Recent phishing scams
Below are the latest emails doing the rounds where fraudsters are attempting to extract information. If you receive one of these, please delete it immediately.
Latest scam using cellphone network loyalty programmes
In recent weeks, a concerning fraud trend has been on the rise, and we want to make sure you stay informed. Protecting you is important for us, so we warn you when new scams emerge.
Cellphone network loyalty programmes scam
Scammers are exploiting the popularity of cellphone network loyalty programmes.
Here's how it works: You receive a message claiming that your loyalty programme points are about to expire, and to redeem them, you must click on a link provided in the message.
However, be careful. These messages are deceptive, and the links are set up to steal your information. Once you click on the link, you'll be taken to a fake website that appears authentic. The website will ask you to enter your card details and OTP under the pretence of redeeming your loyalty points.
Unfortunately, instead of redeeming rewards, you're unknowingly authorising fraudulent transactions.
Be extra vigilant
We urge you to be suspicious of any messages related to cellphone network loyalty programmes. Always verify the sender's details, and if something seems suspicious, avoid clicking on any links provided.
Remember, legitimate companies will never ask for sensitive information such as card details or OTPs through app messages or phone calls.
Read your OTPs carefully to make sure it's linked to actions you've initiated. Keep up to date with all your transactions by enabling real-time notifications for your banking app.
If you receive any dubious messages, report them immediately to our Fraud team on 011 324 4444 or send them to phishing@discovery.bank.
False Advertising
Please take note of this document. It's being distributed by "Forbes Corporate Solutions". In there, it is advertised that Adrian Gore ( Discovery Founder & CEO) will be a speaker at this event. Note that this information is not correct. Adrian Gore did not at any point commit to being a speaker at the event and he will not be present.
Look out for the "Post Office" scam
Scammers are targeting people who are waiting for packages from the Post Office. They will send you an email that looks like it's from the Post Office (also known as a phishing email) and ask you to pay a small fee to clear your package for delivery. But, if you click on the link in the email and make the payment, you could be giving away your sensitive information like your credit card number, CVV code, name on the card, and expiration date.
Please note they also target people by sending fictitious SMSs. This is called smishing and is a form of phishing.
The scammers will use this information to make unauthorised transactions. Also, scammers try to get hold of your one-time password (OTP) which you should never share.
If you receive such emails or SMSs, please call us immediately on 011 324 4444 and email them to us at phishing@discovery.bank
Scam asking Discovery clients to update their banking details
We are aware that some members have received SMS and phone calls from people claiming to be from Discovery Health, asking that they update their banking details to avoid having their benefits discontinued. The SMS asks them to phone a number, the telephone numbers used are changing continuously but the content remains the same. In the calls, members are asked to provide their banking details telephonically. Some of these messages also include hyperlinks, prompting you to click on it. We urge you to refrain from doing so, as the link is part of the scam. These are not valid Discovery Health communication, therefore please ignore these requests.
Discovery Invest scams
We've been alerted that there are scammers impersonating us. They use four platforms to spread false information and possibly scam people out of their money: WhatsApp, and email, social media and direct phone calls.
The messages they send contain similar wording and terminology to our standard communications. They also use our logo and images that are similar to ours.
WhatsApp scams
Through WhatsApp, the scammers are targeting people and promising them investment returns of up to 100% in 24 hours. We don't offer this and currently we don't communicate with clients directly through WhatsApp.
If you receive any WhatsApp messages that refer to us, please check if it's from someone you know, for example, your financial adviser. If it isn't, please follow these steps:
- Open the message
- Tap on the contact name at the top of the screen to open their information
- Scroll to the bottom and tap Report contact.
When you're done, please block the sender.
Email scams
Scammers are also sending out emails that make promises of investment boosts not offered by us. If you receive an email like this, please look at the address it comes from. Emails from us always originate from a mailbox that ends in discovery.co.za
Social media scams
There are also fraudulent pages on social media that impersonate investment service providers.
If you are contacted by a financial services provider on social media, always make sure their page has been verified before you engage with them. Verified pages have blue tick marks next to their names.
