Anti-Fraud

Stop. Challenge. Protect.

What to do if you think you are a victim of fraud

  1. Report your concerns to Ninety One

    Use the numbers provided below to report if you have noticed any suspicious activity on any of your Ninety One accounts, or whether there has been an event which makes your accounts more vulnerable to fraud.

  2. Talk to the authorities

    We also urge you to report to the authorities online at the following websites:

    In the UK: www.actionfraud.police.uk

    In South Africa: www.safps.org.za

    A physical report will also need to be files with your local RSA police station.


    View Ninety One Fraud Alerts
    View common frauds
International (ex SA and Asia) Clients
London
South African Clients
Cape Town
Asia Clients
Hong Kong

Common frauds

Boiler room scams

Boiler room fraud involves the mis-selling of worthless or bogus stocks and shares for the sole purpose of defrauding cash from unwitting investors. Organised criminals run ‘boiler rooms’ with a sales pitch designed to play to an innocent investor’s desire to make a profit. You can read more about this on the Financial Conduct Authority (“FCA”) website by clicking here.

Pension scams

You receive an unsolicited call or email from someone offering a free review to increase the returns on your retirement savings or promise early access to your pension. Similar to an investment scam, you may be promised huge returns on an investment that doesn’t exist. Alternatively, promises of early release of funds can be an attempt to convince you to transfer over funds, but be left with a large tax bill instead.

Bogus fund offerings

Bogus funds can be set up that share the same or a similar name to genuine funds provided by legitimate companies. Individuals who invest this way following a cold call are not investing in legitimate funds and are likely being defrauded by criminals.

Cloned firms

This is where fraudsters will use a genuine investment company’s name and regulator registration number but their own contact information. This means the fraudulent company will appear genuine when you verify them on a regulator’s website. If you are ever unsure about the legitimacy of a company please use the contact information provided on the regulator’s register. In the UK please click here for the FCA’s register of authorised firms.

Comparison sites

People are being contacted by fraudsters claiming to work for price comparison websites selling investment products. These platforms are often fake and the fraudsters are cloning the brands and documentation of legitimate investment management companies. The fraudsters are targeting members of the public through sponsored Google and Facebook links and are collecting personal details from illegitimate call centres.

Investment fraud

Fraudulent companies have also been contacting members of the public offering to transfer investments into legitimate funds. Individuals who invest following a cold call from such fraudulent companies are likely to be victims of an investment fraud.

Postal interception

Postal interception is more than just an inconvenience, it is another way members of the public can become victims of fraudsters. It can seriously jeopardise the security around a person’s bank accounts and investments. When criminals intercept post they can use it to obtain confidential information and use this to steal a victim’s identity, take over accounts and potentially steal or transfer funds away from victims. The UK financial services industry has seen a growing number of non-UK residents becoming the target of postal interception. We have found South African residents are disproportionately affected by this although other countries’ nationals are also vulnerable.

Malware communications

People may receive emails or text messages from what seems like a legitimate source. These may be a form of malware that attempts to install malicious software onto the recipient’s device.

Social media

Individuals are creating fake social media accounts on Twitter, Facebook and LinkedIn using genuine company employee names. Customers are then receiving unsolicited contact from unknown individuals using these employee names and making reference to these fake social media accounts in an attempt to make the contact seem genuine. These fake social media accounts are merely intended to confuse and defraud customers. If you come across social media accounts like this and are unsure about authenticity please contact the relevant company directly.

Recruitment scams

Legitimate companies can be subject to having their brand and name used in recruitment scams. Individuals are being contacted via email, by a person alleging to be a member of a company’s HR team, regarding career opportunities at the relevant company. These operate using a number of stages:

  • You receive an email inviting you for an interview (online using Google Hangout or via text).
  • You are requested to provide personal details.
  • You are given an employment offer/letter.
  • You are asked to perform initial online training.
  • You are asked to purchase equipment using funds that they send to you via cheque/transfer.
Compromised Emails

As email has become more widely used, fraudsters are now looking to compromise email addresses and control inboxes in an attempt to either acquire personal details or alternatively communicate directly from a stolen email address. Using a stolen email address, fraudsters may look to contact financial services firms to change personal and banking details, with a view to subsequent fraudulent divestment.

Estate Late Executor Fraud

Fraudsters to provide fraudulent estate late documentation, stating that they are executors of an estate, to gain access to an account. This is becoming particularly common in South Africa. There have been instances of fraudulent documentation being provided by insiders in legitimate organisations, making it more difficult for documents with fraudulent intent to be identified. You are urged to apply for estate late documentation and provide them to all financial services firms as soon as possible.

