Phishing is when an attacker sends you a fraudulent email, pretending to be a trusty source like an established company or a bank. They aim to trick you into sharing sensitive information like your ID number, banking details, online banking login credentials, PIN, password, OTP, or cellphone number.

Look out for these suspicious-looking emails and don't click on links that ask you to provide login information. 

Fraudsters try and make you:
  • Click on malicious links or open malware-containing attachments
  • Disclose sensitive information such as account passwords
Warning signs:
  • Absa will NEVER send emails with links or attachments redirecting you to a login page that requests you to share your username and password, or passcode
  • Make sure your emails are coming from a verified email address and not from a spoofed email address
  • Check for grammar and spelling errors
  • Always validate URLs for legitimacy
  • Don't download remote access software or grant strangers access to your devices
  • Be cautious of emails promising unreal rewards, competitions that you never entered, or urgent threats
  • No reputable institution, especially a bank, will reach out to you for sensitive information

Vishing is when a fraudster calls you directly and pretends to be a bank representative. They aim to trick you into sharing sensitive information like your ID number, banking details, online banking login credentials, PIN, password, OTP, or cellphone number.

They will encourage you to act urgently and pretend like your account is at risk of being hacked or exposed if you don't.

Protect yourself:
  • Never share PINs, passwords, passcodes, or card CVV numbers with someone on the phone
  • Beware of fraudsters diverting numbers, especially if they ask you to call back
  • If calls or OTPs cease unexpectedly, contact your service provider to check for SIM swapping
  • Do not provide a received OTP to anyone; report such incidents to the bank
  • Avoid downloading software from suspicious sources
Fraud scenario:
  • Caller requests personal information that Absa would never ask for
  • Caller presents unlikely issues, like a blocked or hacked account
  • Caller prompts a call back with false validation, accompanied by an OTP not initiated by you

Smishing is when a fraudster sends you an urgent, deceptive text messages, threatening that your account will get blocked if you do not react. Their aim is to trick you into sharing sensitive information like your ID number, banking details, online banking login cedentials, PIN, password, OTP, or cellphone number.

Absa will never send you an SMS with a link on it. Report any suspicious SMS activity and delete it the SMS. 

How to identify Smishing:
  • Shortened URLs, especially using bit.ly
  • Requests for personal information a bank would never ask for
  • Differences in style and sign-off compared to legitimate messages from Absa

A fraudster can perform an illegitimate SIM swap with your cellphone service provider. If a fraudster has a false copy of your identity number or has all of your personal details available they can manipulate your cellphone number to receive SMSes that should be going to you, for example, an OTP.

This means that they are one step closer to logging into your account. This is why you must never share personal information like your ID number, banking details, online banking login credentials, PIN, password, OTP, or cellphone number with strangers or suspicious digital sources. 

Protect yourself:
  • Activate app authentication on your mobile banking app to stop fraudsters from using SIM swapping to access your account
  • Protect your personal, bank account and cellphone account information when you are talking to strangers or busy online
  • Immediately investigate when you notice that you are not receiving calls and messages
  • Keep your phone switched on – otherwise, you will not notice when your SIM card has been swapped

Fraudsters targeting un-suspecting public with super deals, at times purporting to be from reputable corporates . They would provide an account through which the payments for such offers should be made . Some of the scams would be as below.

  1. Scammers would purport sale of high-on-demand consumer goods, i.e. electronics, cement, or Iron sheets ( Mabati) on either installments (Lipa Pole pole) or at almost half price, providing their own account where payments should be made to.
  2. They could also purport to be from reputable transport companies, offering low-cost bus tickets especially during festivities, providing their own account where bookings should be paid to.

How to protect yourself against online scams

  1. Be wary of super deals, if something is too good to be true, most likely it is.
  2. Do not make payments to unknown persons, always verify the recipient details before making payments.

This scam typically involves persuading the victim to pay a small up-front payment in anticipation of receiving a much larger sum that is ultimately never delivered. The advance payment may be described as processing fees or commission. This scam usually begins with the perpetrator contacting the victim via email, instant messaging or social networking sites using a fake email address or social media account and making an offer that would allegedly result in a large payoff for the victim.

