Security

Fraud Awareness

Security of our client accounts and data is our number one concern. 

As an organisation, Capital International Group have a strategic priority to reduce the risk of cyber-attacks and the group has invested heavily in a comprehensive suite of world class cyber defences that protect our business, staff and you, our client.  

With cybercrime becoming increasingly prominent and fraudsters constantly developing new approaches, it is extremely important to protect yourself and your assets. 

As a member of the public or an existing client of Capital International Group the number one piece of advice is to always confirm the identity of who you are dealing with. Please be aware of the following:  

  • No member of the Capital team or management will send you an unsolicited email, call or message to advertise our services.  
  • Any email correspondence from Capital comes from the ‘@capital-iom.com’ or ‘@capital-sa.com’ email domains. No other email domains are used.  
  • Capital only does business with clients who have passed our identity & verification steps, and every time we communicate with a client, we validate their identity.  
  • Remember, we will never ask you to disclose your personal or security details by email.  

To help support you to be safe online, we have created a quick guide of how you can identify fraud and the required actions to take.   

Common Threats: 

Knowing what to look out for can help you to stay alert to fraud. Threats often seen in the financial services industry include:   

Impersonation of a member of CIG staff:

  • An email address that appears similar to a CIG address but is not genuine 
  • An SMS purporting to be from a member of CIG staff requesting sensitive information - CIG will never request sensitive information via SMS or email

Impersonation of Brand:

  • A hyperlink to a website that is not a genuine CIG site 
  • An email that contains CIG branding but is not from a genuine CIG email address 

Investment opportunities that are too good to be true:

  • Details of an investment scheme that has guaranteed returns 
  • An opportunity that is time expiring  

Tips for preventing cyber-fraud: 

It is more important now than ever to exercise caution when using the Internet. Breaches of personal accounts are commonplace. We have put together a straightforward guide which may assist you in protecting yourself against fraud.  

Signing up to Online Accounts: 

It is common for people to have many online accounts for various services. 

  • Use a unique password for each service that you sign up to. 
  • Always enable two factor authentication (2FA) when the option is available. All Capital services are protected by 2FA.  

Passwords and Authentication:  

  • Contrary to popular belief, complex eight-character passwords consisting of a combination of upper, lower, and special characters are not very secure. These are easy for a computer to brute force in a short period of time and very difficult for a human to remember or key in. Our recommendation is to create a password from three completely random words and a number. 
  • Never share your passwords with anyone else. 
  • Use a password manager to help keep track of your unique passwords for every service you use. 

Social Media: 

  • Restrict access to your public profile to people on your friend or contact list. 
  • Do not list private information that could be used to impersonate you e.g. your date of birth.  
  • Be wary of replying to polls from unknown sources, for example asking to vote on pet names, as these social engineering methods are used to gather personal information. 

Phishing and Spam:       

Roughly 90% of account and data breaches originate with an email. 

  • Treat all emails from an unknown sender as suspicious. 
  • Be wary of clicking on links within an email message. 
  • Do not send sensitive information via email. 

WIFI: 

Do not connect to a WIFI network that does not require a password. The password is used to initialise an encrypted session that is unique to you and your device.  

Operating System Updates:

Ensure that your device(s) is running up-to-date operating systems. These updates often contain many security updates that will make it difficult for a bad actor to compromise or breach your accounts/device.  

Protecting Your Device(s): 

  • Enable authentication to access your device(s) e.g. facial recognition, fingerprint, or password/passcode. 
  • Always lock your device(s) when not in use. 

What to do if you think you are a victim of fraud:  

If you are ever in doubt about whether an email or a screen asking for details is genuinely from Capital Group, do not enter any information or open any links.  

If you are an existing client of Capital International Group and suspect fraud on your Capital International Bank account or Capital International investment account, you should contact our Customer Service Team immediately on +44 (0) 1624 654200 or through the secure messaging service on our web portal. You can also forward any emails or screenshots to our Group Security at security@capital-iom.com and then delete the email immediately. 

If you are not a client of Capital International Group and you suspect you have been the victim of fraud, you will need to alert the local authority based on your jurisdiction. If you are in the: 

Thank you for your interest in setting up Terms of Business with the Capital International Group (CIG).  We want to ensure that this process runs smoothly and efficiently and have included an infographic below which details the various steps involved:  
Click on the links below to take you to the relevant section of the guide: