Stay alert. Stay informed. Protect your finances against fraud. As technology advances, so do fraud tactics. The security of your story is our top priority. Fraud Hotline: 0800 205 055 cibfraud@absa.africa Absa | Corporate and Investment Banking > Don’t become a victim Fraud is more than just a crime It’s a global threat that silently drains billions from economies, shatters businesses, and ruins lives. From Social engineering, Cyber scams and identity theft to corporate deception, embezzlement and financial misstatements, fraud erodes trust in systems we rely on daily. In a world where innovation is growing faster than ever, fraudsters are evolving too—making vigilance, ethics, and strong controls not just important, but essential for a safer, fairer future. The occurrence of fraud can be from external or internal sources through identity theft or document and transaction falsification or combinations thereof. Types of Fraud External fraud refers to fraud committed by individuals outside an organisation such as customers, vendors, competitors or other parties involving individuals, rings of individuals, organised crime and even terrorist groups. Internal fraud is when the crime is committed by someone within the organisation against customers, third parties or the entity. Social Engineering Attacks Digital and Cyber Fraud Scams Advanced Fraud Techniques Financial Document Fraud Social Engineering Attacks Social engineering is a technique fraudsters use to trick individuals into sharing their sensitive information Business E-mail Compromise Received a request to urgently change banking details from an unknown party? This could be a Business E-mail Compromise scam. Read more Phishing Opened an email with an offer that’s too good to be true, or received a request to click on and you have to provide your sensitive information? There’s is a possibility that is a phishing scam. Read more Impersonation Got an urgent message from your 'CEO' asking you to process a payment or share sensitive info. Think twice before actioning the request it could be impersonation scam. Read more Spear phishing Spear phishing is a more sophisticated form of phishing in which criminals target specific individuals or organisations, seeking unauthorised access to private information. Read more Vishing Unexpected call from someone purporting to be from the bank requesting an OTP that was sent to your phone? That might be a fraudster tricking you to reveal your OTP code in order to access your bank profile. Read more Smishing Got an SMS requesting you to update your details via a link? This could be a trick by a fraudster to reveal your sensitive information. Read more Quishing Scanned a QR code from an email or poster that took you to a suspicious website asking for your login details? That might be quishing scam aimed at stealing your personal information to carry out fraudulent activities in your account Read more Digital and Cyber Digital and cyber: refers to deceptive or criminal activities carried out using digital platforms, the internet, or electronic devices. It involves trickery through various online tactics to gain unauthorized access to sensitive information and bank accounts Remote Account Takeover Noticed a suspicious application on your computer even though you never installed it could be a remote account takeover. Read more Baiting Baiting is a form of social engineering that uses tempting offers to exploit victims’ curiosity, tricking them into revealing login credentials and giving scammers unauthorised access to systems, thus enabling fraud. Read more Pretexting Pretexting is when cybercriminals impersonate trusted authorities, such as bank representatives or IT support, to gain access to sensitive information and cause financial harm. Read more Pharming Clicked on a link supposedly from your banker to update your details. However, the URL is different from your bank’s website? That could be pharming when fraudsters redirect you to a fake website to harvest your sensitive information. Read more Trojan Horse Downloaded what looked like a harmless file or app — and suddenly your system became very slow? That could be a Trojan — malware disguised as legitimate software, used by fraudsters. Read more Keylogger Logged in to your banking profile on a shared or public computer and few hours later received notifications that you have logged in to your bank account whereas you didn’t? Your login details could have been compromised through keylogger. wherein a hidden program that records every keystroke to steal your sensitive information. Read more Spyware Noticed your device slowing down and strange ads popping up after installing a free application? That could be spyware — malicious software secretly monitoring your activity and collecting your personal information without your consent. Read more Fraud Scams Fraud scams Fraud involving a change of account details uses fake attachments to notify victims of account or banking changes, tricking them into believing the notification is for legitimate business purposes. Read more Internal fraud Internal fraud occurs when employees abuse their position of trust and authority for personal gain. They then commit fraudulent or deceptive actions against clients or the business. Read more Business email compromise