Fraud Awareness

Security of our client accounts and data is our number one concern. 

As an organisation, Capital International Group (CIG) have a strategic priority to reduce the risk of cyber-attacks and the group has invested heavily in a comprehensive suite of world class cyber defences that protect our business, staff and you, our client.  

With cybercrime becoming increasingly prominent and fraudsters constantly developing new approaches, it is extremely important to protect yourself and your assets. 

As a member of the public or an existing client of CIG the number one piece of advice is to always confirm the identity of who you are dealing with. Please be aware of the following:  

• No member of the Capital team or management will send you an unsolicited email, call or message to advertise our services.  
• Any email correspondence from Capital comes from the ‘@capital-iom.com’ or ‘@capital-sa.com’ email domains. No other email domains are used.  
• Capital only does business with clients who have passed our identity & verification steps, and every time we communicate with a client, we validate their identity.  
• Remember, we will never ask you to disclose your personal or security details by email.  

To help support you to be safe online, we have created a quick guide of how you can identify fraud and the required actions to take.   

Current Threats:

1. We want to bring to your attention a recent incident involving fraudulent emails. Capital has been impersonated by an email domain using the name capital-ion.com. These malicious actors are attempting to deceive recipients into believing that their communications originate from us.

Further guidance on this malicious domain can be found on the IOMFSA website -https://www.iomfsa.im/fsa-news/2019/apr/capital-ioncom.

Please see below for a screenshot example of a received malicious email from this domain, in this example the malicious actor was impersonating David Long, our Co-Founder & CIO:

2. An unauthorised financial service provider is falsely purporting to trade from Jersey under the name ‘Capital Overseas Investment Bank’. We would like to inform you that this entity has no link to the CIG or any of its subsidiaries.

Name of entity: Capital Overseas Investment Bank

The website: https://www.coinvesb.com/

Email addresses: info@COINVESB.com and customercare@COINVESB.com

The Jersey Financial Services Commission has issued a public statement warding members of the public against dealing with this unauthorised provider. Further details can be found here.

Any person who has had dealings with the scam entity is requested to contact the Jersey Financial Services Commission's Enforcement team.

‍

3. A party claiming to be “Capital International Group” is using the Group’s biographical information in conjunction with the following images to invite business referrals.

Information required to join:- CAPITAL INTERNATIONAL GROUP

☑Full Names              
☑Surname                  
☑Date of Birth          
☑Gender                    
☑Contact Number    
☑Address                  
☑Bank Name            
☑Bank Account No.

This invitation has not originated from within our Group and has no link to CIG or any of its subsidiaries.

‍

Common Threats: 

Knowing what to look out for can help you to stay alert to fraud. Threats often seen in the financial services industry include:   

Impersonation of a member of CIG staff:

• An email address that appears similar to a CIG address but is not genuine.
• An SMS purporting to be from a member of CIG staff requesting sensitive information - CIG will never request sensitive information via SMS or email.
  

Impersonation of Brand:

• A hyperlink to a website that is not a genuine CIG site.
• An email that contains CIG branding but is not from a genuine CIG email address.

Investment opportunities that are too good to be true:

• Details of an investment scheme that has guaranteed returns.
• An opportunity that is time expiring.

Tips for preventing cyber-fraud: 

It is more important now than ever to exercise caution when using the Internet. Breaches of personal accounts are commonplace. We have put together a straightforward guide which may assist you in protecting yourself against fraud.  ‍

Signing up to Online Accounts: 

‍It is common for people to have many online accounts for various services. 

• Use a unique password for each service that you sign up to. 
• Always enable two factor authentication (2FA) when the option is available. All Capital services are protected by 2FA.  

Passwords and Authentication:  

• Contrary to popular belief, complex eight-character passwords consisting of a combination of upper, lower, and special characters are not very secure. These are easy for a computer to brute force in a short period of time and very difficult for a human to remember or key in. Our recommendation is to create a password from three completely random words and a number. 
• Never share your passwords with anyone else. 
• Use a password manager to help keep track of your unique passwords for every service you use. 

Social Media: 

• Restrict access to your public profile to people on your friend or contact list. 
• Do not list private information that could be used to impersonate you e.g. your date of birth.  
• Be wary of replying to polls from unknown sources, for example asking to vote on pet names, as these social engineering methods are used to gather personal information. 

Phishing and Spam:       

Roughly 90% of account and data breaches originate with an email. 

• Treat all emails from an unknown sender as suspicious. 
• Be wary of clicking on links within an email message. 
• Do not send sensitive information via email. 

WIFI: 

Do not connect to a WIFI network that does not require a password. The password is used to initialise an encrypted session that is unique to you and your device.  

Operating System Updates:

Ensure that your device(s) is running up-to-date operating systems. These updates often contain many security updates that will make it difficult for a bad actor to compromise or breach your accounts/device.  

Protecting Your Device(s): 

• Enable authentication to access your device(s) e.g. facial recognition, fingerprint, or password/passcode. 
• Always lock your device(s) when not in use. 

What to do if you think you are a victim of fraud:  

If you are ever in doubt about whether an email or a screen asking for details is genuinely from CIG, do not enter any information or open any links.  

If you are an existing client of CIG and suspect fraud on your Capital International Bank Limited account or Capital International Limited investment account, you should contact our Customer Client Services Team immediately on +44 (0) 1624 654200 or through the secure messaging service on our web portal. You can also forward any emails or screenshots to our Group Security at securitythreat@capital-iom.com and then delete the email immediately. 

If you are not a client of CIG and you suspect you have been the victim of fraud, you will need to alert the local authority based on your jurisdiction. If you are in the: 

• UK – Report to the Police Action Fraud service (www.actionfraud.police.uk) 
• Isle of Man - Fraud Concerns can be report to the Government Cyber Security Centre (https://csc.gov.im/cyber-concerns)
• South Africa – For application fraud or identity theft report to the South African Fraud Prevention Service (www.safps.org.za).