A new generation of banking fraud is taking hold in South Africa, and it is far more sophisticated than the phishing scams many consumers are used to. Instead of stealing passwords or card details, criminals are now gaining live access to victims’ devices and using them to move money in real time. These attacks are known as Remote Access Trojan, or RAT, scams. They are difficult to detect, highly convincing, and increasingly common across the local banking ecosystem.
RAT Attacks Are On The Rise
According to Bonolo Sebolai, Head of Fraud at TymeBank, RAT scams represent one of the most dangerous threats currently facing South African banking customers.
No ad to show here.
“RAT scams are particularly dangerous because the criminal uses the customer’s own device at the same time as the customer,” Sebolai explains. “They do not steal login details. They take control of the device itself.”
In most cases, the scam begins with a call or message claiming to be from a bank, mobile network, courier company, retailer, or even a government department. Victims are told there is an urgent problem that needs immediate action. They are then instructed to install an app or click a link, often sent via WhatsApp or SMS. That software gives the criminal full visibility of the device, including screen activity, PIN entry, one-time passwords, and banking sessions. From the bank’s perspective, it can look as if the customer is performing the transaction themselves.
Why These Scams Are Increasing In South Africa
RAT attacks rely heavily on pressure and authority. Victims are warned their account will be blocked, a delivery will fail, or suspicious activity is underway. “These scams thrive on urgency,” Sebolai says. “If someone is rushing you to act immediately, that should be a major red flag.” Other warning signs include being asked to install software to fix a problem, staying on a call while logging into banking apps, or approving transactions to reverse supposed fraud.
A critical rule applies across all South African banks. No legitimate bank will ever ask a customer to install remote access software or share PINs or one-time passwords.
What Bank-Grade Security Looks Like In 2026
As fraud techniques evolve, banks are shifting away from relying only on passwords and authentication codes. Modern banking security increasingly focuses on behaviour. “In 2026, bank-grade security means monitoring how a device is being used in real time,” Sebolai says. “At TymeBank, we look for patterns that indicate remote control, even when the correct device and credentials are being used.” This includes behavioural monitoring, risk-based controls that adapt to suspicious activity, and proactive alerts when something does not look right.
The aim is to stop fraud without making everyday banking more difficult for legitimate customers.
Will Your Bank Cover You If You Fall Victim?
This is one of the most important questions South African consumers need to understand.In general, banks are not automatically required to refund customers who lose money to scams. Whether a bank covers losses depends on the circumstances and whether the customer acted with reasonable care.
If a customer installs remote access software, shares sensitive information, or delays reporting fraud, banks are likely to treat the loss as customer liability. However, if a customer reports the incident immediately and can show they followed banking rules and did not act negligently, refunds may be considered on a case-by-case basis.
The South African Code of Banking Practice places strong emphasis on early reporting and customer vigilance.
What The Law Says In South Africa
South African law does not currently offer blanket protection for victims of digital banking scams. Liability often rests with the customer unless the bank can be shown to have been negligent. Disputes are assessed through internal bank processes or escalated to the Ombudsman for Banking Services. In limited cases, customers have received compensation where banks failed to secure systems properly or allowed risky processes such as insecure PIN resets.
Proving bank negligence remains difficult, which is why awareness and prevention remain critical.
How Consumers Can Protect Themselves
Consumers should only download apps from official app stores and never install software at the request of callers or unsolicited messages. If something feels wrong, hang up immediately and contact your bank using official contact details. Acting quickly can prevent further losses and improve the chances of recovery.
“As digital banking grows, awareness remains one of the strongest defences we have,” Sebolai says. “Trust in banking is something that must be proven every day, and that starts with keeping customers informed.”
