Scam and fraud headache for biggest South African banks

Major South African banks have issued several warnings about scams targeting banking customers in the country, which are becoming more sophisticated.

Several banks, including Capitec, Discovery Bank, Nedbank, and Standard Bank, have issued such warnings, and the Banking Association of South Africa (Basa) has also issued a general warning.

In addition to typical phishing attacks, banks have also warned of issues such as selfie scams and physical card fraud.

In early April 2025, Nedbank told MyBroadband about an uptick in “selfie scams,” which allow fraudsters to access customer bank accounts.

According to Nedbank fraud detection head Lucas Venter, the tactic involves fraudsters approaching victims in a public place and offering a free voucher if the intended victim enrols in a supposed rewards programme.

Venter explained that the fraudster starts on their own phone and asks the victim to complete the enrollment, which includes capturing facial biometrics.

“Unbeknownst to the victim, they are actually enrolling in a banking app under the fraudster’s control,” he said.

The fraudster then tricks the customer into handing over their phone to accept an approval message or get a one-time PIN.

“Once the enrolment is complete, the criminal has access to the victim’s financial information and can use the app to steal money from the victim’s accounts,” he said.

He advised that people use the following steps to avoid falling victim to a selfie scam:

• Always confirm with the store that the person claims to represent that it is running a promotion.
• Never let a stranger do selfie verification for you.
• Never hand your smartphone to a stranger.
• Reach banking notifications carefully before accepting them.
• Contact your bank immediately if you suspect you have fallen victim to a scam.

However, he also warned that other scams, such as voice phishing, or vishing, attempts are also getting more sophisticated.

Phishing and vishing scams

Social engineering attacks through phishing, vishing, and client coaching are also becoming more sophisticated in South Africa.

In many cases, fraudsters pretend to be a representative from a victim’s bank to try to access their funds or account.

These fraudsters generally try to create a sense of urgency by claiming that the victim’s account has been compromised and that immediate action is required.

They try to convince victims to transfer their money into a “safe account” to prevent unauthorised access.

However, the “safe account” is under the fraudster’s control, and once the funds are transferred, the fraudster has full access and control over the victim’s money.

In other cases, fraudsters may pose as another organisation or an authority to try and pressure banking customers into divulging sensitive information.

Capitec recently warned its customers that criminals are impersonating well-known organisations and contacting people on the false premise that their IDs are linked to serious crimes.

These fraudsters then “transfer” the victim to the police, to whom they must prove their innocence. However, the calls aren’t transferred to the police, but rather another fraudster involved in the scam.

This is a way of socially engineering potential victims into sharing sensitive information, which the scammers can then exploit.

Capitec urges its customers never to share their PIN or banking information, even if a caller claims to be from the South African Police Service (SAPS).

Earlier this year, Discovery Bank said it had observed an increase in fraudsters posing as SAPS detectives and claiming that there are fraudulent activities on cellphone numbers tied to victims’ ID.

The scammers then say they are transferring the victim to a “senior detective” for further assistance.

The second fake detective then pressures the victim by alleging that their ID number was used to create various mule accounts to extort money from other people.

They then ask the victim how much money they have in their account and instruct them to transfer the figure to an SAPS account for safekeeping until the investigation has concluded.

“These fraudsters use intimidation tactics such as fear and or threats of arrest to pressure their victims to make the payment,” said Discovery Bank.

It advised that people remain calm, as these fraudsters relied on fear and panic to manipulate the victims.

Basa has warned that criminals use various methods to commit fraud through physical bank cards and consistently adjust their modus operandi to continue tricking individuals.

Because of this, South African banks encourage the adoption of digital wallets and virtual cards to avoid the risks associated with physical cards.

According to Basa, the most common forms of crime relating to physical bank cards include counterfeiting, the use of lost and stolen cards, false applications, and card-not-present fraud.

“Card fraud is difficult for the banking industry because perpetrators prey on the vulnerabilities of bank customers and do not target banking systems,” it said.

Card counterfeiters will illegally manufacture cards using personal information stolen from the magnetic strip of a legitimate card.

“In other cases, lost and stolen cards, or old cards, are encoded with new information that was stolen from a genuine card for purposes of committing fraud,” said Basa.

Scammers generally steal information from legitimate cards using card-skimming equipment.

The banking industry association also warned that physical cards are easily lost or stolen, in which case fraudsters can use them to process transactions.

Therefore, banking customers with physical tap-to-pay cards must set a limit for transactions above which a card PIN is required.

Some fraudsters also use false applications to acquire cards, using information stolen from victims.

However, Basa noted that introducing the Financial Intelligence Centre Act (Fica) and the National Credit Act (NCA) has helped significantly reduce falsified application fraud.

“False application fraud has declined by over 90% from the 2007/2008 peak,” it added.

Basa also warned that fraudsters may attempt to intercept validly issued credit and debit cards before they reach their designated recipient.

These can then be used to process fraudulent transactions on the legitimate account holder’s account.