NOTICE: New FICA phishing scam targeting Nedbank clients

Fraudsters pretending to be Nedbank are currently sending emails requesting that you download an HTML document. To members of the public the emails seem as though they come from Nedbank, when in fact they don't. The emails appear to be coming from ficaAlert@nedbank.co.za stating that Nedbank is still awaiting FICA documents and that you, as receiver of the email, need to download an attached HTML document. When you click on the HTML document it takes you to a fake Nedbank website where you are requested to insert your profile, PIN and password. Once you enter your details, money is moved from your account in seconds.

Example of the email received by clients:

-----Original Message----- From: NedBank [mailto:ficaAlert@nedbank.co.za]
Sent: 16 May 2017 10:34 AM
To: Recipients
Subject: Send us your FICA documents to avoid suspension

Dear Customer

We are still waiting for your FICA documents. To prevent your account from being frozen.

Please download the attached HTML document.

Regards

Nedbank

While Nedbank is constantly striving to provide a service that is intended to make your banking as easy and convenient as possible, all South African banks are legally obliged to verify information received from clients – both new and existing.

Therefore, apart from the information that you will provide in your online application, we may require certain additional documentation and information from you. In some cases this may even be required before the bank can complete the processing of your application. Should we need anything more, a Nedbank consultant will contact you to make the necessary arrangements.

Our consultants will contact you within 2 - 3 business days to issue you with your Self-service Banking profile number and temporary PIN. Your initial financial payment and transfer limits will be set to R0,00. A quick visit to any Nedbank retail outlet with your identity document is required to set your daily payment and transfer limits and link yourself to the SMS authorization facility for high-risk transaction types.

Copyright © Nedbank Limited 1997-2014. Nedbank Ltd Reg No 1951/000009/06. We subscribe to the Code of Banking Practice of The Banking Association South Africa and, for unresolved disputes, support resolution through the Ombudsman for Banking Services. We are an authorised financial services provider. We are a registered credit provider in terms of the National Credit Act (NCR Reg No NCRCP16).

Tips to stay safe

• The bank will never ask for your personal details by email, SMS or telephone.
• Be suspicious of any email or text message that asks for your personal information, such as your identity number and banking details (profile, PIN and password).
• Website addresses (URLs) that start with 'http', rather than 'https', are not secure sites. Https sites are only secure if the little lock is displayed in the address bar. If you see a little lock on an http site, it is a sure sign that it is a fraudulent site.
• Do not open attachments from unknown sources.
• Ensure that you have Trusteer Rapport on your computer. This is an online fraud protection software that is free for all clients.
• How to download Trusteer Rapport:
  1. When you log off internet banking, click on the Trusteer icon to install the application and restart your computer.
  2. Once installed, a green Trusteer Rapport icon will be displayed in or near the browser address bar when you visit www.nedbank.co.za.
• Make sure that, apart from Trusteer Rapport, you have reliable, up-to-date antivirus software installed on all your computers. Advice on the effectiveness of different packages can be obtained from the independent website av-comparatives.org, which frequently tests leading antivirus software.
• If possible, install a robust firewall to prevent information from entering or leaving your computer unsanctioned through the internet.
• Ensure that you install the latest updates or patches to your operating system as soon as these are available to prevent criminals from exploiting security vulnerabilities on your computer.
• Scrutinise your bank statements frequently and notify Nedbank as soon as possible if you see any unfamiliar transactions.
• Should you receive a suspicious email, please forward it to phishing@nedbank.co.za.
• Should you receive a notification from your cellphone network operator about a SIM swap that you did not request, change your electronic banking PIN and password immediately and notify Nedbank.