Protect yourself against fraudsters

Recruitment scam - scammers claiming to be Old Mutual Recruitment team members are "offering" job opportunities via Facebook and asking that individuals pay a sum of money for their job application to be processed further. This is NOT legitimate. Old Mutual does not charge for recruitment. The official way to apply for a job at Old Mutual is through Workday or the official LinkedIn page.

Admin Vacancy scam - people are targeted by scammers claiming to be Old Mutual Recruitment team members stating they've been chosen for a vacancy. The scammers then ask for a fee to do a background check. This is NOT legitimate. Old Mutual does not charge recruitment-related fees. The official way to apply for a job at Old Mutual is through Workday or the official LinkedIn page.

Impersonating Old Mutual Executives - fraudsters have been impersonating some of our Old Mutual senior executives via email, WhatsApp, LinkedIn, and Facebook, with the aim of deceiving and manipulating people. Be cautious of unsolicited messages, especially those requesting personal information, urgent actions, or payment.

Online shopping is one of the great inventions of our time. It offers excellent time and money-saving opportunities, as well as convenience. Unfortunately, it also opens the door for criminals to swindle you out of your money by convincing you to pay for products or services that never existed in the first place. Alternatively, they could be after your credit card or banking details.

How can you protect yourself?

• Take note that the ‘s’ in the ‘https’ is no longer a guarantee that a website is secure.
• Choose strong passwords that incorporate different letters, numbers and characters.
• Don’t save your passwords on your devices.
• It’s good online practise to not use the same password for everything. Try to use as many different passwords as possible.
• Be vigilant about the information you share. Legitimate online sellers don’t need to know your ID number or birthday to sell to you. If someone asks for this type of sensitive information, you have reason to be suspicious.
• Double-check bank statements to make sure that your online payments reflect correctly and report fraudulent transactions immediately.
• Register your credit or debit card for 3D Secure. Contact your financial provider for details on how to do this.

Use a robust and reputable antivirus programme and make sure it’s always updated.

Identity theft occurs when a criminal steals your personal information to pretend that they are you. They will then take out loans or incur other debts in your name, or even access and withdraw money from your accounts and other investments.

How can you protect yourself?

• Never share your personal information, like your ID/passport/driver’s licence number over the phone or on the internet, including social media.
• If you are requested to update or share personal information, always verify the request with your bank or the relevant financial institution. Fact is, no reputable financial provider will ever request you to share information over the phone or via email.
• Make sure you keep your personal and financial documents in a safe place. Don’t write down or save PINs, passwords and similar personal information.
• Shred or burn documents that contain personal information instead of throwing it in the rubbish bin.
• Avoid keeping personal information in your wallet or handbag, and never save it (including your passwords) on your phone.

Register to receive SMS notifications when your digital products and services are being accessed.

This scam often involves SIM swaps where criminals will clone your SIM card and “hijack” your phone number. Using your number, they will send messages to your contacts, claiming that some kind of tragedy or emergency has taken place and asking them for financial assistance. Your contacts, thinking that it’s you who needs their help, will then send money to the criminals.

How can you protect yourself?

• Don’t take messages asking for help at face value. Scrutinise the message to check if the person speaks or spells the way your real friend/family member would and try to make personal contact with them. If they keep making excuses as to why they can’t answer the phone, you know that something is amiss.

If they do answer the phone, be extra vigilant and listen carefully for signs that you are not speaking to the person they’re claiming to be.

WhatsApp has become a great platform for Stokvels to engage with each other and to grow the membership of the groups. But sadly several WhatsApp groups are targeting people, using stokvel scams, so please be cautious when joining a WhatsApp group. The group operates as an alleged ‘savings club’ or stokvel, where users join the club with E.g. R200 and are encouraged to invite as many other people as possible to join.

Traditionally if you join a stokvel, it is made up of a group of friends who come together to form an association. It’s generally someone you know and trust who’ll recommend you as an honest person to the group. Stokvel’s are governed by formal rules and regulations, hold regular meetings and the pay-out ratio is normally determined upfront.

How can you protect yourself?

Avoid joining stokvels via WhatsApp or other social media especially if you do not know the people who contribute (faceless depositors) or the people who recruit (faceless recruiters) because:

• Recruiters and depositors can delist their cell number easily resulting in you never being able to contact them for contributions again.
• Make sure that the stokvel is legitimate and registered with a known and reputable association, before making any investment or parting with cash.

If you are unable to verify the Stokvel, accept that the risk of this being scammed is unacceptably high.

Phishing

Phishing is a fraudulent email, engineered to make you share personal information. It is usually designed to look like a legitimate email sent from your financial institution. It will prompt you to click a link and enter personal information so that criminals can steal it. Scammers will take great care to make both the email and fake website look like that of your bank or financial institution.

How can you protect yourself?

Maintain a healthy level of scepticism. Usually, with these types of emails, you can spot if something seems a little “off” – the language, images or design elements that differ slightly from the regular communications you receive from the institution.

The biggest red flag to look out for is the sender’s email address and the URL that the quick links try to divert you to. Never click hotlinks in an email that looks suspicious – instead type in your financial institution’s URL. Most importantly, always verify if the request for information is legitimate by phoning Old Mutual or your financial advisor.

Smishing

Smishing is a similar tactic to phishing but via SMS. Fraudsters will send SMS messages claiming that your account has been compromised, or that there has been unusual account activity, or something similarly alarming. It will prompt you to click a link to address the matter, which will take you to a fake website where you will be asked to share your personal information or account details.

How can you protect yourself?

