Phishing misleads users into sharing sensitive information (i.e. passwords, credit card details or bank account numbers), for malicious purposes, via electronic means or communication. Perpetrators of phishing attacks lead you to believe you are performing a familiar action and take advantage of that established trust to harvest confidential or authentication level information from you.

How does phishing occur

Phishing occurs via almost any electronic communication:

  • Website forgery
  • Email phishing (commonly done via spoofing)
  • Link manipulation
  • SMSs
  • Phone calls (vishing)
  • Instant messaging

How to prevent phishing

  • We will never ask you for personal or private information online, either via a website or an email
  • Do not give sensitive details – such as your operator ID, customer selected PIN (CSP), password, card details, account numbers, ID numbers, OTP cell number, email address or email password – to anyone, not even a bank employee, no matter how legitimate the request seems
  • Never reveal personal or financial information in an email, and do not respond to emails asking for this information. As a rule, Standard Bank will never request sensitive information of you without authentication
  • If you are unsure of whether an email request is legitimate, try to verify it by contacting the organisation directly via a phone call or out of band communication using a trusted contact number. Remember not to use the contact information provided by the suspicious party
  • Be suspicious of unexpected or unsolicited phone calls, emails or even personal visits from individuals asking about employees or requesting other internal information. Always try to verify the identity of the person directly with the organisation they claim to represent
  • Be cautious when following links sent in emails. If you're suspicious, always type in the website address you usually use, rather than clicking on any links provided
  • Pay attention to the URL contained in an email. The URL may seem legitimate at first glance, but if you look closely, malicious website URLs differ slightly and may use a variation in spelling or a different domain (e.g. vs
  • Forward suspicious emails to [email protected] for the appropriate action to be taken.