OK just to add the missing info from this article...
The scammers sit on Facebook watching certain services pages like Telkom, Vodacom, MTN, etc.
They have already set up fake Facebook pages to look like those companies complete with logos and address info.
The Facebook Page will say Telkom Customer Service or something like that.
When a customer requests a refund on one of the official pages - they quickly jump in and send a friend request to that person.
They then initiate a chat stating that they are there to help you with your refund.
(In some cases it is suspected that they have help and access to customer systems from inside those organisation so that they can retreive customer info).
They then claim that they have a refund ready for you - usually about R1500.00 and they are going to transfer it to your bank account.
They ask you for your bank details, which if you fell for the initial ruse, many people are quite willing to hand over.
They also ask for your cell number.
They then download the nedbank app suite onto their phone or tablet and put your details into the app suite.
The Nedbank App suite then sends you the Approve-It message, which simply says "Register for Prepaid" - nothing else.
Once you have approved the app suite, they then have access to all your bank accounts up to your daily limits.
At no time does the Nedbank App Suite ask for your Pin Number or Password.
When asked - Nedbank said they did that so that people without an online profile can also enable the suite.
Yes, they refunded R10,000 - all except the first R1000 that went off after I approved the message.
Personally, I think they should have refunded all of it - and fixed their security loophole, but anyway, I can live with it.