Security and fraud - Latest scams

The privacy of your personal information and the security of your money is a top priority for us. Read more about the steps you can take to protect yourself from falling victim to fraud, scams, phishing and theft.

Recent phishing scams

Below are the latest emails doing the rounds where fraudsters are attempting to extract information. If you receive one of these, please delete it immediately.

Latest scam using cellphone network loyalty programmes

In recent weeks, a concerning fraud trend has been on the rise, and we want to make sure you stay informed. Protecting you is important for us, so we warn you when new scams emerge.

Cellphone network loyalty programmes scam

Scammers are exploiting the popularity of cellphone network loyalty programmes.

Here's how it works: You receive a message claiming that your loyalty programme points are about to expire, and to redeem them, you must click on a link provided in the message.

However, be careful. These messages are deceptive, and the links are set up to steal your information. Once you click on the link, you'll be taken to a fake website that appears authentic. The website will ask you to enter your card details and OTP under the pretence of redeeming your loyalty points.

Unfortunately, instead of redeeming rewards, you're unknowingly authorising fraudulent transactions.

Be extra vigilant

We urge you to be suspicious of any messages related to cellphone network loyalty programmes. Always verify the sender's details, and if something seems suspicious, avoid clicking on any links provided.

Remember, legitimate companies will never ask for sensitive information such as card details or OTPs through app messages or phone calls.

Read your OTPs carefully to make sure it's linked to actions you've initiated. Keep up to date with all your transactions by enabling real-time notifications for your banking app.

If you receive any dubious messages, report them immediately to our Fraud team on 011 324 4444 or send them to phishing@discovery.bank.

False Advertising

Please take note of this document. It's being distributed by "Forbes Corporate Solutions". In there, it is advertised that Adrian Gore ( Discovery Founder & CEO) will be a speaker at this event. Note that this information is not correct. Adrian Gore did not at any point commit to being a speaker at the event and he will not be present.

Look out for the "Post Office" scam

Scammers are targeting people who are waiting for packages from the Post Office. They will send you an email that looks like it's from the Post Office (also known as a phishing email) and ask you to pay a small fee to clear your package for delivery. But, if you click on the link in the email and make the payment, you could be giving away your sensitive information like your credit card number, CVV code, name on the card, and expiration date.

Please note they also target people by sending fictitious SMSs. This is called smishing and is a form of phishing.

The scammers will use this information to make unauthorised transactions. Also, scammers try to get hold of your one-time password (OTP) which you should never share.

If you receive such emails or SMSs, please call us immediately on 011 324 4444 and email them to us at phishing@discovery.bank

Scam asking Discovery clients to update their banking details

We are aware that some members have received SMS and phone calls from people claiming to be from Discovery Health, asking that they update their banking details to avoid having their benefits discontinued. The SMS asks them to phone a number, the telephone numbers used are changing continuously but the content remains the same. In the calls, members are asked to provide their banking details telephonically. Some of these messages also include hyperlinks, prompting you to click on it. We urge you to refrain from doing so, as the link is part of the scam. These are not valid Discovery Health communication, therefore please ignore these requests.

Discovery Invest scams

We've been alerted that there are scammers impersonating us. They use four platforms to spread false information and possibly scam people out of their money: WhatsApp, and email, social media and direct phone calls.

The messages they send contain similar wording and terminology to our standard communications. They also use our logo and images that are similar to ours.

WhatsApp scams

Through WhatsApp, the scammers are targeting people and promising them investment returns of up to 100% in 24 hours. We don't offer this and currently we don't communicate with clients directly through WhatsApp.

If you receive any WhatsApp messages that refer to us, please check if it's from someone you know, for example, your financial adviser. If it isn't, please follow these steps:

  1. Open the message
  2. Tap on the contact name at the top of the screen to open their information
  3. Scroll to the bottom and tap Report contact.

When you're done, please block the sender.

Email scams

Scammers are also sending out emails that make promises of investment boosts not offered by us. If you receive an email like this, please look at the address it comes from. Emails from us always originate from a mailbox that ends in discovery.co.za

Social media scams

There are also fraudulent pages on social media that impersonate investment service providers.

If you are contacted by a financial services provider on social media, always make sure their page has been verified before you engage with them. Verified pages have blue tick marks next to their names.

If you think the page might be run by scammers you can report it by clicking on the three-dot menu next to their name and selecting Report page.

Scams through direct phone calls

If you receive a phone call from someone who claims to work for a financial services provider, don't give them any information about your bank accounts or cards. Remember that financial service providers will never ask for your debit or credit card details. This includes the card number, CVV number and expiry date.

If you have been contacted by someone you suspect is a scammer, phone the Discovery Invest claim payments team on 086 033 3362 to confirm if this is a valid call and request.

If they claim to be calling from your bank, contact your bank's fraud department on the number provided on their website.

There could be other scams we're unaware of

The above mentioned scams are only the ones we've been alerted of from people we know, for example, clients and financial advisers. There could be others that we're not aware of yet.

If you receive any suspicious messages that seem as though they come from us, please contact your financial adviser. You can also call us on 0860 67 57 77

COVID-19 relief scam

At a time where many people are anxious and seeking COVID-19 relief, fraudsters have been using Dropbox links to disguise malicious attachments to conduct their criminal activities. Dropbox is an established file-sharing service that many organisations use. Therefore there is a chance that you may be exposed to a malicious attachment.

Example:

  • You get sent an email to click a Dropbox link to get information about a relief payment.
  • The link is fishy because it has an expiration date and wants you to act as soon as possible.
  • If you decide to click on the link, you go to a fake Microsoft 365 login page.
  • Any information you enter here goes directly to the scammers.

