Smartphone users accessing banking apps have been placed on high alert as a fast-growing and highly sophisticated form of cyber fraud — known as Remote Access Trojan (RAT) scams — spreads across South Africa, allowing criminals to remotely control victims’ devices and empty accounts without raising immediate suspicion.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
Unlike conventional fraud, RAT attacks do not rely on stealing login credentials. Instead, scammers gain full access to a customer’s phone or computer, enabling them to operate banking apps in real time while the victim is still using the device.
Bonolo Sebolai, Head of Fraud at TymeBank, said RAT scams are among the most advanced digital threats currently affecting consumers.
“These attacks are particularly dangerous because criminals don’t steal your details — they take control of your device. From the bank’s perspective, it can look like the customer is making the transaction themselves,” Sebolai said.
The scam typically begins with a phone call or message posing as a bank’s fraud department, mobile network provider, courier service, online retailer or even a government agency. Victims are told there is an urgent issue with their account, phone or a pending delivery and are instructed to click a link or install an application sent via WhatsApp or SMS.
Once the malicious software is installed, fraudsters can view everything happening on the screen, including PINs, passwords, one-time passwords (OTPs) sent by banks and live financial transactions.
According to Sebolai, criminals exploit fear and urgency to manipulate victims. Common tactics include warnings that accounts will be blocked or services suspended unless immediate action is taken.
“If you’re being rushed to act right away, that’s one of your biggest red flags,” he warned.
Additional warning signs include requests to install software to “fix” a problem, being asked to remain on a call while logging into banking apps, or being instructed to approve transactions to supposedly reverse fraudulent activity. Banks have reiterated that they never ask customers to install remote access tools or share PINs and OTPs.
With digital fraud on the rise, banks are strengthening security frameworks beyond traditional password-based systems. Sebolai said modern banking security now focuses on real-time behavioural monitoring to detect signs of remote device control and suspicious activity.
“In 2026, bank-grade security means watching how a device is being used — not just verifying passwords,” he said.
Data from the National Financial Ombud Scheme (NFO) highlights the scale of the problem. Complaints related to digital banking fraud surged by 73%, rising from 1,436 cases between January and May 2024 to 2,483 during the same period last year.
The NFO has also flagged increasing risks linked to virtual banking cards, following a case in which a victim lost approximately R500,000. Lead Ombud for Banking and Credit Nerosha Maseti said virtual cards are often compromised only after criminals gain unauthorised access to customers’ banking apps through phishing, smishing or vishing.
“Once fraudsters access a customer’s digital banking profile, they can create virtual cards and use those credentials to perform transactions, especially after customers have shared OTPs or approved authentication prompts,” Maseti said.
Consumers have been urged to download apps only from official app stores, immediately disconnect and contact their bank directly if something feels suspicious, and act quickly if they believe their device has been compromised.
Financial experts warn that as cybercriminals adopt increasingly sophisticated techniques, awareness and caution remain the strongest defences against digital banking fraud.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