Business email compromise (BEC) is a type of cybercrime through which criminals illegally access an email account and communicate as if they are the actual user. It’s a sophisticated scam targeting both businesses and individuals who perform transactions. Read more Deposit and refund scams Fraudsters commit deposit and refund scams by placing orders with fake proofs of payment. They then request false cancellations and refunds before the funds have cleared. Read more Advance fee fraud Criminals advertise goods or services at artificial below-market prices while pressuring victims for upfront payment. Once received, they either vanish or extort additional funds. Read more Invoice fraud Invoice fraud occurs when criminals impersonate suppliers to submit fake invoices with false account details, which aims to misdirect payments. Read more Advanced Fraud Techniques Remote desktop protocol attacks Remote desktop protocol attacks exploit security weaknesses to gain remote access to users’ computers. They pose a major threat, including potential abuse by internal technical support staff. Read more Deepfake attacks Deepfake technology enables criminals to impersonate individuals by using artificial intelligence (AI) to mimic voices and bypass voice recognition security. These attacks highlight the need for multi-layered protection. Read more Financial Document Fraud Incorrect and fraudulent bills of lading Fraudsters forge trade documents like bills of lading to steal cargo. They pose as the consignee or falsify delivery rights to claim goods illegally. Read more Fraudulent guarantees Fraudulent guarantees misrepresent financial strength, collateral or creditworthiness to deceive banks or institutions into approving unauthorised financing or transactions Read more Letters of credit A letter of credit is a bank-issued financial instrument. It serves as a guarantee of payment from the buyer to the seller, provided that the terms and conditions of the letter of credit are met. Read more Learn more about fraud in our financial security articles While fraud is a complex issue, fraud prevention is not. Equip yourself with useful information to ensure your financial security. Social engineering: How attackers manipulate Social engineering involves tactics used by cyber criminals to trick individuals into revealing sensitive information or performing actions that lead to account takeovers or identity fraud. Learn how these manipulative techniques work and how to protect yourself. Phishing: Don’t take the bait Phishing is a deceptive tactic where attackers impersonate trusted entities to steal personal information like passwords or financial details. Stay vigilant against fraudulent emails and messages designed to trick you into giving up sensitive data. Spear phishing: Targeted attacks on your inbox Spear phishing is a more personalised form of phishing, where attackers craft convincing messages aimed directly at you. These attacks are designed to steal sensitive information by pretending to be someone you know or trust. Learn how to spot and avoid these targeted scams. Inform your banker of any suspicious activities you have noted To report fraud-related incidents, please email cibfraud@absa.africa or contact 0860 500 703 or 010 211 3117 To report a matter after business hours, please contact our Fraud Hotline on 0860 557 557 or 011 501 5089 To report phishing incidents, please email secmon@absa.co.za To assist us in investigating any fraud matters, please provide the following information: SAPS case number, e.g. Johannesburg SAPS case: 535/09/2016 An affidavit detailing exactly what happened, how it happened and when it happened. Include the bank account number affected. Any relevant information you may have, such as screen shots, emails etc Absa will never ask you... It is important to note the bank may contact you when they suspect suspicious transactions in your bank account. However, the bank will never ask you to: Provide a password to your bank profile or your OTP (One – Time Password). Urgently send sensitive information via WhatsApp or your account will be blocked. Install software or grant remote access to your phone or computer. Transfer money to a “safe” account, the bank will never ask you to move funds for security reasons, this is a tactic that fraudsters use to scam their victims. Provide an OTP in order to reverse a fraudulent transaction. Invite you to participate in any deals via WhatsApp. BEC Business Email Compromise (BEC), is where fraudsters gain unauthorized access to an email account and impersonate the user i.e. senior executive in organizations, suppliers, attorneys etc in order to trick the recipient into making payments or changing bank details into the fraudsters account and at times also requesting for sensitive information. How it happens and red flags to look out for Be cautious of requests from an unknown ‘contact’ or point of contact at the organisation. Look out for spoofed email addresses that are made to look like that of the organisation for example @absa.africa.com instead of @absa.africa. Be cautious of emails with a sense of urgency, requesting for personal information and/or sensitive company information. How to respond and protect yourself or organisation Always confirm any email change of banking detail requests / instructions by contacting the sender using known contact details you have on record. Do not reply to the email or use the contact details included in the email. Verify the bank account details using the Account Verification Service (AVS) available to you, before making any payments. Always examine the email address and header information to ensure that an email is from a legitimate contact. Organisations to implement email security tools to detect spoofed emails and phishing emails. Impersonation Impersonation is a technique that fraudsters use to pretend to be someone in authoritative position such as a CEO, senior executives, or a reputable company, typically to deceive the victim to reveal sensitive information or to make fraudulent payments for their own benefit. Fraudsters use various methods, including phone calls, AI generated emails, deepfakes and fake websites, to appear legitimate and gain the victim's trust. They often create a sense of urgency or fear to pressure victims into acting quickly without thinking. How it happens and red flags to look out for Fraudsters may impersonate organisation’s employees, often calling or emailing about supposed security breaches, suspicious transactions, or account issues which you as the victim are required to provide your login details. It is important to note the bank may contact you when they suspect anomalies on your bank account. However, the bank will never ask you to provide a password to your bank profile or your security pin. Fraudsters create a sense of urgency, claiming that immediate action is needed to prevent fraud, which can lead victims to bypass normal security protocols, be wary of such requests. Fraudster uses deepfake audio/video to mimic a CEO or stakeholder requesting an urgent transaction. Fraudsters spoof email addresses to appear legitimate, such as using @absa.africa.com instead of the genuine @absa.africa. They also create counterfeit websites that closely resemble the bank’s official site, like www.absa.africa.com instead of www.absa.africa. How to respond and protect yourself and/or your organisation Remain sceptical / vigilant of urgent requests especially over WhatsApp or unfamiliar channels. Be cautious of divulging sensitive company information. Confirm details if they check out to what you have on record. Look out Slight voice or visual glitches: Lip sync issues, unnatural blinking, or robotic tone to detect deep fakes. Always verify the identity of anyone requesting sensitive information or funds with your banker, especially if the request is unusual, by confirming it through an alternative method such as a direct call using a contact number you have on record or in-person conversation. Verify directly; don’t rely on display names. Call the person or message them on official platforms. Be sceptical of urgent requests, especially over WhatsApp or unfamiliar channels. Look out for out of the norm requests. SMiShing SMiShing it’s a social engineering technique fraudsters use to con you into sharing sensitive information so that they can access your accounts for their own use through text messaging. How it happens and red flags to look out for You receive a text message asking you to respond to an allegedly important and official request relating to the security or unblocking of your account. The link will ask you for information like your account number, usernames, password and cell phone number. If the SMS looks legitimate enough and you’re caught off guard, you could end up giving your personal information to a fraudster and fall victim to a SMShing scam. Be cautious of SMS which has a short web address (URL) such as bit.ly link. The SMiShing link requests personal information that a bank would never ask for such as your usernames and/or passwords. How to respond and protect yourself or organisation The bank will never ask you for your username and/or password. Be vigilant! Never click on a link in an SMS claiming to be from Absa or or share any of your personal information via a link sent to you in an SMS Phishing Phishing is a form of email fraud, where the fraudster tries to trick you into providing personal information, such as your username, password, passcode and transaction verification, by pretending to be a trustworthy source. How it happens and red flags to look out for Fraudsters send unsolicited e-mails to recipients purporting to come from a reliable source like the bank, South African Revenue Service, South African Police Services etc. The email may request to update, confirm or view your details by clicking on a link or an icon, or to open an attachment. Once clicked, the link will divert the victim to a fraudulent website under control of the fraudster and any information entered onto this page will be sent to the fraudsters. The information requested usually personal information and could include usernames and passwords for banking platforms or e-mail accounts as well as cell phone numbers. Clicking on the link or icon could also result in your computer being infected with malware. How to respond and protect yourself or organisation Do not reply or click on links or icons in unsolicited emails message, delete the message immediately. To authenticate a website use Yima to check for known vulnerabilities and security headers on the website and report any scams to Yima. Always verify the identity of anyone requesting sensitive information or funds, especially if the request is unusual, by confirming it through an alternative method such as a direct call or in-person communication. Ensure that communication occurs via official channels and verify the authenticity of the sender. In cases where you believe your device and/or your profile has been compromised, notify the bank immediately. Quishing QR phishing, also known as "Quishing," is an increasingly common tactic in the digital world. Fraudulent QR codes are embedded in emails, posters, or public spaces and, when scanned, direct users to malicious websites or harmful content designed to steal sensitive information. Red flags to look out for and how it works Fraudsters change legitimate QR codes to redirect you to a fraudulent website which might require you to provide your login credentials or making unintended payments. Never enter passwords, banking details, or personal information on websites opened through QR codes unless you’re sure of the site’s authenticity.. How to respond and protect yourself or organisation Avoid scanning QR codes from unknown or untrusted source Before entering any information, carefully check the website address (URL) to ensure it's legitimate. Vishing Vishing is a type of scam in which a fraudster makes a phone call while posing as a representative from the bank or other institution. The goal is to manipulate you into disclosing confidential personal or company information, making a payment, or installing a malicious app or program on your device. How it happens and red flags to look out for The fraudster will call you, pretending to be a bank representative or other authoritative person, who requires information such as your usernames, passwords, banking details and logon credentials to your online banking profile, to solve a problem or prevent your account from being closed or that they require you to send the OTP to reverse a fraudulent transaction. If you receive a message or an e-mail requesting you to press 1 or accept a transaction, without having made any transaction, it's likely that a fraudster has taken over your account.. Fraudsters create a sense of urgency or fear to pressure victims into acting quickly without thinking. For example, they might say your account is about to be blocked or that you'll face legal consequences if you don't provide information immediately. How to respond and protect yourself Be cautious of unsolicited calls, especially those asking for confidential personal and company information. If you are unsure about a call, hang up and call the bank back directly using a known and trusted number. If you receive an OTP on your mobile device without having transacted, it’s possible that the fraudster has gained access to your account. Do not provide any confidential information such as PIN, passwords, or OTPs over the phone. Remote Account Takeover Remote Account Takeover relates to unauthorised access and control over a user's account or system from a remote location. One of the most common attack vectors for this is the exploitation of Remote Desktop Protocol (RDP) a Microsoft protocol that allows users to connect to a computer remotely. How it happens and what to look out for: You’re tricked into allowing ‘Remote Access Control’ software to be downloaded onto your computer through opening an e-mail attachment. Fraudsters use this software to take control of your computer remotely, adjusting your settings to leave the computer vulnerable to fraud. Out of the blue you receive a pop-up notification to accept a request for your computer to be accessed remotely, and you have no knowledge where the request comes from. You notice suspicious transactions/activity on your account such as unknown applications you didn’t install, it could be a sign of a remote Account takeover — where a fraudster gains unauthorized access to your account and uses it as if they were you. You receive a phone call supposedly from IT, and you are informed that your laptop will be infected with a virus or malware if you don’t download the recommended software immediately, giving you no time to think about it or ask anyone for advice. How to respond and protect yourself or organisation Delete unknown or suspicious apps/extensions. Once you notice any unknown files and applications notify your IT department. Invest in tools that will monitor any abuses in remote accessing of employee devices, regular sweeping of networks, infrastructures to detect any malware Avoid clicking suspicious links or downloading from unknown sites. Pharming Pharming is a technique that is used by fraudsters whereby they redirects users from legitimate websites to fraudulent ones, intercepting login attempts and leading to unauthorised access, identity theft and fraud. How it happens and what to look out for: Fraudsters manipulate the Domain Name System (DNS) to redirect legitimate website traffic to a malicious lookalike site. You enter the correct URL, but the website looks slightly off (e.g., logo distortion, odd grammar, outdated interface). Be vigilant of fake Wi-Fi hotspots: Attackers create free public networks that reroute users to phishing website. Unexpected requests for sensitive information (e.g., banking