Don’t be a victim of investment fraud - be vigilant all the time

Laura du Preez | 20 December 2023

Laura du Preez has been writing about personal finance topics for more than 20 years, including eight years as personal finance editor for two leading media houses.

South African investors lost almost R24 million last year due to fraudulent withdrawals and disinvestments from investment platforms, collective investment schemes and retirement funds.

Fraudsters’ attempts to steal another R182 million last year were thwarted, according to the most recent fraud statistics for the life and investment industry released by the Association for Savings and Investment South Africa (ASISA).

The industry detected 709 such incidents last year indicating a need for investors to be hyper-vigilant, Jean van Niekerk, the convenor of ASISA’s Forensic Standing Committee, says.

It starts with identity theft

In many cases fraud begins with identity theft. Data breaches at major credit bureaus have compromised the identities of most credit-active South Africans over the past three years, Van Niekerk says. Read more: Who is doing credit checks on me?

In more sophisticated attacks, fraudsters open up accounts at certain financial institutions in your name and using your ID number and then attempt to transfer funds from existing investments, he says.

More commonly, however, withdrawal and disinvestment fraud occurs when fraudsters either hack your email or your adviser or investment provider’s email and access instructions you have sent to your investment house or financial adviser in the past, Van Niekerk says.

Fraud also occurs when your personal information is accessed illicitly or because it was not properly destroyed.

Van Niekerk says this technique known as dumpster diving can occur when a physical file containing your information is left lying around, or you throw your bank statement in the bin, or your statements are stolen in a burglary and sold to a syndicate.

Social engineering

Once fraudsters have the details of your investment they typically engage in social engineering - mimicking your writing style and your signature to convince a financial institution to change your banking details to that of an account used by the fraudster.

In the final step, the fraudster submits a withdrawal or disinvestment instruction and if you are lucky your financial institution will detect the forgery, Van Niekerk says.

If the fraudster has hacked your financial adviser’s email, he or she will impersonate your adviser or pretend to be contacting you from your financial services company by spoofing it’s email account. This is known as man-in-the-middle fraud.

In this case, the fraudster is likely to attempt to convince you that the investment house has changed its bank account.

Nazia Karrim, head of product development at the not-for-profit South African Fraud Prevention Service, says the impersonation of institutions and their employees, usually via phishing, vishing or remote access type scams, is common.

Fraudsters try to get you to provide them with one-time pins (OTPs) to access your investment on an online platform or release a transaction, she says.

The losses are typically yours

If a fraudster does access your investment or retirement savings, and you were tricked into providing the PIN or your device was compromised, then you will bear the loss, Karrim says.

If it can be proven that the fraud arose as a result of compromise within an investment provider or adviser, then they will need to reimburse you, however this is a very unlikely scenario, she says.

Van Niekerk says common checks that financial institutions perform are calling you back to verify the instruction, verifying the account with the bank to ensure it is in your name and using your ID and for how long it has been open, verifying your signature and checking for alterations on the withdrawal or disinvestment application.

Van Niekerk says your transactions are also monitored to identify anomalies, outliers or activity that is not within the normal bounds of what you do with your account.

The financial services industry is also sharing information about fraud and working with banks in line with anti-money laundering legislation to stop money that is stolen from moving out of the banking system, he says.

How to stay safe

Hackers very often rely on the human failure point because it's the easiest point to compromise – easier than infiltrating sophisticated databases, firewalls and cyber security controls at financial institutions, Jean van Niekerk says.

So the best way to stay safe, is to guard your information carefully.

Use a secure email and strong passwords: Too many South Africans are using Gmail, Hotmail or other public domain email addresses without using strong passwords, Van Niekerk says. Many people use the same password – or slight variations of it - across social media and investment and banking platforms. If one of these platforms is hacked, all the passwords are compromised, Van Niekerk says. Rather use a credible password manager, he says.

Never allow your browser to save your password, Werner Lunow, IT Manager at Allan Gray, says rather write your password down or store it in a password vault and keep your device secure with a pin or password.
Be careful what links you click on: Be very careful of links and accidentally divulging your details or installing malware or viruses onto your device, Van Niekerk says.

Hover over any link to check the true destination and don’t click if you have any doubts.

Do not use the same devices as your young children use to do your investing and banking. Children may not understand that they are on an unsafe site or downloading malicious files, Van Niekerk says.

Use two-factor authentication: Two-factor authentication – when you have to use a code sent to your email or cell phone to verify it is you logging in - adds another layer of protection. It is astonishing how many people are happy to keep a lot of personal information behind just a login and password, Van Niekerk says.
Don’t use paper forms: If your investment provider offers a secure online account use it to transact rather than submitting scans of paper forms that can be manipulated, Lunow says. Check the validity of your online account by clicking the padlock icon next to the website address and log out when you are finished transacting, he says.

Keep an eye on your credit report: Check your credit report regularly or pay for a service that alerts you to changes in your credit profile, Van Niekerk suggests. Read more: What is my credit report?

If you are a victim of identity theft, report this to the South African Fraud Prevention Services (SAFPS).

This not-for-profit organisation maintains a database of those whose identity has been compromised and financial institutions check it.

The SAFPS launched a Secure Citizen app earlier this year where you can register for a unique identifier to be used when you apply for credit and ensure financial institutions can confirm your identity prior to completing any application, such as that for credit.

