Fraud prevention and cybersecurity

You should analyse any communication that seems suspicious or requires you to take immediate action.

Red flags to look out for include:

• An incorrect “From” email address
• Incorrect contact details in the body of the message
• Generic greetings such as “Dear client” or “Hello Sir/Madam” instead of your name
• Spelling and grammatical errors
• A sense of necessity or urgency to click a link or contact the sender
• A promise or offer that sounds too good to be true

• Avoid clicking on links or downloading attachments from unfamiliar sources.
• Before clicking on any link, hover over it to see the address. If it differs from the URL text in the email body, it may be a phishing threat. Rather type URLs directly into the browser.
• Make use of anti-phishing add-ons included in antivirus software packages.
• Do not disclose any personal information over the phone, including passwords and one-time passwords (OTPs).
• Trust your instincts: Be wary of offers that appear too good to be true, such as investments that promise large returns for very little, to no effort, on your part and opportunities that require large upfront deposits to initiate high returns over the short term.
• Be extra vigilant during the festive season.
• Only contact Allan Gray using the official contact details found on our website. Click here to see our contact details.

Although we do have a presence on some social media platforms, these platforms are used for sharing information about the company and investing. We will never discuss your investments or initiate transactions with you on platforms like WhatsApp, Instagram, Facebook, Telegram or X (formerly known as Twitter).

You should restrict access to any devices you use for logging in to banking apps, Allan Gray Online (AGO) and other financial platforms:

• Never leave your device unattended while logged in to AGO.
• Ensure that you install the latest security upgrades to your device’s operating systems, applications and internet browsers.
• Make sure you are using the latest available version of your internet browser. You can view our site requirements to see a list of our recommended browsers. Click here to view the site requirements.
• Make use of reputable anti-spyware and anti-virus software.
• Update your anti-spyware and anti-virus software on a daily or weekly basis, at the very least. Hackers often exploit vulnerabilities associated with outdated software.
• Install a personal firewall that restricts external devices from accessing your device.
• Always log out once you have finished using AGO.
• Keep abreast of the latest fraud and cybercrime trends.
• Avoid accessing AGO and other financial platforms on public devices, such as those in internet cafes and libraries.

We strongly recommend you make use of two-step verification to add an extra layer of security to your account. With this enabled, a one-time password (OTP) will be sent to your mobile number or email address when you log in to your account. You will need to enter this OTP, along with your password, to log in successfully. We have enabled two-factor authentication on all Allan Gray Online (AGO) accounts to help keep your account secure.

Actively managing your password security is paramount:

• Do not use the same password on AGO that you use on other websites, e.g. the password you use for your internet banking. Many data breaches occur because the same passwords are used across multiple systems.
• Ensure your password is at least 10 characters long and makes use of a combination of uppercase and lowercase letters, as well as numbers and symbols.
• Avoid obvious passwords (e.g. “password”).
• Avoid using common English words; try to incorporate a sentence into your password.
• Consider using passphrases instead of passwords. Passphrases are longer combinations of words or phrases that are easier to remember but harder to crack.
• Change your password regularly to minimise the risk of your password being compromised.
• You can use a password manager to generate strong, unique passwords for all your online accounts. Many password managers also remind you to update your passwords periodically.
• Do not write down your passwords or store them on your computer, phone or tablet. These devices often back up your data on your cloud account, so fraudsters may have access to that information if it is hacked.
• Never save your password when prompted by your browser. Rather enter your username and password manually.
• Never disclose your password to anyone, not even an Allan Gray employee.

If you suspect your email or AGO account has been compromised, you should change your password immediately.

There are simple ways you can keep safe when transacting with us:

• Check that you are accessing the correct website.
• When logging in to your secure account, ensure you use the correct website address (i.e. URL): https://secure.allangray.co.za.
• Look for the lock icon next to the website URL to confirm that the website has a valid digital certificate.
• Never respond to email requests to provide your username or password.
• Do not enter your Allan Gray Online (AGO) password on a website that is not https://secure.allangray.co.za.
• When in doubt, do not click on a link provided in an email. Instead, type the AGO address (https://secure.allangray.co.za) directly into your browser to access your AGO account.
• Activate your Allan Gray notifications and confirmation SMS/email alerts. You can email our Client Service Centre on info@allangray.co.za for assistance with setting this up.
• Keep your contact details up to date. You can update your personal details and password via your AGO account.
• Securely access your important investment documents, such as your statements, tax certificates and transaction confirmations on AGO.
• Choose our electronic collection payment method (where possible) when adding money to your investment.
• Make use of the pre-approved Allan Gray beneficiaries on your banking app when adding to your investment via an EFT.

If you get an email or SMS from us confirming that your details have been changed and you did not initiate this change, please contact us immediately. Click here to contact us.

In many instances, phishing SMSs are sent to random recipient lists which may include some clients of Allan Gray. These SMSs try to trick you into believing you have a claim or that your security has been compromised and instruct you to contact a number or email address that does not belong to Allan Gray. Thereafter, the fraudsters will try to convince you to disclose personal information, such as usernames, passwords and one-time passwords (OTPs), to gain access to your investment accounts.

WhatsApp has provided another avenue for scammers to solicit funds from unsuspecting individuals. The scammers may claim to be Allan Gray representatives or affiliated with Allan Gray and present you with short-term investment opportunities that promise high returns. Allan Gray does not use WhatsApp to share our product offering or initiate an investment.

Fraudsters commonly use SARS and the tax-filing season to launch phishing attacks. SARS regularly posts information about the latest scams on a dedicated website. Taxpayers are provided with examples of the scams and what they should be looking out for.

Click here to learn how to avoid phishing scams.