If you think the page might be run by scammers you can report it by clicking on the three-dot menu next to their name and selecting Report page.
Scams through direct phone calls
If you receive a phone call from someone who claims to work for a financial services provider, don't give them any information about your bank accounts or cards. Remember that financial service providers will never ask for your debit or credit card details. This includes the card number, CVV number and expiry date.
If you have been contacted by someone you suspect is a scammer, phone the Discovery Invest claim payments team on 086 033 3362 to confirm if this is a valid call and request.
If they claim to be calling from your bank, contact your bank's fraud department on the number provided on their website.
There could be other scams we're unaware of
The above mentioned scams are only the ones we've been alerted of from people we know, for example, clients and financial advisers. There could be others that we're not aware of yet.
If you receive any suspicious messages that seem as though they come from us, please contact your financial adviser. You can also call us on 0860 67 57 77
COVID-19 relief scam
At a time where many people are anxious and seeking COVID-19 relief, fraudsters have been using Dropbox links to disguise malicious attachments to conduct their criminal activities. Dropbox is an established file-sharing service that many organisations use. Therefore there is a chance that you may be exposed to a malicious attachment.
Example:
- You get sent an email to click a Dropbox link to get information about a relief payment.
- The link is fishy because it has an expiration date and wants you to act as soon as possible.
- If you decide to click on the link, you go to a fake Microsoft 365 login page.
- Any information you enter here goes directly to the scammers.
Tips:
- Don't click on links or download any attachments you weren't expecting.
- Double-check the sender's information.
- Be suspicious if they want you to act as soon as possible.
Check with your IT department if you feel something is wrong or try in get in contact with the sender another way, like a phone call.
Bitcoin phishing scam
It has come to our attention that some clients are receiving e-mails indicating that their personal details and information will be made public should they not send Bitcoin to a certain address.
These fraudsters claim to hold your password and would even tell you what your password is. This password was not compromised by Discovery. What this means is that your password was previously compromised elsewhere. To check if any of your passwords or email addresses were ever compromised (No only discovery) , enter the password on this link below.
Check the password at:
https://howsecureismypassword.net/
Check the mail account:
https://haveibeenpwned.com
References in the International media
https://www.mirror.co.uk/tech/phishing-scam-known-sextortion-using-12928730
https://metro.co.uk/2018/07/16/new-phishing-scam-uses-real-password-claims-watching-porn-7720118/
Fraudulent job vacancies on www.Job4You.co.za
First reported: March 2019
Please note, Discovery does not advertise vacancies on Job4You website.
Fraudulent recruitment ad posted on Gumtree
First reported: September 2017
Please be vigilant of fraudulent recruitment advertisements posted on Gumtree or similar websites.
Last chance to redeem your 17000 Discovery miles Point
First reported: January 2017
Hello Valued Customer,
Your Discovery Card was credited with 17000 Miles (R1700) as a reward for been a loyal customer last 2 weeks today ( Final notice) , but you did not claim it, we are giving you another chance. Follow the instructions below:-
- Click this link http://www.discovery.co.za/portal/individual/login
- Then enter your www.discovery.co.za Username and Password and click login
- Update your Discovery Credit Card details and click update after you have completed it( Note:-Do not fail to enter the full details correctly).
Regards,
Discovery Miles Team
Discovery Life Learnership 2017 - INSETA Training
First reported: January 2017
Dear Applicant
I am pleased to inform you that your application for the Discovery Life Learnership Program 2017 has been successful. I look forward to meeting you for the interview stages.
A quick recap of what the training will offer: (1) A stipend allowance of R4500.00 per month, (2) A 1 year NQF Level 4 Qualification in Medical Claims Assessment (3) Theory and Practical training at Discovey Provincial Office. and (4) Guaranteed employment by Discovery Life South Africa after successfully completing the training.. Let me categorically state that the training is free of charge. The once off R150.00 admission fee is for administration purposes only. This is a BEE programme (African Black, Coloureds and Indians) We are a small recruitment company for the Discovery Life.. Please note that your interview is scheduled for Friday, 13 January 2017. As a normal standard - all successful candidates are requested to settle an admission fee of R150.00 to allow the administration staff to process your file and telephonically confirm the time and date for your interview.
