WesBank is serious about security! In addition to the multiple
layers of security already available, we also offer all website users
a free software program that can protect you from being phished and
prevent spyware from stealing your banking login details.
Why do I need this?
WesBank has partnered with Prevx, the providers of SafeOnline,
allowing the FREE download of SafeOnline for all WesBank Online users.
This software will give you the protection you require while on all
secure sites - not just on Online Account Services!
Prevx SafeOnline helps to:
safeguard your credentials whilst on a secure online site
protect your Online Banking access details and personal information
protect you against activities such as phishing and keystroke logging
protect you against fraud
alert you when you are on a phishing site
alert you of any viruses, spyware etc. on your computer
What can I do with this?
With Prevx SafeOnline you can surf the web, purchase goods, make
payments and do transfers online without the stress of worrying
whether someone else might be monitoring your behaviour and planning
to steal your money or identity.
You can have the peace of mind that you'll be alerted when you
are on a phishing or non secure site.
You can opt to purchase the full Prevx SafeOnline solution which
will disinfect your computer when any viruses, spyware etc. are
What will it cost?
Prevx SafeOnline is absolutely free to Online Account Services
Should you wish to purchase the full anti-virus software
provided by Prevx this can be done via Prevx's website:
Do I qualify?
Yes, all Online Account Services clients qualify for the FREE
download of Prevx SafeOnline.
What do I need to do?
Login to Online Banking and follow the steps in the Help
Existing Online Account Services Terms and Conditions apply.
Data protection - supply of information to the bank
In its continued effort to improve your Online Banking security,
the Bank may obtain, from Prevx, information relating to security
threats on your computer which is important in assisting the Bank to
monitor and identify such security threats. In downloading and
installing the Prevx software, you authorise Prevx to disclose the
information to the Bank and you consent to the Bank receiving and
using the information. The Bank undertakes to keep the collected
For more information, you can contact our Online Help Desk on 0861 000
969 or E-mail: firstname.lastname@example.org
using public terminals (such as Internet cafes) for Internet banking.
of the higher risk of interception during a wireless connection. Only
do your banking via a wireless hotspot if you are certain of the
integrity of the connection.
that you have an updated anti-virus and spyware program and perform
regular system scans.
Online Account Services or Online Banking Enterprise and download
Prevx SafeOnline for FREE.
access the site via a link. Rather type the address into the browser
address bar or save the address as a 'Favourite'.
open other websites while logged into Internet Banking - only have a
single browser window open.
User ID and password that cannot be easily guessed and change these
your computer software is up-to-date.
for the padlock in the lower right of your browser window (it
indicates a secure site). You can click on this padlock to verify the
complete your online banking tasks, log off and close the browser
provide your password over the Internet (by email) or over the
telephone to anyone (including persons identifying themselves as bank
Don't trust a PDF
payment proof unless verified by the bank - these documents can be
manipulated by fraudsters.
This is a program that protects your PC against spyware and
helps to keep your computer and personal details secure. e.g. Prevx
Browser software provides you with the means to view a web page.
Without browser software, you would not be able to surf the Internet.
A computer virus is a piece of code that is secretly
introduced into a system in order to corrupt it or destroy data.
Often viruses are hidden in other programs or documents and when
opened, the virus is let loose
This is a collection of information, usually including a username and
the current date and time, stored on the local computer of a person
using the Internet. It is used by websites to identify users who have
previously registered or visited the site.
Encryption converts data into an encoded form before it is sent over
the Internet. This prevents unauthorised access to the information.
At WesBank, we use 2048-bit Secure Socket Layer (SSL) encryption to
secure your information.
Any of a number of security schemes that prevent unauthorised users
from gaining access to a computer network or that monitors transfers
of information to and from the network or personal computer.
This is the crime of obtaining the personal or financial
information of another person for the purpose of assuming that
person's name to make transactions or purchases.
This involves the capturing of information that you type on
the keyboard by installed hardware. This is often used by fraudsters
to capture personal details including passwords.
Socket Layer (SSL):
This is a protocol that provides a high level of
security for communication over the Internet.
Unsolicited email, often of a commercial nature, sent
indiscriminately to multiple mailing lists or individuals.
This is software that secretly gathers information about a user while
he/she navigates the internet. This information is normally used for
advertising purposes. Spyware can also gather information about email
addresses and even passwords and credit card numbers.