Keep your email clean: Delete emails with copies of sensitive documents such as your payslip or bank statement that you may have sent to open an account or apply for credit, Van Niekerk says.
Check your investment statements: Check your statements – even those tied up for fixed terms – often, Van Niekerk suggests.
Let contributions be collected: If your investment provider can collect money from your bank account for investments use this service to avoid paying into the wrong account, Lunow says.
Don’t use public Wi-Fi services or charging stations: Public Wi-Fi services can be hacked and when you use your cable in a public charging station you may allow data to be transferred from your device, Van Niekerk says.
Dispose of electronic devices safely: Dispose of old devices, hard drives, USB drives, memory cards, etc through reputable electronic waste disposal companies.
Be sure those you engage with are legitimate: If anyone contacts you by phone, email or WhatsApp and it’s not related to something you initiated, do not engage.

Drop the conversation and contact the institution directly yourself using the numbers you know are legitimate. Financial institutions will only call you from their published number not from a cell phone number or via social media, Van Niekerk says.

Always check the email address matches the investment house’s email domain, for example, @allangray.co.za for Allan Gray, Lunow says. Check the address has not been spoofed by hovering over any email address.
Anti-virus software: Use a reputable antivirus software and anti-spyware and keep it up-to-date, Lunow says. Install the latest security upgrades to your device’s operating system, applications and browser. Install a personal firewall that restricts external devices from accessing your device, he says.

Empowering you to make good money decisions

Don’t be a victim of investment fraud - be vigilant all the time

It starts with identity theft

Social engineering

The losses are typically yours

How to stay safe

Related topics

Related hot topics

Empowering you to make good money decisions

Search

Search Results

Home

Hot topics

Franchises better positioned to succeed

Discretionary investments - your safety net for unexpected costs

New unit trust categories make it easier to find funds investing only in SA

Get some tax advice before you work your way around the world

Don't worry about the world, just save enough for your retirement - Fink

South Africans pay R40 billion for denied medical scheme claims - are you one of them?

How to spot a fake financial services company

Why are passive funds more popular in the US than in SA?

Your brain may need to be managed when it comes to money

Say no to (savings) pot

Legislation to support people living with dementia is still missing in SA

If you have minor children, be sure your will has these provisions

Pre-authorisation does not mean your scheme will pay your bills

Even after death: Costs. Costs? Costs!

Use the two pot system wisely and reach all your goals

How an enterprise and supplier development programme could help your SME

Why procrastination costs you twice

Life insurance pays, but only by the rules

How profit and purpose are enmeshed in investing

Are you avoiding making a plan for your retirement?

Small steps, big results: building wealth on any income

You, SARS and your duty to declare and pay tax

Don’t believe FX trading sites’ get-rich-quick hype

The tricky job of managing a living annuity through retirement

Two pots: Insufficient funds, tax and other hurdles facing members who want to withdraw

How can you live a rich life

Two-pot retirement system: why advice is so important

Offshore remains best return target while local risks should be managed

It's a wild world – there’s a lot of bad out there so beware

Is it time to give money its rightful role in your life?

Digital tools help small businesses master their money

Schemes get costlier as reform takes back seat to NHI

Why life cover is crucial for young families

Why schemes will contest the NHI Act now that it is signed

Play to win: the five-step process to winding up an estate

Two-pot retirement system: don't just focus on the cash

Employers pay arrear retirement contributions after shaming

Can’t get no satisfaction? It is getting easier to complain to an ombud

Do these financing models suit your business?

Don’t be a fool this April

A small business survival kit for tough economic times

Swix indices on the way out as JSE simplifies benchmarks

Diversify your investments as managers disagree on global equity outcomes

Expect multi-asset fund returns to diverge further in future

10 traps to avoid with buy-and-sell agreements

Keith Engel: only one way to stop average tax rates rising

More tax from you will plug the hole in the national budget

Effective tax planning saves SMEs time and money

Six financial planning tips for DINKs

Is love enough to bridge a money gap?

Tax year-end alert: Have you maximised your tax deductions?

Expect inflation-beating returns amid a noisy year in investment markets

Palesa Dube's lessons learnt as an entrepreneur

What happens to your retirement savings when you emigrate?

Savings hacks: Four New Year’s resolutions for new entrepreneurs

Living annuity drawdown rate is personal

Investing: Should you DIY, take advice or something in between?

Don’t be a victim of investment fraud - be vigilant all the time

Small business, big decisions: mastering the art of financial decision-making

The personal finance lessons we can all learn from 2023

Active ETFs have arrived in SA – should you care?

One of your most important financial decisions is the partner you choose

Two pots – don’t bank on getting access to your money in March

How to get creditworthy when you don’t have credit

Three top financial habits of successful entrepreneurs

As citizens of the world, South Africans need more specialised advice

Enjoying the holiday season without a budget blowout

Minimising the hidden retirement cost of maternity leave

Greater need for fairly priced pensions

10 tips for a bulletproof business plan

Tweaked two pot system likely to be delayed

Can money play a spiritual role in your life?

How to deal with medical scheme contribution increases and benefit reductions

When life cover starts costing an arm and a leg

How you can recoup some expenses for learning difficulties