Never click a link or icon in an unsolicited SMS. No reputable institutions will use SMS messaging to ask you for personal or account information. If you are worried that there is a problem or breach on your account, rather phone the institution and speak to them directly. Use the telephone numbers on their verified websites – not a number that was contained in the SMS.

Vishing

As with phishing and smishing, vishing is an attempt to steal your personal information. Vishing is when this attempt is made via a phone call. Criminals will call you pretending to be an agent of your financial institution. They are usually very well-spoken and experts in manipulating people to give up their personal information.

How can you protect yourself?

• Take note that criminals can mask a phone number to seem legitimate – even if it states the name of your bank on the screen, it might still be a vishing scam.
• Never share any personal information over the phone. No matter how convincing the person is, no bank or financial institution will ever ask you to share personal information like PINs or account details over the phone. Never.

If you receive a One Time Pin (OTP) on your cellphone without having made a transaction, contact the institution immediately and alert them.

Tech support scams use social engineering techniques to steal your information or to hold your electronic devices ransom. This type of scam usually involves a fraudster calling you and pretending to be from a software provider, such as Microsoft. They will claim to have picked up on some sort of serious problem on your device, for example, a virus or hacking attempt.

They will then ask you to either type in a web address where they will capture your personal information, or give them remote access to your device. Once the criminal can control your device remotely, they can then install malware that will steal your information, including passwords and PINs. They can also threaten to delete your hard drive or share sensitive data and demand a ransom payment.

How can you protect yourself?

• Update your software and antivirus regularly.
• Never allow remote access of your device to someone who calls you unexpectedly.
• Remember that criminals can manipulate Call Line Identification. So even if your mobile phone screen tells you that it’s a reputable company calling, it might not be.
• Never share personal or sensitive information such as passwords or PINs with anyone telephonically.

IF you do suspect that there is something wrong with your device, contact a reputable software or repair company directly.

Debit order scams occur when fraudsters load unauthorised debit orders on your bank account and in doing so, syphon funds from your account every month. These debit orders are usually for amounts that are small enough to go unnoticed and not trigger a payment notification from your bank. That’s why they can often go undetected for months. In 2019, an investigation into debit order scams found that at least R1.6 billion is stolen annually from unsuspecting South Africans using this method.

A new debit order control system, call DebiCheck has recently been adopted by the major banks and other financial institutions. DebiCheck allows you to approve new debit orders before they start deducting money from your account.

How can you protect yourself?

• Be vigilant. Check your bank statement carefully each month and look out for debit order deductions you don’t recognise. Notify your bank immediately if you suspect that an unauthorised debit order has been deducted from your account.
• Check with your bank whether they have the DebiCheck system and place, and how to activate it on your accounts.

Make sure that your bank has your updated phone number on record so that you can receive payment notification SMSes.

This type of scam usually targets small business owners. The business will receive a fraudulent email or letter informing them that a supplier’s bank details have changed. The communication will also include “new” banking details and will prompt the recipient to update their records accordingly. As a result, payments are then made to the fraudsters, rather than the actual supplier.

On occasion, this type of scam can also target private individuals, informing them that the bank details for account payments have changed.

How can you protect yourself?

• Make sure you have a good working relationship with suppliers and that you know whom to speak with regards to payments and account details.
• Always confirm telephonically with a supplier before updating bank details. Call the number on your record, not on the suspicious letterhead or email signature.
• Always check the sender’s email address carefully. They will often try to mimic the authentic supplier’s address by changing small details, such as using a .com address instead of a co.za for example.
• Make sure your staff who deal with payments or accounts are informed and vigilant about this type of scam.
• Do not discard documents that contain information about your company in the rubbish bin. Burn or shred them instead.

Make sure your customers are also educated about receiving fraudulent communication that mimics your business.

Did you know that allowing proceeds of crime to be laundered through your bank account is a criminal offence, even if you didn’t realise that it was happening?

Money laundering scams are straightforward but can have serious repercussions. Money laundering scams involve criminals persuading ordinary, law-abiding citizens to allow them the use of their bank accounts. They can give any number of reasons why they can’t open their own bank account, such as being a foreign national. Alternatively, they will persuade the victim to open a new bank account in their name and promise them a reward for their efforts.

The criminal will then deposit the proceeds of other crimes into this bank account to launder it. They will tell the account holder that it’s the legitimate profits of selling a car or a house, or rental income, for example.

How can you protect yourself?

• Never open a bank (or any financial) account in your name for someone else, no matter what reasons they provide.
• Don’t allow anyone else to use your bank account for their own deposits or withdrawals.

If you suspect that your account is being used for money laundering, let the authorities know immediately.

The 419-scam is one of the oldest electronic scams and is usually initiated over email. The victim is promised a substantial return or reward for a small upfront payment. Once the payment is made, the fraudster will either invent more reasons for the victim to make further payments or disappear.

419-scams usually involves massive amounts of money and seemingly prominent people. A typical example would be a “government official” claiming that they need to move funds (usually millions) to the victim’s country and that they need a valid bank account number to deposit the money. They will then promise the victim a large cut of this money in return for the favour of using their bank account. Once the victim responds favourably, they will invent some reason why the victim needs to first make a small payment to them – either a show of good faith, admin fees or another made-up fee of some kind.

Warning signs

• There is usually some sense of urgency for the upfront “administration fee” to be paid.
• You don’t know the sender of the email, but they claim to have some sort of elevated social status.
• Claims that you have won a prize or lottery, or some sort of inheritance.
• They usually request payments to be made through a cash send channel, not a bank.
• All communication will be via email, and the sender will try to avoid telephonic or face-to-face conversations.