This is a program that disguises itself as another program.
Similar to a virus, these programs are hidden and cause an unwanted
effect. They differ from viruses because they are normally not
designed to replicate like a virus.
A computer virus is a piece of code that is secretly introduced into
a system in order to corrupt it or destroy data. Often viruses are
hidden in other programs or documents and when opened, the virus is
This is a special type of virus that spreads without any user
interaction, typically by exploiting a flaw in popular software.
Protect Your Computer
are using a PC and need to walk away from it for any reason, log off
or lock your workstation.
passwords that would be difficult for others to guess and change then
give your password to anyone, or leave written notes with your
password near your machine.
any suspicious activity on your PC to the appropriate person.
Prevx SafeOnline for FREE from our WesBank website.
Protect Your Email
Any email is at risk of being intercepted, and you should never
send sensitive information (passwords, etc) via email.
Tips for staying safe:
provide your email address to third party websites, without
understanding how your email address will be used.
send sensitive information via email.
opening unidentified email messages with attachments.
SafeOnline can assist to protect your credentials when online.
Your Site Padlock.
visit a website (especially a transaction website) you should look
for a padlock in the browser window.
padlock indicates that you are in SSL (secure socket layer) mode,
which means that every request or information that you send from the
browser to our secure site is encrypted (scrambled and encoded).
uses Entrust Digital Security to encrypt information.
Entrust Site Seal makes it possible for our Online Banking customers
to transact and share information free of worry.
SafeOnline assists by providing an icon on top of your web browser
bar in a specific colour to guide you when accessing different sites:
- * Red = reported phishing site
- * Blue = non-secure site
- * Green = secure site
What Browser Do You Use?
are many kinds of browsers and the WesBank website is designed to be
accessible via all main web browsers and browsing devices.
recommend that you use the latest version of your preferred browser.
The most up-to-date version of your preferred browser is normally
available as a free download from the relevant browser manufacturer's
latest versions of browsers are more secure than older versions,
which is particularly important when doing your banking via the
Windows based PCs are preinstalled with Microsoft Internet Explorer
(IE), therefore it is the most commonly used browser. Because of
this, IE is the browser most attacked by viruses and spyware.
use IE it is particularly important to run a virus scanner regularly
and keep it updated with the latest security patches from Microsoft.
good browsers for Windows PCs, such as Opera and Mozilla Firefox, are
available free of charge.
SafeOnline assists to protect your browser i.e. your entire online
Is Your Browser As Safe As you Think?
can remember or cache information, that being a page or an image from
makes Internet surfing quicker because when you return to a web page,
the browser can present a stored page without having to request the
page from the server again.
security, all WesBank Online Aoccount Services pages are delivered
with instructions to the browser not to cache (remember) the
most browsers obey these instructions, Internet Explorer (IE) ignores
them and under certain circumstances you may view a cached page of
SafeOnline assists to protect your browser i.e. your entire online
experience. An icon in a specific colour appears on top of your web
browser bar to guide you when accessing different sites:
- * Red = reported phishing site
- * Blue = non-secure site
- * Green = secure site
prevent this make sure that IE has the following settings:
* >Tools > Internet Options > Advanced > Do not save
* >Tools > Internet Options > General > Settings >
* >Tools > Internet Options > Advanced > Empty Temporary
Internet Files folder when browser is closed
the latest security updates and patches.
time to time, weak spots are discovered in programs running on your
PC. The vendor would then release a patch to fix this weakness.
for patches and weaknesses, visit the vendor's website on a regular
Online Account Services or Online Banking Enterprise and download
Prevx SafeOnline for FREE.
Be good to your password
Believe it or not, to make your online banking experience more
secure, our system will block you from entering a password that is too
simple. Read our password rules below:
Passwords must be a combination of upper and lower case letters, at
least one special character and one number.
Passwords must be a minimum of 7 characters and not exceed 30
character cannot be used consecutively, e.g. aardvark.
passwords cannot be the same as the previous 12 versions.
Passwords must not be similar to User ID.
Install and maintain antivirus software
is a malicious program that can destroy data on your computer and
slow your computer's performance.
are often received via email and to protect your PC, you should
install anti-virus software and run regular scans and remember.
a habit to never open email attachments from unknown sources.
cautious when downloading and running programs, as they may contain
unsecured data, which cannot be filtered by firewall or anti-virus
SafeOnline works on top of any anti-virus software and alongside all
other security products that you may already be using. However,
unlike anti-virus software, it is designed to protect login details
such as your User ID and Password, as well as other personal
credentials like your name, ID number and bank account details when
banking, shopping and social networking online.
Protect your identity
think that no one would be interested in your personal information,
think again. In the wrong hands, it can provide unauthorised access
to your accounts and credit card.
theft happens when a criminal obtains your personal information to
steal money from your accounts, open new credit accounts, apply for
loans, rent apartments and commit other crimes - all using your
acts can damage your credit rating, leave you with unwanted bills and
cause countless hours of frustration to clear your name.
they do it? Fraudsters phish, they spoof, they log keys, engineer
socially and organise 419 scams.
SafeOnline is designed to protect login details such as your User ID
and Password, as well as other personal credentials like your name,
ID number and bank account details when banking, shopping and social
Don't just download and share files
File-sharing occurs when you download software that connects your PC
to an informal network of other computers running the same software.
this, you can share information (music, games and software) with
millions of users.
tempting, but you should be aware of the risks. By downloading this
software, you could unwittingly allow access not just to the files
that you intend sharing, but also to confidential information on your
could also unintentionally download material protected by copyright,
or pornography labelled as something innocent.
Firewalls protect your PC
simple terms a firewall monitors for outside attempts to access your
system and blocks communication from specified sources.
operating systems (like Windows) come with a built-in firewall.
Protect yourself from spyware
is a type of computer program that is installed on your PC without
your knowledge or consent. This is done either by tricking you into
installing the spyware or by someone who has access to your computer.
is designed to steal personal information such as your banking login
details (your username and password). The spyware then sends this
information onto the criminal. Spyware can steal more than your
banking information and can be used to steal your email, instant
messaging and monitor websites that you visit.
is designed to evade detection. This means that your anti-virus will
not necessarily detect it. In addition some products only detect
underground spyware and not commercial spyware.
yourself safe, do not run applications sent to you in an email.
respond to tweets or messages on other social networking sites from
people you don't know, especially those enticing you to download
addition run an anti-spyware program to detect and protect you from
to date with the current scams going around (that try and get you to
sure you understand the protection options offered to you by WesBank
and use them to maximize the protection on your account.
prevents spyware from stealing the user's login details on any secure
site including, but not limited to, Online Banking. This includes
login to sites such as SARS eFiling, web mail and social network
sites such as FaceBook and Twitter.
Protect Your WesBank Credit Card at ATMs
Criminals use various different means to commit fraud at ATMs. For
example, they could jam the machine and then try and appear helpful
with the intent of getting hold of your card and PIN.
Remember, a criminal must have both your card and PIN to be able to
draw money from your account.
Stay safe and remember:
using ATMs in secluded areas.
feel unsafe at an ATM, return later or use another machine.
enter your PIN when the ATM screen instructs you to
close to the ATM and block the view with your hand.
write the PIN on the card.
check that you get your card back from the machine.
count your cash at the ATM.
If you use a credit or debit card to shop online, remember the
provide your card information to reputable companies and for single
that the site is a secure shopping site - indicated by a padlock in
the bottom right-hand corner of the browser.
And always remember...
personal details change, please tell us.
cancel a card, destroy it by cutting it up.
your bank statements and cheque books safe.
Read your bank
Symantec Security Response
Threats and Risks
Security for the real world
Recently Discovered Viruses
Types of Scams
Currently customers are receiving emails with the Subject line:
"Payment Notice" or "Quote". When they open these emails, the email
contains an attachment in a compressed file. When the customer double
clicks on this compressed file there is a file normally called payment
notification.exe and can have the words [application] next to it. Do
not run this exe. In all likelihood it is spyware and will compromise
your Online Banking. Should you receive this or believe you have
spyware on your computer contact the WesBank Risk department at:
https://www.fnb.co.za/security-centre/contact-us.html. Please report
all phishing emails to email@example.com
Emails encouraging users to update their computer software by clicking
on a link are also being sent out. Do not click on these links as they
normally lead to sites that download spyware rather than software
updates. A fake "Acrobat Reader / Adobe flash" email is currently
popular. It is a good security practice to update your computer
software, but do this via the automatic options your software provides
and not via a link in an email.
This is a form of fraud where criminals attempt to access your
confidential information. This is done either by an email request for
information or by luring you to a fake website.
In both instances, the fraudster would pretend to be from a
legitimate company (for example the bank), and would ask you to
disclose confidential financial and personal information - like
passwords, credit card account numbers and ID numbers.
Never access the site via a link. Rather type the address into
the browser address bar or save the address as a 'Favourite'.
If you suspect that your confidential information has been
compromised, please do not hesitate to contact our dedicated Fraud
Team on 087 575 0011 for
assistance, or email firstname.lastname@example.org
Never reply to email that:
Requires you to enter personal information directly into the
email or submit that information some other way.
Threatens to close or suspend your account if you do not take
immediate action by providing personal information.
Solicits your participation in a survey where you are asked to
enter personal information.
States that your account has been compromised or that there has
been third-party activity on your account, and requests you to enter
or confirm your account information.
Asks you to enter your User ID, password or account numbers into
an email or non-secure web page.
Asks you to confirm, verify, or refresh your account, credit
card, or address information.
The most important thing to remember is not to interact with the
sender of the email, and definitely do not enter any of your personal
or account details. Remember, WesBank would never ask for sensitive
information via email.
Spoofing happens when a fraudster builds a website to mimic
another company's website. Not only does the site look similar, but it
also has a similar address or URL.
The aim here is to trap unsuspecting customers to transact on
the fake website. This fake address would normally be sent via email
communication as a clickable link.
WesBank's website address is www.wesbank.co.za and no other
website can have the same address. So as long as the above address is
in your browser you are on the legitimate site.
Fraudsters are constantly searching for better ways of
committing fraud. One way involves collecting information by using
key-loggers and installing these onto computers.
A key logger is a device that captures your key strokes on the
keyboard, enabling the fraudster to access your passwords and other
To prevent this from occurring:
Physically check for key-loggers on the back of your computer
each time you log on.
If possible, avoid using vulnerable machines for Internet
banking, such as those at Internet cafes.
With regards to cards, fraudsters use 'skimming' devices to
obtain information. The fraudster simply swipes the card through the
device and thereby obtains your information illegally.
The fraudster downloads the information from the device onto a
computer and then uses this to manufacture a fraudulent card.
Tips to prevent this occurring:
Never allow anyone else to handle your WesBank Credit card.
Never let your card out of your sight, for example at a
This is a term that describes a ploy used to gain information
that compromises an individual's or company's security.
Fraudsters befriend unsuspecting people and trick them into
revealing passwords or other information.
It is difficult not to fall into the trap of an experienced
social engineer, as they exploit the natural tendency of people to be
The best precautionary measures are to follow the security
procedures at your workplace, be aware of your environment and the
people therein and don't discard sensitive information without first
A 419 scam disguises itself in various forms and has become one
of the most used schemes to trick people into being victims or
accessories to crime.
The fraudsters who introduce these schemes base their efforts on
the naivety and greed of people.
The important thing to remember is - if it sounds too good to be
true, it probably is.
On average, a cheque is handled by up to 20 people from the time
you make it out to the time your branch pays it. This means that there
are numerous opportunities for the cheque to be intercepted
(especially when cheques are posted).
Customers can also be defrauded when accepting a cheque or bank
deposit when selling goods. Often the cheque or the deposit turns out
to be fraudulent. If you are a seller, never release goods until you
are certain that the payment is valid.
Always wait for the funds to be cleared before releasing goods,
even if it seems to be a bank-issued cheque. While the cheque may
appear to be genuine, fraudsters have even gone so far as to print
their own cheques. The cheque could also be stolen. Even if the cheque
is genuine, there are certain circumstances when bank-issued cheques
will not be honoured.
Never accept a faxed bank deposit slip as proof of payment.
Amounts and details can easily be changed to reflect a higher value or
that it is a cash deposit.
Check with your bank first that the correct amount has been
deposited and whether the deposit is cash or cheque. If it is a cheque
deposit, wait until the cheque has been paid (usually this will take
seven days) before you release goods.
Some sensible safety tips:
When you write out a cheque, use a ballpoint pen instead of a
pen with more erasable inks like fountain pens or felt tip pens.
To prevent unauthorised additions and/or alterations, start
writing as close as possible to the left-hand margin. Leave no gaps
and draw a line through unused spaces.
Any cheques that you don't want to cash should be crossed. To
ensure that a cheque is paid into the intended beneficiary's account,
the cheque must be marked with the words Not Transferable between two
Always keep your chequebook in a safe place to prevent anyone
else from using it.
Always keep your chequebook separate from your credit cards, ATM
cards or any other document that bear your signature. If a thief gets
hold of your chequebook, but does not have a sample of your signature,
a forged signature will probably not resemble yours.
All paid cheques that are returned with your bank statements
should be kept in a safe place because they contain your signature.
Fraudsters may even try to re-use these cheques.
Make a habit of doing monthly reconciliations on the cheques you
Regular recons should be done on all unused cheques in a
chequebook against a counterfoil or carbon copy records.
Report a stolen chequebook to your nearest FNB branch as soon as
you discover that it's missing. You can also stop a cheque via Online
Avoid posting cheques. If you need to post a cheque, place it in
a non-transparent or dark envelope without any staples / paper clips,
which can be felt.
Never leave any cheques that have not been completed or fully
signed lying around.
There are lots of other payment methods that are safe and
convenient and can even save on bank charges. These alternatives
include Visa Cheque Cards, Visa Electron debit cards, Internet,
Telephone and Cellphone Banking, ATM payments, debit orders and future
When you receive a printed, faxed or emailed proof of payment
you are advised to check that the funds are actually in your account,
or in the case of a cheque that the funds are cleared. Fraudsters can
relatively easily manipulate these documents and defraud you.
How this scam works:
The fraudster will advise the client that a cash/electronic
deposit will be made into the client's account and fax or email a copy
of the deposit slip or proof of payment to the client.
The fraudster then deposits a fraudulent cheque or does an
electronic payment into the client's account and alters the deposit
slip or proof of payment confirmation.
The fraudster the faxes or emails the altered deposit slip or
proof of payment to the client.
In some cases, the fraudster will tell the client that an
overpayment was made and request a reimbursement.
SIM card swapping
SIM card swapping is a form of fraud where criminals request
your cell phone service provider (SP) to transfer your existing cell
phone number onto a new SIM card by pretending to be you, or
pretending to act on your behalf. They usually have a copy of your ID
(authentic or falsified) and other details that may convince the SP
that the request is legitimate.
Once they have illegally assigned your cell phone number to
their SIM card, they will receive all your calls and sms
notifications, which include your inContact and One Time Pin (OTP)
messages. Your phone will stop receiving any incoming calls or
messages, but SIM swap victims usually only notice this when it is too
The fraudsters usually use SIM card swapping as part of an
extensive process which includes phishing. By the time they have
swopped SIM cards, they usually already have enough of your personal
banking details (login and password etc.) to transact on your online
banking account - with the sms OTP as the last link in the chain.
Fraudsters are then able to add beneficiaries to your account
and transfer money to accounts of their choice, and can authorise such
processes with the OTP messages sent to the fraudulent SIM card.
Our golden rules:
If your phone suddenly loses signal for no apparent reason,
don't simply ignore it. Contact your service provider immediately and
find out whether a SIM swop has taken place. It's better to be safe
If your SP confirms that a SIM swop has taken place. Instruct
them to deactivate your SIM card immediately and to follow the steps
required when a SIM card has been stolen.
Promptly contact our dedicated Fraud Team on 087 575 0011 for
Anyone is at risk of becoming a victim of a SIM swop, and you
should never disclose any sensitive information such as login details,
Tips for staying safe:
Always be aware of your cell phone's status. If you realise that
you are not receiving any calls or sms notifications, something may be
Have your SP's numbers written down somewhere close by. This way
you can phone to check whether anything suspicious has taken place.
Make a habit of checking your bank statements and online banking
transaction history regularly. This way you will notice when any
unauthorised activity has taken place.
Familiarise yourself with the tips on phishing.
Below is a list of service providers/network operators to
contact when you notice anything suspicious:
MTN 123 STOP (123 7867)
Vodacom 082 1946
CellC 084 140
Virgin Mobile 0741 000 123