Title of the document Online Banking Log-In Title of the document Tourist Card Log-in
Title of the document Online Banking Log-In Title of the document Tourist Card Log-in


If something seems too good to be true, it probably is

Bank of St Helena Ltd takes our customer security very seriously and employ a wide range of measures to help keep you protected which includes multiple firewall solutions, data encryption, and fraud detection tools. With that in mind, we want to help you spot signs of fraud and cybercrimes to help protect yourself as well.

Both fraud and cyber scams are evolving and becoming more sophisticated which makes them harder to spot in their various forms. Our digital dependency provides fraudsters the opportunity to commit various types of financial fraud and we would urge customers to think before they click and learn more about being safe online.

Fraudsters use a variety of ways to trick victims including emails, text messages, social media, telephone and even in person. This webpage describes the most common types of fraud and cybercrimes and how to spot them.

What are Cybercrimes

Cybercrimes are a type of criminal activity that either targets or uses a computer or mobile device (i.e. mobile phone, tablet) or a computer network. These crimes can be aimed at gaining money or to damage computers or networks for reasons other than profit. Cybercrime can be carried out by individuals or organisations. Some cybercriminals are organised, use advanced techniques and are highly technically skilled.

Social engineering scams are a common type of cybercrime where scammers use impersonation to try and con you. They attempt to win your trust and trick you into giving them money directly or disclosing confidential information voluntarily.

These attacks are common because scammers find it easier to take advantage of your natural instinct to trust than it is to break into your systems such as your email account. Common channels scammers use are fake phone calls, chat messages, emails, web pages and apps. They are more likely to impersonate your relatives or friends, officials of trusted organisations and government agencies. This tactic is intended to convince you to give them sensitive personal information voluntarily such as your account passwords.

What is Fraud

Fraud is when trickery is used to gain a dishonest advantage, which is often financial, over another person. Personal and financial information obtained in a breach can be used to commit frauds affecting individuals, the private and public sectors alike. By harvesting personal and financial information through data breaches, criminals are able to commit fraud and damage people, businesses and services.

Victims of fraud range across vulnerable individuals, major corporations, smaller businesses, as well as the public sector. Fraud against individuals is typically targeted at elderly and other vulnerable people, for whom the consequences can often be devastating – psychologically as well as financially.

Fraud is increasingly being committed online. Where previously a fraud may have been committed by phone, post or in person, online access enables fraudsters to exploit victims remotely, often from another country. Some investment frauds, and most computer software service fraud, are known to be perpetrated from overseas.


Here are a few different types of Cybercrimes and Fraud:


Phishing is an attack in which the scammer poses as a trusted person or organisation to trick potential victims into sharing sensitive information or sending them money. As with real fishing, there’s more than one way to reel in a victim: Email phishing, smishing, and vishing are three common types.


A fraud which targets the users of mobile phones using text messages is referred to as a ‘SMiShing’ scam. Scammers aim to obtain private and confidential information from individuals or encourage them to ring a number or click on a link for more information. Fraudsters may spoof the message onto a genuine message thread.


Vishing, or ‘voice call phishing’ involves phone-based phishing attempts to trick you into providing your personal information such as online banking passwords, confidential details or to persuade you to transfer money from your account.


Due to its wealth of personal information, social media has become a valuable tool for fraudsters to carry out their social engineering attacks. These scams are committed on social networking sites where scammers often create fake profiles, befriend innocent people, and send spam messages or links that lead to malicious websites.


Website spoofing (or website scams) involves making a malicious website look like a legitimate one. The spoofed site will look like the login page for a website you frequent, down to the branding, user interface, and even a spoofed domain name that looks the same at first glance. Cybercriminals use these websites to capture your username and password or drop malware onto your computer. This is potentially more devastating because they could gain access to any information you save on that device. A scam site will generally be used in conjunction with a phishing email, in which the email will link to the website.


Malware attacks are any type of malicious software designed to cause harm or damage to a computer, server, client or computer network and/or infrastructure without end-user knowledge. Cyber attackers create, use and sell malware for many different reasons, but it is most frequently used to steal personal, financial or business information. While their motivations vary, cyber attackers nearly always focus their tactics, techniques and procedures (TTPs) on gaining access to privileged credentials and accounts to carry out their mission.


Identity theft occurs when criminals access enough personal information about an individual to commit fraud. They use various techniques to steal these details, from outright theft and social engineering to harvesting data through cybercrime. With this information, criminals can impersonate the victim in order to access bank accounts, fraudulently claim benefits or obtain genuine documents in the victim’s name.


Investing in stocks and shares or any other commodity can be a successful way of making money. However, it can also lead to people losing their entire life savings. Criminals will persuade you to invest in all kinds of products. They will offer you high rates of return, particularly over longer periods of time, which often do not exist.

How you can help protect yourself from becoming a victim of a Cybercrime or Fraud

Always remember: if something seems too good to be true, it probably is.

  1. Do not disclose your personal information easily

Scammers will do everything possible to trick you into providing them with your personal information. Remember that a Bank of St Helena representative will never ask you to disclose your passwords or PIN Number. Never provide this confidential information over the phone, text or via email to anyone claiming to be from the Bank of St Helena, or any other organisation. If you are not certain, please check with us or report it to us directly. Do not use the contacts provided by the suspicious email, text or phone call.

  1. Avoid sharing too much personal information on Social Media

Be cautious about sharing personal information on social media, which might be used by fraudsters to trick you, relatives or friends.

  1. If you suspect a scam, please report it to the relevant party immediately

If you think you might have encountered fraud with your Bank of St Helena Account, please report it to us using the Bank’s published contact information or online forms. This is also applicable to someone pretending to be from another organisation, you should report it to the relevant person within the organisation, or to the police.

  1. Don’t assume an email or phone call is authentic

Just because someone knows your basic details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. Be mindful of who you trust – criminals may try and trick you into their confidence by telling you that you’ve been a victim of fraud. Criminals often use this to draw you into the conversation, to scare you into acting and revealing security details. Remember, criminals can also make any telephone number appear on your phone handset so even if you recognise it or it seems authentic, do not use it as verification they are genuine.

  1. Don’t be rushed or pressured into making a decision

Under no circumstances would a genuine trusted organisation force you to make a financial transaction on the spot; they would never ask you to transfer money into another account for fraud reasons. Remember to stop and take time to carefully consider your actions.

  1. Listen to your instincts

If something feels wrong then it is usually right to question it. Criminals may lull you into a false sense of security when you are out and about or rely on your defences being down when you’re in the comfort of your own home. They may appear trustworthy, but they may not be who they claim to be.

  1. Stay in control

Have the confidence to refuse unusual requests for personal or financial information. It’s easy to feel embarrassed when faced with unexpected or complex conversations. But it’s okay to stop the discussion if you do not feel in control of it.

  1. Update your devices, apps, antivirus software and use a spam feature

Computers and devices are regularly threatened by new viruses, so software updates can help combat these and protect your devices. It is recommended to download software from verified and trusted sites. Updated apps can also provide additional security as they are constantly updated by the creator. By having a spam feature the spoofed emails will be sent directly to your spam folder to reduce the risk of accidentally opening one. The spam filter is not guaranteed to catch everything, however, so stay aware.

  1. Think before you click

Only click on links if you know and trust the sender, the same goes for downloading any files.

  1. Choose strong passwords

Ensure unique, strong and secure passwords are used and it is best to change them often and not use the same details for your main accounts. Accessing reputable password managers can also assist in creating strong passwords that provide additional protection.

  1. Use bookmarks for frequently visited pages

Since random links will be left unclicked, it’s convenient to bookmark websites you regularly visit. This speeds up the process of visiting the page while reducing the chance of human error in typing it by hand.

  1. Manually search URLs

If you must visit a page that is not already bookmarked, manually search for the URL. This avoids the risk of a malicious link planting a virus on your device. Take care that the URL is spelled correctly, otherwise, you will not reach the intended page.

Do you suspect you have been a victim of cybercrime or fraud?

Your first point of contact should be the Police to report the crime.

If you need help blocking your Bank Cards or changing your Online Banking Details please contact us on

(+290) 22829