Capitec scam warning

Capitec has warned about scam callers impersonating its representatives or one of its service providers. However, the bank has developed ways to mitigate these threats.

Capitec is South Africa’s largest bank by customers, with over 24 million active clients according to its financial results for the year ended 28 February 2025.

This makes the bank’s customer base a prime target for scammers who want to exploit the large number of potential victims.

Phishing is a type of scam where criminals attempt to manipulate targets into revealing sensitive information using social engineering techniques.

Like fishing, the idea is to attempt this attack on many targets, hoping that one eventually “bites”. A phishing fraudulent email sent to several thousand Capitec customers is an example.

In comparison, vishing refers to a phishing attack where the target is contacted via phone and manipulated into revealing sensitive information.

Another type of phishing is smishing, where attackers use SMSs to manipulate unsuspecting victims into divulging sensitive information.

A common form of smishing is SMSs informing targets that their “package” has arrived at a courier facility and requires a small payment to be made for delivery.

If this occurs when the SMS receiver is expecting a delivery, they may make the payment and risk having their banking details stolen.

Capitec has warned its customers about several other scams, including money mules, identity theft, social media, and marketplace scams.

The bank stated that criminals often exploit people’s good nature or offer money to open a bank account in their name, ultimately using it for nefarious purposes, such as money laundering.

Similarly, criminals may steal the information needed to open a bank account and use it to do so or take up credit in the victim’s name.

Capitec warned that scammers are also active on social media. They impersonate brands, celebrities, or people and send them links that direct to malicious websites.

These scams are also particularly prominent on secondhand marketplaces like Facebook Marketplace and Gumtree.

These scams often involve fake listings, counterfeit items, or sellers who demand upfront payment for goods that are never delivered.

Mitigating scam calls

Capitec provides an example of receiving a call from someone purporting to be from the bank’s Fraud Clearance Department, who calls to inform the target that there is suspicious activity on their account.

Similar to how Capitec may approach such a call, it notes that fraudsters often remind the target never to share any confidential banking information to establish credibility.

It says that the scammers will then ask the target to complete one of the following actions:

• Complete a transaction in their banking app to “Authorise the refund.” This may be a cash send transaction.
• Sign in to online banking to “pay a levy” to refund the debit orders.
• Scan a QR code they send through.
• Switch off app notifications on their cellphone.
• Generate a Token password in the app and send it to them.

The bank explained that fraudsters may use a different strategy, such as tricking their victim into sharing card details, online banking passwords, or a Remote PIN.

They may also ask them to approve a transaction to reverse the fraud or transfer money to a “safe account.”

To avoid falling victim to vishing scams, Capitec’s app features a built-in tool that enables users to verify whether a caller is from the bank.

When on a call, users can open the app, and a green banner will appear at the top of the home page saying “We’re on a call with you.” If it is not Capitec, a red banner warns the user about a potential scam.

If the app cannot verify the call, Capitec advises customers to hang up immediately and call using the in-app calling feature.

It also warns its customers not to believe anyone who says the banner is not working.

Most recently, the bank warned about a scam in which criminals impersonating well-known organisations contact people claiming their IDs have been linked to serious crimes.

It said these scammers then claim to “transfer” their targets to the police, to whom they need to prove their innocence.

However, this is just a way of socially engineering potential victims into divulging sensitive information, which the scammers hope to exploit.