Protect yourself from fraud

Protect your identity

  • Limit the number of personal details you share online (ie date/place of birth on social media sites etc)
  • Your personal details are valuable. Don’t respond to unexpected requests for validation of your security or personal details, by phone, text, or emails
  • Review what social media sites or Google and other search engines know about you – erase what you don’t wish to be known.
  • Create and use complex and different passwords for different webpage logins. Passwords should be changed regularly.
  • Protect your printed or physical information and destroy or shred unwanted personal documents, old paper statements, and credit and debit cards.
  • Never use complimentary computers in airport lounges and hotels to do your banking.

Protect your devices

Your computer

  • Ensure no one has unauthorised access to your computer.
  • Use a password to access your own computer, restrict access to prevent programme installations.
  • Destroy or delete anything containing login details or security information, even if Investec has sent it to you.
  • Install third-party firewall, anti-virus and anti-malware software.

Free Wi-Fi

Please do not use free public Wi-Fi when trying to access your banking and online transactions.

In fact, do not try to access any account that requires a user name and password – even social media, when using free Wi-Fi, because of ‘sniffing’. ‘Sniffing’ is the phrase used by fraudsters to capture data from your laptop or mobile phone. When you launch an app (especially those that have stored your user ID and password), your security details are re-sent every time you launch the app, sometimes in an unencrypted form. Then, when you view your email accounts or social media posts, your security details are captured and used by fraudsters, who begin creating a profile of you.

Anti-virus can be installed on all of your devices, and often come with a Virtual Private Network (“VPN”) function. If you have to use public internet connections, it is strongly advised that a VPN is used.

Spot suspicious emails

Fake email messages or phishing

‘Phishing’ is when fraudsters send thousands of emails in the hope that they will catch a victim. It just takes one to make it worthwhile. The email may look real, but there are always small clues to warn you.

  • What is the full email address used – does it look odd?
  • How are you greeted? Dear Customer / Your name / Nothing?
  • Does it ask you to log in from a link on the email?
  • Does it say there are security issues?
  • Does it advise you that it is urgent and immediate?

Always take time to read an unexpected email. Fraudsters are counting on you being far too busy or worried so you don’t think clearly and will do what they request.

Spoofing and hacking emails

A ‘spoof’ email is where a fraudster will send you a Phishing email, but it is from a name you may know.  Well-known global corporates email formats are copied and fraudsters trick you into believing your package or order needs your attention by clicking on a link, to obtain your security details.

Recently this has developed into sending specific emails (also called ‘spear phishing’). This might relate to a real estate sale or purchase or hospital expense, claiming to be from a lawyer and requiring your payment, to the attached bank details.

Fraudsters obtain details through various means and can create a spoof mail that looks legitimate and you are expecting it, making it even easier for them to persuade you to make the payment.

Hacking

Fraudsters have obtained access to your email account and are able to read and create emails in your name. This means they can mail your friends and contacts, as well as knowing what financial deals you may have underway, and create that ‘spoof’ email to encourage you to make a payment. Please change your password if you see or receive any unusual activity.

Don't unsubscribe on emails from random advertisers

To check if your email is valid, fraudsters send a spoof/spam email with shopping, sports, or holiday offers. If you click to unsubscribe, they will then have a valid email address and can target you as they try to obtain more information about you.

Review your sent and deleted items folder

Take time to check your sent and deleted items folder on your computer. Are there messages you have not sent?  Your computer may have a virus or your email account may have been hacked or compromised. 

Don’t store confidential information in your email folders. Store personal documents and emails on your computer in a secure folder on your computer.

Attachments or links

Avoid clicking on any links or opening attachments included in unexpected emails, texts, or social media messages. These may be disguised as a tax refund, parcel delivery, invoices to get you to click on them.

Spot suspicious text messages

In the same way that email addresses can be spoofed, so can phone numbers. That way, it can look as though you’re receiving a call from a trusted number – even your bank’s genuine one. Text messages from spoofed numbers can appear in an existing thread of messages.

Fraudsters will also often text message from an unknown number pretending to be a trusted corporate organisation. In the UK this trend has tended to be from delivery companies such as Royal Mail or DPD. If the text message is legitimate, your mobile phone will automatically detect that the number legitimately belongs to that organisation. Do not click on any links in a text message until you are 100% sure it is not fraudulent.