Sign in
Personal
Business
Wealth

Latest Scams

It’s important to stay up to date with the latest scams to avoid compromising your banking and personal details.

Spotting a fake Standard Bank email

Fraudsters are sending phishing emails in an attempt to lure you into sharing your banking details. Beware of fake eStatements or bank notifications that require you to take an action like a click-through or attachment to download.

How to tell the difference between a fake Standard bank email from a real one:

  • We will never greet you by your email address. We always use your name.
  • We will never ask you to confirm personal or financial information in an email.
  • Always verify emails telling you about suspicious account activity by calling your bank.
  • Scam emails often look odd, with a messy layout and spelling mistakes.
  • We will never ask you to enter your email address and Internet Banking password to open a statement; eStatements only require you to enter your ID number.
  • We will never link you directly to our Internet Banking sign-in page or any other page that asks for your security or personal details via a link or attachment.
  • We will never email you links requesting your bank sign-in details, such as CVV, OTP or ATM PIN.

How to protect yourself from this type of fraud:

  • Ensure that you use anti-virus software to protect your PC, laptop and mobile devices.
  • Hover over links to check the senders’ identity but do not click.
  • Look for strange links with numbers, hyphens, misspellings or sub-directories.
  • Search for the sender details and verify that they are legitimate.
  • Beware of unexpected emails - Be cautious of opening any emails that you weren’t expecting (even if you think you recognise the sender), and don’t open any links or HTML attachments.

What you can do:

  • Even if you’re unsure, you can send any suspicious e-mails to [email protected]
  • If you are worried that you’ve clicked on any of the links or attachments on a phishing email, contact our Fraud Line immediately on 0800 020 600
  • Delete these emails from your mailbox as soon as possible

View phishing sample emails to learn more.

Business email interception and change of banking details

In this scam, fraudsters intercept client communication i.e. with their lawyers or a similar trusted entity (usually in conveyancing and property transactions). The scam exists to trick recipients into making payments into the wrong bank account.

How it works:

  • The scammers intercept email communications from attorneys or similar service providers.
  • They then copy the letterhead and format of this company and fabricate the email address so that it looks familiar to clients.
  • The fraudulent email will inform clients of a change of banking details and instruct them to make future (or immediate) payments into this new account.
  • This scam has led to great frustration and strained business relationships.

How to identify it:

  • Watch out for uncommon or new elements in your regular business email communications, such as missing letterheads, signatures, etc.
  • Always compare the email address that you have received the information from with previous communications.
  • Confirm banking details telephonically (and be sure to phone the number you know, not the one on the email).
  • Legal firms should inform their clients of this scam and assure them that business banking details will not change.
  • Legal firms must also be on the lookout for strange or uncommon activity on their email servers, including large quantities of mails in their sent items, complaints about spam from their company and high bounce rates on outgoing mail.

What happens if my phone gets stolen?

Your cellphone stores far more information than you may be aware of. A fraudster can access your personal and banking information on your stolen cellphone, which is why it is critical to remember the following:

  • Your phone is like a bank card - you need to keep it safe
  • Immediately de-link your stolen device from your digital banking profile or contact us on 0800 222 050 (South Africa) or +27 10 249 0015 (International)
  • Never save passwords on your devices
  • Always be vigilant when using your phone in public  

How to block your device on the Banking App when your phone gets stolen:  

  • Sign into your Banking App on an alternative device.
  • Tap on “More”.
  • Select “Settings”.
  • Scroll down to “Devices”, then tap on “Unlink” next to the stolen device name to de-link the Banking App from your stolen phone.  

How to de-link your Internet Banking profile when your phone gets stolen:  

  • Sign into your Internet Banking profile on an alternative device.
  • Go to your homepage and select “More”.
  • Select “Settings”.
  • Scroll down to the “Devices”. The device you’re currently using and which your app is linked to will be highlighted in bold. Select “Unlink” to remove the app from the device.
  • Click on “Unlink” to continue or “Back” to exit.  

What strong authenticators can I set up on my Banking App?

Ensure your sign-in credentials on your Standard Bank App are at maximum security by setting up one of the following strong authenticators: 

  • Digit app code
  • Your fingerprint 
  • Face-ID to sign into your Banking App when using a smartphone  

How do I activate strong authenticators on my Banking App?

  • Sign into your Banking App
  • Tap “More” and then click on “Settings” 
  • Select “Sign-in preferences”
  • Add your preferred sign-in method

What is the Tax Season Scam?

Tax season usually means that phishing scams increase and then banks are being impersonated by fraudsters, advising customers to click on a link to download their IT3(b) Certificates for tax purposes.

How to identify it:

  • Check if the subject header and closing are aligned with the paragraph text.
  • All Standard Bank communication is personalised and will include your name.
  • Check for punctuation at the end of sentences.
  • Fraudsters will ask you to click on a malicious link.
  • Note the fake email address when you hover over the “link” or “click here”.
  • They will ask you to share your OTP. No bank will ever ask you to do this.
  • The message uses outdated branding with incorrect positioning.

What you can do:  

  • Remember, we will never send your income tax certificate via a link in an email.
  • We will never ask you to download your tax certificate, transfer UCount Rewards or share your OTP via an email link, SMS or phone.
  • If you receive an email claiming to be from Standard Bank with an attachment or link for your income tax certificate, do not click on the link or open the attachment and delete the email immediately.
  • Hover over the link to confirm the email address or website is legitimate (check that the website is https and not http), if it is not from a website or email address that you know, delete the email immediately.
  • If you receive a suspicious email containing links, please forward it to [email protected] for shutdown
  • If you need further assistance, call our 24-hour fraud line on 0800 020 600.

What is the UCount Scam?

Our UCount Rewards programme has become a target of phishing attacks.

In this scam, you might receive an email claiming to be from UCount and stating that your rewards are now ready to be redeemed. You are then requested to "click here" to redeem or validate your points.

How to identify it:

  • Check the style and format of the fake email and compare it to an original UCount email.
  • Check for alignment of all the banners, errors within the banner and overall alignment of the paragraphs.
  • Check for errors like “And” with a capital letter in the middle of two words.
  • When you hover over “click here”, the URL address is not linked to UCount.
  • The overall look and feel of the fake email are not aligned to the UCount Rewards look and feel.
  • Note: UCount does not make reference to cashback.

What you can do:  

  •  UCount will never email you links to redeem your rewards.
  • UCount will never request your bank sign-in details, including CVV, OTP or ATM PIN.
  • Please do not provide this information to anyone via email, SMS or telephonically.
  • If you receive an email claiming to be from UCount with an attachment or link to redeem your rewards, do not click on the link or open the attachment.
  • Hover over the link to confirm the email address or website is legitimate (check that the website is https and not http). If it is not from a website or email address that you know, delete the email immediately.
  • If you receive a suspicious email containing links, please forward it to [email protected] for shutdown
  • If you’re unsure of how to check your balance, refer to the Standard Bank App or check on your Internet Banking profile.  
  • If you need further assistance, call our 24-hour fraud line on 0800 020 600.

What is the Instant Money Scam?

Fraudsters call customers and pretend to be from the bank to advise them that there’s fraud on their account. The customer is then requested to send an Instant Money voucher to themselves to stop the fraud. Upon receipt of the Instant Money voucher, the customer is asked to read back the voucher details and PIN to validate the transaction and confirm that it is successful.

How to identify it:

  • Fraudsters will call and pretend to be from the bank to assist with how to send Instant Money.
  • The call will have a sense of urgency to coach customers on how to reverse debit orders using the Instant Money option.
  • They will ask you to share your OTP (One-Time PIN) as part of an authentication process. No bank will ever ask you to do this.

What you can do:  

  • We will never ask you to send an Instant Money voucher to yourself.
  • We will never ask that you send vouchers to yourself for authentication.
  • We will never ask you to share your OTP with anyone.
  • Protect your personal information and don’t share it with anyone.