Currently customers are receiving emails with the Subject line: 'Payment Notice' or 'Quote'. When they open these emails, the email contains an attachment in a compressed file . When the customer double clicks on this compressed file there is a file normally called payment notification.exe and can have the words [application] next to it. Do not run this exe and in all likelihood it is spyware and will compromise your Online Banking. Should you receive this or believe you have spyware on your computer contact the RMB Private Bank Risk department at:
Emails encouraging users to update their computer software by clicking on a link are also being sent out. Do not click on these links as they normally lead to sites that download spyware rather than software updates. A fake 'Acrobat Reader / Adobe flash' email is currently popular. It is a good security practice to update your computer software, but do this via the automatic options your software provides and not via a link in an email.
Remember, RMB Private Bank would never ask for sensitive information via email.
This is a form of fraud where criminals attempt to access your confidential information. This is done either by an email request for information or by luring you to a fake website.
In both instances, the fraudster would pretend to be from a legitimate company (for example the bank), and would ask you to disclose confidential financial and personal information - like passwords, credit card account numbers and ID numbers.
Never access the site via a link. Rather type the address into the browser address bar or save the address as a 'Favourite'.
If you suspect that your confidential information has been compromised, please do not hesitate to contact our dedicated Fraud Team on +27 11 352 5910 for assistance, or email
Never reply to email that:
Requires you to enter personal information directly into the email or submit that information some other way.
Threatens to close or suspend your account if you do not take immediate action by providing personal information.
Solicits your participation in a survey where you are asked to enter personal information.
States that your account has been compromised or that there has been third-party activity on your account, and requests you to enter or confirm your account information.
Asks you to enter your User ID, password or account numbers into an email or non-secure web page.
Asks you to confirm, verify, or refresh your account, credit card, or address information. The most important thing to remember is not to interact with the sender of the email, and definitely do not enter any of your personal or account details.
Spoofing happens when a fraudster builds a website to mimic another company's website. Not only does the site look similar, but it also has a similar address or URL.
The aim here is to trap unsuspecting customers to transact on the fake website. This fake address would normally be sent via email communication as a clickable link.
RMB Private Bank's website address is www.rmbprivatebank.com and no other website can have the same address. So as long as the above address is in your browser you are on the legitimate site.
Fraudsters are constantly searching for better ways of committing fraud. One way involves collecting information by using key-loggers and installing these onto computers.
A key logger is a device that captures your key strokes on the keyboard, enabling the fraudster to access your passwords and other personal information.
To prevent this from occurring:
Physically check for key-loggers on the back of your computer each time you log on.
If possible, avoid using vulnerable machines for Internet banking, such as those at Internet cafes.
With regards to cards, fraudsters use 'skimming' devices to obtain information. The fraudster simply swipes the card through the device and thereby obtains your information illegally.
The fraudster downloads the information from the device onto a computer and then uses this to manufacture a fraudulent card.
Tips to prevent this occurring:
Never allow anyone else to handle your ATM card.
Never let your card out of your sight, for example at a restaurant.
This is a term that describes a ploy used to gain information that compromises an individual's or company's security.
Fraudsters befriend unsuspecting people and trick them into revealing passwords or other information.
It is difficult not to fall into the trap of an experienced social engineer, as they exploit the natural tendency of people to be trusting.
The best precautionary measures are to follow the security procedures at your workplace, be aware of your environment and the people therein and don't discard sensitive information without first destroying it.
A 419 scam disguises itself in various forms and has become one of the most used schemes to trick people into being victims or accessories to crime.
The fraudsters who introduce these schemes base their efforts on the naivety and greed of people.
The important thing to remember is - if it sounds too good to be true, it probably is.
On average, a cheque is handled by up to 20 people from the time you make it out to the time your branch pays it. This means that there are numerous opportunities for the cheque to be intercepted (especially when cheques are posted).
Customers can also be defrauded when accepting a cheque or bank deposit when selling goods. Often the cheque or the deposit turns out to be fraudulent. If you are a seller, never release goods until you are certain that the payment is valid.
Always wait for the funds to be cleared before releasing goods, even if it seems to be a bank-issued cheque. While the cheque may appear to be genuine, fraudsters have even gone so far as to print their own cheques. The cheque could also be stolen. Even if the cheque is genuine, there are certain circumstances when bank-issued cheques will not be honoured.
Never accept a faxed bank deposit slip as proof of payment. Amounts and details can easily be changed to reflect a higher value or that it is a cash deposit.
