Security and fraud - Latest scams

The privacy of your personal information and the security of your money is a top priority for us. Read more about the steps you can take to protect yourself from falling victim to fraud, scams, phishing and theft.

Recent phishing scams

Below are the latest emails doing the rounds where fraudsters are attempting to extract information. If you receive one of these, please delete it immediately.

Discovery Invest scams

We've been alerted that there are scammers impersonating us. They use four platforms to spread false information and possibly scam people out of their money: WhatsApp, and email, social media and direct phone calls.

The messages they send contain similar wording and terminology to our standard communications. They also use our logo and images that are similar to ours.

WhatsApp scams

Through WhatsApp, the scammers are targeting people and promising them investment returns of up to 100% in 24 hours. We don't offer this and currently we don't communicate with clients directly through WhatsApp.

If you receive any WhatsApp messages that refer to us, please check if it's from someone you know, for example, your financial adviser. If it isn't, please follow these steps:

  1. Open the message
  2. Tap on the contact name at the top of the screen to open their information
  3. Scroll to the bottom and tap Report contact.

When you're done, please block the sender.

Email scams

Scammers are also sending out emails that make promises of investment boosts not offered by us. If you receive an email like this, please look at the address it comes from. Emails from us always originate from a mailbox that ends in discovery.co.za

Social media scams

There are also fraudulent pages on social media that impersonate investment service providers.

If you are contacted by a financial services provider on social media, always make sure their page has been verified before you engage with them. Verified pages have blue tick marks next to their names.

If you think the page might be run by scammers you can report it by clicking on the three-dot menu next to their name and selecting Report page.

Scams through direct phone calls

If you receive a phone call from someone who claims to work for a financial services provider, don't give them any information about your bank accounts or cards. Remember that financial service providers will never ask for your debit or credit card details. This includes the card number, CVV number and expiry date.

If you have been contacted by someone you suspect is a scammer, phone the Discovery Invest claim payments team on 086 033 3362 to confirm if this is a valid call and request.

If they claim to be calling from your bank, contact your bank's fraud department on the number provided on their website.

There could be other scams we're unaware of

The above mentioned scams are only the ones we've been alerted of from people we know, for example, clients and financial advisers. There could be others that we're not aware of yet.

If you receive any suspicious messages that seem as though they come from us, please contact your financial adviser. You can also call us on 0860 67 57 77

COVID-19 relief scam

At a time where many people are anxious and seeking COVID-19 relief, fraudsters have been using Dropbox links to disguise malicious attachments to conduct their criminal activities. Dropbox is an established file-sharing service that many organisations use. Therefore there is a chance that you may be exposed to a malicious attachment.

Example:

  • You get sent an email to click a Dropbox link to get information about a relief payment.
  • The link is fishy because it has an expiration date and wants you to act as soon as possible.
  • If you decide to click on the link, you go to a fake Microsoft 365 login page.
  • Any information you enter here goes directly to the scammers.

Tips:

  • Don't click on links or download any attachments you weren't expecting.
  • Double-check the sender's information.
  • Be suspicious if they want you to act as soon as possible.

Check with your IT department if you feel something is wrong or try in get in contact with the sender another way, like a phone call.

Bitcoin phishing scam

It has come to our attention that some clients are receiving e-mails indicating that their personal details and information will be made public should they not send Bitcoin to a certain address.

These fraudsters claim to hold your password and would even tell you what your password is. This password was not compromised by Discovery. What this means is that your password was previously compromised elsewhere. To check if any of your passwords or email addresses were ever compromised (No only discovery) , enter the password on this link below.

Check the password at:
https://howsecureismypassword.net/

Check the mail account:
https://haveibeenpwned.com

References in the International media

https://www.mirror.co.uk/tech/phishing-scam-known-sextortion-using-12928730

https://metro.co.uk/2018/07/16/new-phishing-scam-uses-real-password-claims-watching-porn-7720118/

Fraudulent job vacancies on www.Job4You.co.za

First reported: March 2019

Fraudulent job vacancies on www.Job4You.co.za

First reported: March 2018

Working from home: keep your and your company's data safe

Due to the COVID-19 crisis, many of us have been working from home. While working from home, it's important to take extra care of your and your company's data. You need to keep all data safe by following the strict safety protocols you would follow at work, securing your workspace, and maintaining high levels of digital security.

Maintain your office practices

  • Your organisation's IT security policies still apply no matter where you work. So, if you need to log in using a virtual private network (VPN), you must connect with the VPN.
  • You must know who to contact if your experience difficulties or find something suspicious.
  • Use unique, strong, and different passwords for each of your logins.
  • Always be extra protective of sensitive information.

Securing your workspace

  • Know what you need for your job - this includes hardware, software and other resources.
  • Find a private space with minimal distractions to help with productivity and security.
  • Putting important documents away or shred them if they are no longer needed.
  • Lock your computer when you are not around.

Maintain Digital Security

  • Use your work account and don't allow anyone else access to this account.
  • Use hardware from your organization only for work purposes and do not allow anyone else to use it.
  • Make sure you change your router's default username and password.

Always keep your software up to date.

How to keep your information safe

  • Check your online accounts and statement regularly
  • Communicate personal information only by phone or secure websites
  • Call the legitimate company directly
  • Never click on a link in an email to enter or update your credentials
  • Never download files or open attachments in emails from unknown senders
  • Never leave your personal or financial information lying around in a public place

How do I spot a fake?

Hackers have upped their game by making sure their phishing emails look proper. Here's what you need to ask yourself before clicking on that link:

Does this sound like typical communication?

Pay attention to the context in the body of the email.
Look for spelling errors, grammar errors, and odd sentence structure.

Hackers want to get an emotional response out of you.
If the email makes you feel anxious, fearful or happy, be cautious.

Are you being asked to do something unfamiliar?
If they want you to download an attachment or click a link to review a policy you've never heard of, think twice before you click.

Are you being asked to do something that wouldn't typically be addressed by email?
If so, double-check with the sender.

Does the sender's email address appear to be from an unfamiliar domain or a third-party company?
If the email is external, remember to verify the domain. But also remember, even if the domain is from your organization, it could be spoofed. So a good idea would be to double-check with the sender.

Does the email signature make sense?
Ensure the signature in the body of the email matches the name and job role of the sender.

When in doubt, always pick up the phone and call the sender to confirm the validity of the email. Always let your IT department know when you receive something your suspicious of.

If you are unsure about any safety rules, please email our Security and Fraud department. It's always better to be safe than sorry.

Reporting a phishing scam

If you receive a suspicious email, please email security@discovery.co.za.

Be careful not to fall for money laundering scams

Money laundering is a serious financial crime done by all types of criminals, from white-collar criminals to drug dealers. Essentially, it's the illegal process of making money that comes from criminal activity appear like it comes from legitimate companies.

Protect yourself against investment scams

We've been alerted that there are scammers impersonating us. They use two platforms to spread false information and possibly scam people out of their money: WhatsApp scams and email scams.

How to protect yourself from scammers this Black Friday

Black Friday is here, and retailers are going all out with promotions. While Black Friday weekend and Cyber Monday can be great for scoring incredible deals, make sure you don't get more than you bargained for by falling prey to fraudsters.

Don't fall for phishing scams while you work, shop or chat online

Living in a pandemic makes us more reliant on technology and online tools to work, shop and socialise. Unfortunately, this also increases our exposure to cyber criminals who want to mislead and loot unsuspecting victims. Your first defence? Get clued up on the latest scams.

Don't let lockdown leave you vulnerable to cybercriminals

While self-isolation will keep you safe from the dreaded COVID-19 virus, it is up to you to keep yourself, your family and your company safe from digital scammers and hackers who will be looking for any opportunity to take advantage of you during this time.

Why the Discovery Bank app is your safest bet

Transacting from your mobile device can be tricky, but when used on a secure connection, the Discovery Bank app has built-in safety features which maximise safe banking.

Shopping online - keep your money safe

In today's fast-paced, digital world, shopping online is not only easy, but also convenient. But how safe is your money and personal information really?

How to choose your passwords...and keep it safe

The first step in cyber security is to choose strong passwords. They protect your identity and your money, so you need to think about them carefully. Ideally, they shouldn't be written down and they need to be changed often and remembered.

Log in

Please click here to login into Discovery Digital Id

Please click here to login into Discovery Digital Id