Tips:

  • Don't click on links or download any attachments you weren't expecting.
  • Double-check the sender's information.
  • Be suspicious if they want you to act as soon as possible.

Check with your IT department if you feel something is wrong or try in get in contact with the sender another way, like a phone call.

Bitcoin phishing scam

It has come to our attention that some clients are receiving e-mails indicating that their personal details and information will be made public should they not send Bitcoin to a certain address.

These fraudsters claim to hold your password and would even tell you what your password is. This password was not compromised by Discovery. What this means is that your password was previously compromised elsewhere. To check if any of your passwords or email addresses were ever compromised (No only discovery) , enter the password on this link below.

Check the password at:
https://howsecureismypassword.net/

Check the mail account:
https://haveibeenpwned.com

References in the International media

https://www.mirror.co.uk/tech/phishing-scam-known-sextortion-using-12928730

https://metro.co.uk/2018/07/16/new-phishing-scam-uses-real-password-claims-watching-porn-7720118/

Fraudulent job vacancies on www.Job4You.co.za

First reported: March 2019

Fraudulent job vacancies on www.Job4You.co.za

First reported: March 2018

Working from home: keep your and your company's data safe

Due to the COVID-19 crisis, many of us have been working from home. While working from home, it's important to take extra care of your and your company's data. You need to keep all data safe by following the strict safety protocols you would follow at work, securing your workspace, and maintaining high levels of digital security.

Maintain your office practices

  • Your organisation's IT security policies still apply no matter where you work. So, if you need to log in using a virtual private network (VPN), you must connect with the VPN.
  • You must know who to contact if your experience difficulties or find something suspicious.
  • Use unique, strong, and different passwords for each of your logins.
  • Always be extra protective of sensitive information.

Securing your workspace

  • Know what you need for your job - this includes hardware, software and other resources.
  • Find a private space with minimal distractions to help with productivity and security.
  • Putting important documents away or shred them if they are no longer needed.
  • Lock your computer when you are not around.

Maintain Digital Security

  • Use your work account and don't allow anyone else access to this account.
  • Use hardware from your organization only for work purposes and do not allow anyone else to use it.
  • Make sure you change your router's default username and password.

Always keep your software up to date.

How to keep your information safe

  • Check your online accounts and statement regularly
  • Communicate personal information only by phone or secure websites
  • Call the legitimate company directly
  • Never click on a link in an email to enter or update your credentials
  • Never download files or open attachments in emails from unknown senders
  • Never leave your personal or financial information lying around in a public place

How do I spot a fake?

Hackers have upped their game by making sure their phishing emails look proper. Here's what you need to ask yourself before clicking on that link:

Does this sound like typical communication?

Pay attention to the context in the body of the email.
Look for spelling errors, grammar errors, and odd sentence structure.

Hackers want to get an emotional response out of you.
If the email makes you feel anxious, fearful or happy, be cautious.

Are you being asked to do something unfamiliar?
If they want you to download an attachment or click a link to review a policy you've never heard of, think twice before you click.

Are you being asked to do something that wouldn't typically be addressed by email?
If so, double-check with the sender.

Does the sender's email address appear to be from an unfamiliar domain or a third-party company?
If the email is external, remember to verify the domain. But also remember, even if the domain is from your organization, it could be spoofed. So a good idea would be to double-check with the sender.

Does the email signature make sense?
Ensure the signature in the body of the email matches the name and job role of the sender.

When in doubt, always pick up the phone and call the sender to confirm the validity of the email. Always let your IT department know when you receive something your suspicious of.

If you are unsure about any safety rules, please email our Security and Fraud department. It's always better to be safe than sorry.

Reporting a phishing scam

If you receive a suspicious email, please email security@discovery.co.za.

Be careful not to fall for money laundering scams

Money laundering is a serious financial crime done by all types of criminals, from white-collar criminals to drug dealers. Essentially, it's the illegal process of making money that comes from criminal activity appear like it comes from legitimate companies.

Protect yourself against investment scams

We've been alerted that there are scammers impersonating us. They use two platforms to spread false information and possibly scam people out of their money: WhatsApp scams and email scams.

How to protect yourself from scammers this Black Friday

Black Friday is here, and retailers are going all out with promotions. While Black Friday weekend and Cyber Monday can be great for scoring incredible deals, make sure you don't get more than you bargained for by falling prey to fraudsters.

Don't fall for phishing scams while you work, shop or chat online

Living in a pandemic makes us more reliant on technology and online tools to work, shop and socialise. Unfortunately, this also increases our exposure to cyber criminals who want to mislead and loot unsuspecting victims. Your first defence? Get clued up on the latest scams.

Don't let lockdown leave you vulnerable to cybercriminals

While self-isolation will keep you safe from the dreaded COVID-19 virus, it is up to you to keep yourself, your family and your company safe from digital scammers and hackers who will be looking for any opportunity to take advantage of you during this time.

Why the Discovery Bank app is your safest bet

Transacting from your mobile device can be tricky, but when used on a secure connection, the Discovery Bank app has built-in safety features which maximise safe banking.

Shopping online - keep your money safe

In today's fast-paced, digital world, shopping online is not only easy, but also convenient. But how safe is your money and personal information really?

How to choose your passwords...and keep it safe

The first step in cyber security is to choose strong passwords. They protect your identity and your money, so you need to think about them carefully. Ideally, they shouldn't be written down and they need to be changed often and remembered.

Log in

Please click here to login into Discovery Digital Id

Please click here to login into Discovery Digital Id