Phishing is a form of electronic fraud where your personal details and banking info is collected and an attempt is made to access your account. Fraudsters can collect your info by telephone or electronic communication (e.g. email, SMS, MMS, fax etc.) in the following ways:

• Asking for your user information (especially your password, token password and PIN)
• Asking you to verify your user details or personal information (especially your password, token password and PIN)
• Luring you to a fake Capitec Bank website using a link in an electronic communication like an email. When you receive an email, the fraudsters don't necessarily know that you bank with Capitec Bank. They send thousands of emails to random email addresses. The fraudster pretends to be from a legitimate company/institution and usually asks you for your confidential banking and personal info (PIN, username, password, token password, address, credit card info, etc.)

Smishing is a form of phishing - the difference being that a fraudster sends you an SMS trying to collect personal information in different ways:

• The fraudster might advise you that a bank official will be calling you to confirm your info, including any of your PINs (we'll never ask you for this info). A fraudster then calls you soon after sending the SMS
• The fraudster might ask you to respond by SMS with certain personal information
• Remember: Don't be fooled into thinking that the person sending the SMS or calling you is a Capitec Bank employee, even if they happen to have some of your personal information

We'll never contact you and ask you to verify sensitive personal or account information, PINs and passwords especially. We'll only ask you to verify banking or personal info (never PINs or passwords) if you call us. Please remember the following at all times:

• Never give your personal details and banking information to anyone
• Treat emails and pop-up windows asking for your personal details with suspicion
• Treat emails that appear to be from Capitec Bank asking for personal details with suspicion
• Don't follow any links in emails to reach our Internet Banking website. Always type our website address (www.capitecbank.co.za or https://direct.capitecbank.co.za/ibank/) to log in to Internet Banking
• Treat any SMS advising you that a Capitec Bank employee will be contacting you to confirm your personal details or banking information, PINs or a transaction with suspicion
• Never respond or reply to an email that:
  • Prompts you to enter your personal details directly into the email or submit this information in any other way
  • Threatens to close or suspend your account if you don't take immediate action by providing your personal details
  • Asks you to participate in a survey where you have to enter your personal details
  • States that your account has been compromised or that there has been third-party activity on your account and prompts you to enter or confirm your account information
  • Asks you to submit your username, password, token password, PIN or account numbers in an email or non-secure web page
  • Asks you to confirm, verify, or refresh your account or address details

Contact us immediately. The more information you can give us the better.

• Forward the email that you received to [email protected] and we'll investigate
• Advise us of any smishing SMSs or phone calls requesting you to confirm personal details by calling us on 0860 10 20 43, visiting your nearest branch or emailing [email protected]. Provide details such as the number you received the SMS or call from and the date and time

By bringing these cases to our attention, you may assist us in preventing fraudsters from committing further illegal acts. Remember to be alert and stay vigilant. Fraudsters are clever and constantly change their methods to get hold of your personal details and PINs.

Fraudsters sometimes attach small devices called keyloggers to computers. To install this device, they must gain physical access to your computer. A keylogger logs or records everything that you type on your keyboard which means that they will most likely obtain your username and password.

Fraudsters also use sophisticated software called spyware to record the keystrokes on their victims' computers. This info is then sent to the fraudsters who analyse the data and identify possible username and password combinations.

• Make sure that no one has unauthorised access to your computer
• Don't open suspicious or unfamiliar emails. Never click on attachments that you weren't expecting in an email
• Only install licenced software on your computer from reputable vendors
• Ensure that you have the latest version of antivirus software installed on your computer
• Don't visit high-risk websites on computer/s that you use to access online banking. Examples of high-risk websites include pornographic and gambling sites and sites where software can be downloaded which is not associated with major or reputable software vendors