PINs, OTPs, or usernames. How to respond and protect yourself or organisation Review the URL, to identify for subtle misspellings or missing letters. Look for HTTPS & secure padlock. Be wary of entering credentials on an unknown site. Trojan Horse (Trojan) Tjojan Horse (Trojan) is a type of malware disguised as a legitimate program or file. Once downloaded and opened, it creates a backdoor for attackers to steal data, control your device, or spy on your activity — all without your knowledge. How it happens and what to look out for: Often disguised as an attachment like a PDF, software update or invoice, when you open it, It installs malware that steals login details and facilitates fraudulent payments without your knowledge. Your device suddenly runs slow, crashes, or behaves oddly. Unexpected pop-ups, redirects, or programs appear. You notice unauthorized transactions or login attempt. How to respond and protect yourself or organisation Do not open suspicious attachments or downloads — even if they seem to come from someone you know. Use antivirus software and keep it updated. Implement cyber threat hunting tools to assist your organisation in detecting malware and other malicious applications. Keylogger Keyloggers are programs that record everything you type, including passwords, emails, and credit card numbers. Installed via Trojans or malicious downloads. How it happens and what to look out for: You open an email attachment, and it installs a file, app, or extension that looks legitimate but contains hidden keylogging software. It silently runs in the background and Captures everything you type, including credentials. Sends the recorded data to an attacker. You notice unexpected logins or access attempts to your accounts. How to respond and protect yourself or organisation Once you notice any unknown files and applications notify your IT department. Change all passwords using a secure, trusted device. Spyware Spyware involves the use of malicious software to covertly infiltrate computers or networks with the intent of collecting sensitive information. The information collected can then be used by fraudsters to commit fraud, including unauthorised access to bank accounts, theft of corporate data, and manipulation of financial transactions. How it happens and what to look out for: You unintentionally install spyware when opening infected email attachments or websites, Clicking on malicious links or pop-ups or downloading free software or apps from untrusted sources. Spyware secretly monitors user behaviour, collects data, and sends it to a third party without your consent. It monitors browsing habits, captures screenshots, accesses camera/microphone, tracks location, collects files or clipboard data etc. Unlike Keylogger it collects many types of data, not just keystrokes. How to respond and protect yourself or organisation Delete unknown or suspicious apps/extensions. Once you notice any unknown files and applications notify your IT department. Keep your software and operating systems updated. Avoid clicking suspicious links or downloading from unknown or verified sites. Internal Fraud According to the ACFE’s 2024 Report to the Nations, nearly 42% of occupational fraud cases involve internal perpetrators, underscoring the reality that the threat often lies within. The consequences of internal fraud extend beyond financial loss; they erode organizational culture, damage employee morale, and compromise stakeholder trust. In many cases, internal fraud goes undetected for extended periods due to inadequate oversight, poor segregation of duties, or a lack of whistleblowing mechanisms. Africa, in particular, shows a higher rate of corruption-related internal fraud (54%) compared to the global average, according to ACFE regional data. Several key factors contribute to the occurrence of internal fraud Lack of controls which create opportunities for employees to commit fraud such as lack of segregation of duties, poor access management or inadequate oversight which make it easier for employees to commit fraud undetected. e.g. one person captures an invoice, process and authorise the payment for the invoice. Employees may feel financial pressure (e.g., debt, addiction, lifestyle demands (living beyond their means), or unrealistic performance expectations (e.g., sales targets). The pressure motivates employees to find illicit ways to resolve their situation or collude with other employees and external parties to commit fraud. Employees or management may rationalise manipulating financial statements to make the company appear profitable and attract investors. Measures to mitigate the risk of internal fraud Strengthen Internal Controls through implementing segregation of duties. Conduct regular audits and have oversight over high risk processes. Restrict access to critical systems and data based on role. Conduct access reviews to ensure the relevance of access. Implement a Whistleblower Hotline to encourage employees to report any suspicious activities. Conduct Background Checks on all employees such as employment history, qualifications, and criminal records Conduct fraud awareness trainings for employees in terms of the fraud risks and reporting mechanisms. Rotate duties & enforce Mandatory Leave to help prevent long-term concealment of fraud.