Check with your bank first that the correct amount has been deposited and whether the deposit is cash or cheque. If it is a cheque deposit, wait until the cheque has been paid (usually this will take seven days) before you release goods.
Some sensible safety tips:
When you write out a cheque, use a ballpoint pen instead of a pen with more erasable inks like fountain pens or felt tip pens.
To prevent unauthorised additions and/or alterations, start writing as close as possible to the left-hand margin. Leave no gaps and draw a line through unused spaces.
Any cheques that you don't want to cash should be crossed. To ensure that a cheque is paid into the intended beneficiary's account, the cheque must be marked with the words Not Transferable between two transverse lines.
Always keep your chequebook in a safe place to prevent anyone else from using it.
Always keep your chequebook separate from your credit cards, ATM cards or any other document that bear your signature. If a thief gets hold of your chequebook, but does not have a sample of your signature, a forged signature will probably not resemble yours.
All paid cheques that are returned with your bank statements should be kept in a safe place because they contain your signature. Fraudsters may even try to re-use these cheques.
Make a habit of doing monthly reconciliations on the cheques you have issued.
Regular recons should be done on all unused cheques in a chequebook against a counterfoil or carbon copy records.
Report a stolen chequebook as soon as you discover that it's missing. You can also stop a cheque via Online Banking.
Avoid posting cheques. If you need to post a cheque, place it in a non-transparent or dark envelope without any staples / paper clips, which can be felt.
Never leave any cheques that have not been completed or fully signed lying around.
There are lots of other payment methods that are safe and convenient and can even save on bank charges. These alternatives include Visa Cheque Cards, Visa Electron debit cards, Internet, Telephone and Cellphone Banking, ATM payments, debit orders and future dated payments.
When you receive a printed, faxed or emailed proof of payment you are advised to check that the funds are actually in your account, or in the case of a cheque that the funds are cleared. Fraudsters can relatively easily manipulate these documents and defraud you.
How this scam works:
The fraudster will advise the client that a cash/electronic deposit will be made into the client's account and fax or email a copy of the deposit slip or proof of payment to the client.
The fraudster then deposits a fraudulent cheque or does an electronic payment into the client's account and alters the deposit slip or proof of payment confirmation.
The fraudster the faxes or emails the altered deposit slip or proof of payment to the client.
In some cases, the fraudster will tell the client that an overpayment was made and request a reimbursement.
SIM card swopping
SIM card swopping (also known as SIM card swapping) is a form of fraud where criminals request your cell phone service provider (SP) to transfer your existing cell phone number onto a new SIM card by pretending to be you, or pretending to act on your behalf. They usually have a copy of your ID (authentic or falsified) and other details that may convince the SP that the request is legitimate.
Once they have illegally assigned your cell phone number to their SIM card, they will receive all your calls and sms notifications, which include your inContact and One Time Pin (OTP) messages. Your phone will stop receiving any incoming calls or messages, but SIM swop victims usually only notice this when it is too late.
The fraudsters usually use SIM card swopping as part of an extensive process which includes phishing. By the time they have swopped SIM cards, they usually already have enough of your personal banking details (login and password etc.) to transact on your online banking account - with the sms OTP as the last link in the chain.
Fraudsters are then able to add beneficiaries to your account and transfer money to accounts of their choice, and can authorise such processes with the OTP messages sent to the fraudulent SIM card.
Our golden rules:
If your phone suddenly loses signal for no apparent reason, don't simply ignore it. Contact your service provider immediately and find out whether a SIM swop has taken place. It's better to be safe than sorry!
If your SP confirms that a SIM swop has taken place. Instruct them to de-activate your SIM card immediately and to follow the steps required when a SIM card has been stolen.
Promptly contact our dedicated Fraud Team on +27 11 352 5910 for assistance. Also read the rules regarding phishing.
Anyone is at risk of becoming a victim of a SIM swop, and you should never disclose any sensitive information such as login details, passwords, etc.
Tips to staying safe:
Always be aware of your cell phone's status. If you realise that you are not receiving any calls or sms notifications, something may be wrong.
Have your SP's numbers written down somewhere close by. This way you can phone to check whether anything suspicious has taken place.
Make a habit of checking your bank statements and online banking transaction history regularly. This way you will notice when any unauthorised activity has taken place.
Familiarise yourself with the tips on phishing. Below is a list of service providers/network operators to contact when you notice anything suspicious: