Security Centre

At Stanbic Bank Uganda, we value our customers and your safety as you conduct business on our Various platforms (Internet banking, Mobile banking, Card and ATMs) is very important to us. We are committed to helping you stay informed and aware of the common fraudulent Behaviors.

Download Trusteer Rapport


At Stanbic Bank Uganda, we value our customers and your safety as you conduct business on our Various platforms (Internet banking, Mobile banking, Card and ATMs) is very important to us. We are committed to helping you stay informed and aware of the common fraudulent Behaviors.

What does a scam look like?

Scams come in many shapes and forms—an email, SMS, phone call or malicious software—and anyone can be victim to one. Scams often ask for your personal details and confidential information and this is the first step to knowing what to look out for.

It could be a scam if...

  • The information presented to you sounds too good to be true.
  • The offer, prize or communication has come out of the blue and you have not entered the competition or applied for the information that is being spoken of.
  • The message requires a very quick response time to clarify your information or win the prize. This puts you under pressure and doesn’t give you much time to think about the validity of the information or talk to people you trust about the situation.
  • You receive the information via a free email, for example, Hotmail, Aim, Yahoo or Gmail.
  • You are promised large sums of money for very little, or no effort on your part.
  • You are requested to provide money upfront, for whatever reason, before the proposed transaction can take place.
  • You are requested to confirm personal or account details via a hyperlink, icon or attachment in an email or telephonically.

What is a Phishing Scam?

Phishing is an email scam, where fraudsters send emails to individuals and claim to be from a reliable organisation, such as a banking institution or an email service provider.


The email will attempt to trick you into supplying your account information for a number of reasons, such as your account information needing to be updated or validated, by asking you to click on a link or icon found within the email. Once clicked on, the link will launch a fake website that resembles a real website. On the website, you will be asked to share your personal bank account information, such as your username or password for your online banking profile or email account, or even your cell phone number and bank card details. Any information that you share on the fake website is captured by the fraudsters and then used to defraud you.

How to identify a Phishing scam

There is usually a sense of urgency in the email, followed by a threat—the suspension of your bank account, for example—and you are required to respond quickly. This doesn’t give you much time to think about the situation at hand or speak to people you trust.

The email states that you have been a victim of fraud, or have received funds, and you need to log in to your accounts ‘here’ to report the incident and cancel your bank card, or give permission to release the sum of money.

You are required to supply your personal and account details via a hyperlink, attachment or icon, provided in the email.

What is a Vishing scam?

A vishing scam is a common electronic technique that attempts to access your personal and account details using a telephone call.

You receive an unverified SMS stating that a Standard Bank official will contact you shortly to update or verify your account details and personal information. The scammers then contact you telephonically asking you to update or verify your information. You oblige, providing them with all the necessary information they need to access your bank account. Remember, Standard Bank will never ask for your banking details, password, PIN or One Time Password (OTP) over the phone.

How to identify a vishing scam

There is a sense of urgency in the phone call, followed by a threat: your account will be suspended should you not supply or verify the necessary information immediately. This doesn’t give you much time to think about the situation at hand or speak to people you trust.

You are requested to update, verify or confirm your personal account information such as bank account number, PIN and/or password telephonically.

What is a Spoofed website scam?

A spoofed website claims to be the legitimate website of a particular organisation, and is set up to mimic the original website.


Spoofed websites usually have similar logos to the original organisation that they are mimicking and, in some cases, may even be identical. Typically, the intention of a spoofed website is to associate a scam with a reputable institution, and is set up to validate other scams such as the 419 or phishing scam.

How to identify a Spoofed website scam

You are required to click on a hyperlink, attachment or icon provided in an email you are sent directing you to the spoofed website, rather than typing in the URL directly into the browser.

You are required to disclose personal details or account information on the website you were directed to via the email you receive.

The spoofed website, accessed via the given hyperlink in the email, does not have one of Standard Bank’s official website addresses or URLs that you usually use to access information or use to access online banking.

What is a deposit and refund scam?

The deposit and refund scam attempts to steal goods or services from a business without actually making the necessary payments.


Scammers will order goods or services from your business, supposedly making the payment into your account. This is done mostly by means of a fraudulent or stolen cheque. A fake proof of payment is then sent to you, and your business delivers the goods to the perpetrator. Later on, it is uncovered that the cheque is fraudulent and that no funds were transferred to your business’ account. In other instances, the scammer may cancel the order and request an urgent refund.


Alternatively, scammers may also deposit a fraudulent cheque into your account only to then contact you stating that they ‘mistakenly’ deposited funds into your account. The caller will ask you to refund the amount immediately, and will send you the proof of payment.

How to identify a deposit and refund scam

You are requested to refund an individual urgently after he has cancelled his order, or the payment is made in ‘error’.

You are requested to refund an individual urgently before you have time to verify with Standard Bank that the deposit was made into your account and that it is indeed valid.

You don’t know the supposed person requesting the refund.

You are not sure whether the payment is a cheque deposit or not.

You are unable to phone the requestor on a predetermined number to confirm the request.

What is a change of banking details scam?

A change of banking details scam attempts to steal funds through supplying false information of a change of bank account details.


You receive an email, letter or fax supposedly from a recognised supplier. The communication informs you of a change in bank account details and asks you to update your records accordingly. These ‘new’ bank account details are, however, false. Your monthly payment is therefore paid to the scammer and not your supplier as originally intended. Always be wary of changing account details. If a request is received, before changing anything, first confirm with the respective supplier, with a contact you trust, in writing or by telephone.

How to identify a change of banking details scam

The request you receive to change your supplier’s bank account details doesn’t come from your usual ‘contact’ or point of contact at the supplier.

The request for change of bank details wasn’t made via official correspondence or using the contact details that you have in your database.

What is a SIM swap scam?

In a SIM swap scam, scammers perform a SIM swap without your knowledge, allowing them to intercept phone calls, SMSs and messages.

Typically, the SIM swap takes place after the scammers have received your login details as a result of you responding to, for example, a phishing email. Once scammers have access to your cellphone number and other personal information, they can pose as you and request a new SIM card from your cellular service provider. They will then have access to your phone calls and SMSs, including the OTP SMS facility as well as any other notifications they could use to their fraudulent advantage.

How to identify a SIM swap scam

You are suddenly no longer receiving calls or messages on your cellphone.

You do not receive the OTP you have requested, even when trying a second time.

Your cellphone suddenly has no network signal in a usual network area.

Report a scam

Fraud: …………………………….

Whistle blowing: ………………………………………….

Stanbic Bank Lost/Stolen Cards: …………………….

Stanbic Bank Customer Contact Centre: ………………. (weekdays: 08:00–21:00) and (weekends / public holidays: 08:00–16:00)

How to protect yourself

Always be alert: scammers are well known for luring their victims into believing they are from recognised institutions, such as Stanbic Bank. Do not share any personal information or account details via email or telephonically.

Do not click on attachments, hyperlinks or icons in unsolicited emails: Even if they appear to be from Standard Bank. Delete the email immediately and visit your nearest branch, or call us directly to verify the email and information that you have received.

Never share personal or confidential details: Do not disclose any personal or account details via email or telephonically, regardless of the information they might have on you.

Keep an eye out for spoofed websites: Remember to always type the URL yourself in the internet browser to access the webpage, rather than clicking given hyperlinks.

Report suspected fraud: if you think you have received a scam, or been victim to a scam, it is best to stop all forms of communication and report the incident immediately.

Few more ways to keep your banking details protected

Create a strong Password

To help keep your online banking profile safe, follow these tips on how to create a strong password:


Use unique passwords for each of your important accounts

Using the same password across your various accounts is risky. If someone figures out your password for one account, he or she has access to all of your other accounts, including personal details and confidential information.


Include a combination of letters (capital and lowercase), numbers and special characters

Make sure your password contains at least eight characters

There is no minimum password length, however, create a password that is at least eight characters in length. This will help to keep your password strong and others from guessing it.


Avoid known information such as names, places, common words

Your password should not be obvious so don’t use personal information such as, your name, your family’s names, where you live, birthdate etc. Don’t use simple words or phrases, such as ‘password’, or keyword patterns such as ‘qwerty’. This will only make your password easier to guess.


Change your password regularly

Your password is the key to your bank account and should be changed at regular intervals. We recommend changing your password every 30 days

Protect your password

Don’t disclose your password, any personal details or confidential information to anyone—online or over the phone.


Card and PIN protection

Never disclose your Card number, customer selected PIN number, banking username, password or ATM PIN to anyone.


Don’t use the same PIN twice

Don’t use the same PIN across various accounts. This can be risky; if someone figures out your password for one account, he or she has access to all of your other accounts.


Avoid known information such as your date of birth

Your PIN should not be obvious; don’t use personal information as your password.


Change your PIN regularly

Your PIN is the key to your bank account, and should be changed at regular intervals. We recommend changing your PIN every 30 days.


Protect your PIN

If you think your banking details, password or PIN may have been compromised, or that your banking access is at risk in any way, let us know immediately. For more information, call our Customer Care on 0800 250 250