As a small company we have adopted the new Shoprite Money Market Service particularly for this project. It's really cost effective and convenient compared to normal banks that charge overwhelmingly. We encourage saving in order to grow and become the like of Cozens and Quest. All you need when making the payment is your ID. Once complete, forward the unique M number & Pin. As soon as we receive the confirmation, one of our consultants will contact you to confirm the payment received and provide the time and place for your interview.
Good Luck and God Bless
Thank you,
Human Resources Manager
Last chance to redeem your 17000 Discovery miles Point
First reported: October 2016
- Click this link http://www.discovery.co.za/portal/individual/login
- Then enter your www.discovery.co.za Username and Password and click login
- Update your Discovery Credit Card details and click update after you have completed it( Note:-Do not fail to enter the full details correctly).
Regards,
Discovery Miles Team
Calls asking for bank details to process a refund
First reported: July 2016
Discovery clients have been receiving calls from people pretending to be from Discovery. They request the client's bank details in order to process a refund. Note that Discovery will never take bank details over the phone but will request that clients update these on the secure website or by completing a form and sending it to us by email.
It's Urgent, Please respond from Discovery Card (Final Notice)
First reported: November 2014
Working from home: keep your and your company's data safe
Due to the COVID-19 crisis, many of us have been working from home. While working from home, it's important to take extra care of your and your company's data. You need to keep all data safe by following the strict safety protocols you would follow at work, securing your workspace, and maintaining high levels of digital security.
Maintain your office practices
- Your organisation's IT security policies still apply no matter where you work. So, if you need to log in using a virtual private network (VPN), you must connect with the VPN.
- You must know who to contact if your experience difficulties or find something suspicious.
- Use unique, strong, and different passwords for each of your logins.
- Always be extra protective of sensitive information.
Securing your workspace
- Know what you need for your job - this includes hardware, software and other resources.
- Find a private space with minimal distractions to help with productivity and security.
- Putting important documents away or shred them if they are no longer needed.
- Lock your computer when you are not around.
Maintain Digital Security
- Use your work account and don't allow anyone else access to this account.
- Use hardware from your organization only for work purposes and do not allow anyone else to use it.
- Make sure you change your router's default username and password.
Always keep your software up to date.
How to keep your information safe
- Check your online accounts and statement regularly
- Communicate personal information only by phone or secure websites
- Call the legitimate company directly
- Never click on a link in an email to enter or update your credentials
- Never download files or open attachments in emails from unknown senders
- Never leave your personal or financial information lying around in a public place
How do I spot a fake?
Hackers have upped their game by making sure their phishing emails look proper. Here's what you need to ask yourself before clicking on that link:
Does this sound like typical communication?
Pay attention to the context in the body of the email.
Look for spelling errors, grammar errors, and odd sentence structure.
Hackers want to get an emotional response out of you.
If the email makes you feel anxious, fearful or happy, be cautious.
Are you being asked to do something unfamiliar?
If they want you to download an attachment or click a link to review a policy you've never heard of, think twice before you click.
Are you being asked to do something that wouldn't typically be addressed by email?
If so, double-check with the sender.
Does the sender's email address appear to be from an unfamiliar domain or a third-party company?
If the email is external, remember to verify the domain. But also remember, even if the domain is from your organization, it could be spoofed. So a good idea would be to double-check with the sender.
Does the email signature make sense?
Ensure the signature in the body of the email matches the name and job role of the sender.
When in doubt, always pick up the phone and call the sender to confirm the validity of the email. Always let your IT department know when you receive something your suspicious of.
If you are unsure about any safety rules, please email our Security and Fraud department. It's always better to be safe than sorry.
Reporting a phishing scam
If you receive a suspicious email, please email security@discovery.co.za.