaction immediately and report the incident to the bank
• Don’t use ATMs where the card slot, keypad or screen has been tampered with. It could be an attempt to get hold of your card. If you think the ATM is faulty, cancel the transaction immediately and report the fault to the bank
• Do not use ATMs that are in unsafe and dark areas
• Remember that you can also make cash withdrawals at most large retailers
• Some fraudsters wait until you’ve drawn your cash to take advantage. Be wary of people loitering around the ATM and ensure that you are not followed
• If you can, avoid withdrawing cash to pay for goods/services. Use digital banking instead

Scammers often create fake social media profiles to impersonate accounts of brands, celebrities, or people you know. They then befriend innocent people and send spam messages or links that lead to malicious websites. Scammers can create an endless number of fake profiles and ads, putting social media users at risk. Here are some common social media and marketplace scams: 

Impersonator accounts 

Scammers impersonate the social media accounts of well-known brands such as banks or stores – or they create imposter accounts using someone else's name, photos, and other identifying information. They do this to ask for money, your personal information, or to offer you investment opportunities.

What to look out for:

• The account is not verified — especially if it normally would be (e.g., a well-known brand or influencer) 
• The account is brand new and has little content and a few followers/friends
• A celebrity or someone you don’t know is requesting money 

Tips to avoid an impersonation scam: 

• Always verify the brand or person who is promoting a competition, investment opportunity, loan offer or asking for money, by making sure the account is verified
• Don’t respond to messages or click on links without verifying the source of the message – no tick, no verification!
• Beware of scammers trying to fake the verified tick by inserting a picture of it next to the account name or profile picture 

Investment and cryptocurrency scams 

Fake cryptocurrency and investment opportunities are among the biggest scams on social media. It starts when a scammer contacts you, usually by sending you a direct social media message. They’ll start off by trying to build a relationship but then quickly share information about a “great investment opportunity” that helped them “make so much money so fast.”  

Warning signs of a social media investment scam: 

• Promises of very high returns with zero risk e.g., to double or triple your money in a very short time
• The social media profile shows exotic overseas travel destinations, expensive cars and designer clothes
• Urgency to invest – fraudsters do this to limit the amount of time you may spend researching and thinking about the investment
• Anything sold as a “once-in-a-lifetime opportunity” should be a warning sign
• Requests to recruit new investors
• Professional-looking investment websites or crypto exchanges with little to no information about the company 
• If it is difficult to understand how the investment product will make returns, you should be cautious
• The scammer offers to walk you through your first few trades and claims to have insider knowledge of the market

Tips to avoid investment and cryptocurrency scams: 

• Do a thorough online search
• If an investment is not registered with a body like the Financial Services Conduct Authority (FSCA) it is not regulated. Contact financial bodies to verify the registration of an entity
• Don’t share any personal information until you’ve verified whether the company is legitimate or not 
• Do not send money to anyone who has reached out directly over social media

Romance scams 

A fraudster will send the victim a friend request and start a conversation with them. Once they’ve built a relationship, they’ll ask for money. 

Warning signs of a romance scam: 

• The person wants to quickly move from the social media platform to WhatsApp or similar private messaging platforms 
• They promise to meet in person but come up with excuses for why they can’t
• You’re being asked repeatedly for personal information, like your location or pet’s name 
• The scammer shares their affection for you early in the conversation 
• They ask for money or gift cards 

Tips to avoid romance scams: 

• Be mindful of what you publicly post online. Scammers can use your posts to create a personalised approach that makes you think you’ve found the ‘perfect partner’ 
• Be safe and always meet people you met online in public places. 
• Don’t send money to people you haven’t met in person.

Job scams 

Fraudsters create fake social media accounts to promote remote job opportunities, promising that you can make a lot of money. Scammers have two goals with a job scam: 

• Get money from you – to get the job, you need to make upfront payments e.g., application and/or training fees, equipment
• Get information from you. Scammers will send you a job application in the hope that you’ll fill it out and give away confidential information

Warning signs of a job scam: 

• The job pays a lot of money for little work
• The company brags about ‘rags-to-riches' stories that show fancy lifestyles
• The job ad mentions quick money, drastic income changes overnight, etc.
• The job ad has glaring grammatical or spelling errors
• The contact email address is personal (e.g., johnsmith3843@gmail.com) or one that mimics a real company’s email address (e.g., johnsmith@dellcomputercompany.com)
• The job requires several up-front payments
• Your payment is based on how many people you recruit

Tips to avoid job scams: 

• Always research companies to which you’re applying, and make sure they’re legitimate
• Never pay for equipment, training, or supplies upfront for a new job

Fake product scams 

Fraudsters will often market fake products on social media. These fake products are often priced at unbelievable prices.  