To help persuade the victim to agree to the deal, the scammer often sends one or more false documents, which bear official government stamps, and seals. Once the victim's confidence has been gained, the scammer then introduces a delay or monetary hurdle that prevents the deal from occurring as planned, such as "To transmit the money, we need to bribe a bank official”.  If the victim buys into these excuses, they might continue sending money to the fraudster for a longer period.

In this scam, fraudsters target business people and entice them with very good offers on whatever goods or services are being sold. After agreeing on the price or invoice amount, the victim is defrauded through the following methods:

  • Presented with a fake payment confirmation to facilitate release of goods
  • Fraudster take the goods or enjoy the services but pay using fraudulent banker's cheque, which is later dishonoured
  • Fraudster recalls/reverses the transaction after taking the goods or enjoying the services
  • Fraudsters pay in excess using fraudulent payment instrument like cheque or card. They immediately request for refund of ‘excess’ in cash or Mpesa. By the time the instrument is dishonoured, the fraudster is nowhere to be found
Tips to prevent cheque fraud:
  • Wait for clearance
    If you are accepting a cheque as payment, wait for it to clear before handing over goods or issuing a refund

  • Beware of overpayment
    Be cautious if you receive a cheque exceeding the owed amount (scammers might ask you to deposit it and return the excess, indicating potential fraud)

  • Report lost cheques
    Immediately report lost, stolen, or missing cheques

  • Do proper cheque filling
    When filling out a cheque, avoid leaving space before the payee's name or amount (cross out unused spaces)

  • Keep your chequebook secured
    Keep your chequebook in a safe place at all times and don't let strangers have access to it

  • Avoid blank cheques
    Never sign a blank cheque that does not have an amount and all other information filled in

  • Reconcile regularly
    Make sure you are checking your bank and cheque statements regularly

  • Use 'Not Transferable'
    Mark cheques with "Not transferable" between two transverse lines for intended beneficiary assurance

  • Use secure mailing
    When posting a cheque, use a non-transparent or dark envelope without staples/paper clips and make sure your mailing service provider is reliable

  • Reject faxed deposit slips
    Never accept faxed bank deposit slips as proof of payment

  • Look for handwriting
    Make sure that there is consistent handwriting and pen use on cheques received

  • Look for alterations
    Verify that your cheques received do not have any visible alterations

Prevent supplier fraud by always verifying changes received from suppliers, and always ensuring that supplier/beneficiary banking details are authentic; be cautious of diverted correspondence.

If you suspect fraud, report it to your relationship executive immediately, or contact Absa Customer Service at +254 (20) 3900000. Reporting to the police is also highly recommended. 

What to watch out for:
  • Counterfeit documents
    Beware of scanned company letterheads with blurred logos on counterfeit invoices

  • Email discrepancies
    Watch for confirming emails from nearly identical addresses, differing by a single easily overlooked letter

  • Bank changes
    Always verify requests to change bank details with your regular contact

  • Invoice scrutiny
    Train staff to check invoices for irregularities and report suspicions to a known contact

  • Designated contacts
    Consider setting up single points of contact for regular payments to specific companies

  • Secure Disposal
    Shred business and supplier documents containing letterheads

  • Private banking details
    Avoid publishing bank account details online to prevent fraudulent use

  • Review change requests
    Scrutinize past requests to change account details to ensure authenticity

  • Client awareness
    Warn clients about potential fraudulent instructions, safeguarding them from acting on false information
How to prevent tech support scams:
  • Update software
    Keep software current with the latest security patches

  • Avoid unexpected calls
    Never grant computer control to an unexpected third party

  • Doubt caller ID
    Don't solely rely on caller ID for authentication, as numbers can be spoofed

  • No financial info
    Never provide passwords, credit card details, or financial information to unsolicited tech support claims
Need more help?

Call us on:
+254 (20) 3900000 (Landline)
+254 (722) 130120 (Mobile)
+254 (732) 130120 (Mobile)

Chat to Abby on WhatsApp:
+254 710 130000

Email us:
absa.kenya@absa.africa