Warning signs of a social media ad scam: 

• Advertisements often contain poor-quality product images
• Price points are much lower than what other retailers are charging
• There are spelling and grammatical errors in the ad copy
• You are encouraged to place your order quickly

Tips to avoid fake product scams: 

• If a deal seems too good to be true, it probably is
• Do an online search of the brand or product to check reviews. Consider searching for “[brand name] + [scam/reviews/legit]” to see if anything comes up 
• Depending on the nature of the product or service, request contactable references to assist in performing your own background checks

Competition or other giveaway scams 

In this type of scam, fraudsters will send you a direct message on social media to say you've won a prize, and to receive it, you must first pay or provide financial information.  

Warning signs of a giveaway scam: 

• You’re being asked to pay to receive your prize (e.g. taxes, shipping, processing fees)
• You’re told that paying increases your chances of winning.
• You’re asked to log into your internet banking profile or banking app and perform certain tasks to redeem your prize (e.g., a voucher)

Avoid getting scammed and don’t pay money to ‘claim your winnings’ - no credible competition will require you to pay money upfront.  

Social media scraping 

Cyber criminals often use social media to gather personal information about potential targets, such as names, dates of birth, personal photos, and location, which they can use to commit identity theft in the future. 

Tips to avoid compromising your personal information on social media: 

• Never click on pop-up messages or links from unsolicited, private messages 
• Don’t give out personal information unless you know the website you’re on is legitimate and secure 
• Change your social media privacy settings to ensure that your posts are not visible to strangers
• Don’t respond to strangers messaging you on social media
• Create strong, unique passwords for each social media account
• If you suspect a friend or company has been hacked, contact them directly through trusted channels (such as their phone number) 
• Never send money to someone you’ve only met on social media

Fraudsters use SIM card swapping and number porting to commit fraud. After they get enough of your personal information, they may approach your mobile network service provider pretending to be you. They may ask for a transfer of your cell phone number to a new SIM card, or that your number is ported to another service provider. They often present a stolen or fake identity document and can answer the security questions of the service provider as if they are you. 

They may get your personal information by calling you and pretending to be a Capitec employee, to trick you into confirming your personal information. Or they may have sent you a phishing email or SMS.

Fraudsters may also try to swap out the physical SIM card in your mobile device during a face-to-face interaction.

The following are examples of how fraudsters perform SIM swap fraud.

Using a phishing email:

• You receive an email that appears to be from the bank. It contains a link to a site that asks you to sign in, to what looks like your online banking profile
• This is where fraudsters catch you out. It is a fake page they have set up to get you to share your confidential online banking details. Once you’ve shared this, all they need to steal your money is verification codes or OTPs (one-time PINs) sent to your phone number
• They then visit your service provider pretending to be you. They’ll say that your SIM card has been lost, destroyed, or stolen and ask for a new one – linking your cellphone number (where you receive your verification codes or OTPs are sent to) to the new SIM card they receive.
• Once scammers do this, they have full access to your bank account and could clear out your funds very quickly

Performing physical SIM card swap:

• A fraudster may approach you outside a shopping centre pretending to offer a promotion or giveaway. They then trick you into handing your device to them to ‘load free airtime data or activate a discount shopping card or voucher’
• They will also trick you into disclosing your banking information (e.g., account number and Remote PIN) and your personal details (e.g., ID number and phone number)
• During this interaction, the fraudster removes your SIM card and inserts it into their device. They then trick you into taking a selfie which in fact is the fraudster getting you to activate your remote banking on their device
• The fraudster now has access to your account
• These techniques may also be used to gain access to your account via USSD mobile banking

What you can do to prevent a SIM swap

Call your network service provider immediately on their official number when:

• You get a “Pending SIM swap” notification or
• Someone phones you to say a SIM swap is being done without your knowledge and asks for confidential information

2 ways to know your SIM card has been swapped:

• You suddenly can’t make or receive calls or messages
• You no longer receive transaction notifications from your bank

Note: Pay special attention if you lose network connectivity for longer than usual – don’t overlook this due to bad network connections during load-shedding. If you suspect SIM card fraud, tell your service provider to deactivate your number and notify your bank immediately.

Tips to avoid being scammed

• Avoid handing over your phone to strangers even if they are offering to help
• Be cautious of a stranger asking you to take a selfie as part of a promotion or giveaway
• Pay close attention to the information you are being asked to disclose to strangers. You should never provide your account number and Remote PIN
• Do not click on links in an SMS or email that asks you to sign in to your online banking profile or update your personal information. We will never ask you to do this
• Treat any SMS or email asking you to take urgent action with caution, and verify the request instead, by contacting the official source directly e.g., your bank
• Don’t save your PINs or passwords for any personal accounts on your phone or device
• Never share your banking passwords and PINs with anyone. Remember we will never contact you and ask you for this information. Beware of such phone calls, SMSs, emails, or direct messages
• Password protect your devices and set the screen to lock automatically after a minute of inactivity or less
• Use strong passwords and PINs and change them regularly. Don’t fall into the habit of using just one password for all your accounts