Proudly sponsored by

Protect your livelihood: Do not take the bait

A warning from the Ombudsman for Banking Services.
Image: Shutterstock

With an increase in banking fraud, and a modus operandi of targeting online transactions, banks are continuing to evolve their products, services  and systems to try and  stay ahead of fraudsters. This is being achieved through the development and introduction of world-class security systems and technologies which will aim to protect consumers from becoming potential fraud victims.

However, the banks are sadly unable to fully protect consumers from falling prey to the tactics used by fraudsters to obtain confidential information such as banking details, card information and one-time-pins (OTPs).

Despite numerous (regular) warnings regarding this from the banks, the South African Banking Risk Information (SABRIC), and numerous media-based messages (TV, radio, online publications and interviews) by the Ombudsman for Banking Services (OBS),  the OBS continues to receive  complaints on a daily basis from consumers’ who were deceived into providing the confidential banking information to fraudsters.

Just a couple of years ago, the most common scam was the phishing emails. This seems to have been overtaken by vishing scams (the fraudulent phone calls). In just these past few months, the OBS recorded more than 640 new fraud complaints that were received despite the daily warnings about these scams.

Targeting the most vulnerable

What is very clear from the cases that have been received and investigated by the OBS is that anyone and everyone can be a target. However, the devastation caused by these scams to elderly citizens and pensioners (some of the most vulnerable members of society), is beyond heart-breaking.

In many of these cases, it is not possible to recover any of the funds which have disappeared. The result of this is that an already vulnerable group of people are left without any recourse. “This often leads to destitution. While this fraud may be crippling to a person who is working, at least they have an opportunity to rebuild their savings. We have had cases where an elderly person’s entire pension is stolen due to the fraud and there is no way, or time, for an 80-year-old pensioner to make up the loss,” says Steyn.

Unless the money is stolen at the bank or lost through the fault of an employee or a technological glitch at the bank, it is ultimately up to consumers to do all they can to protect themselves by staying informed about banking scams. The OBS again urges consumers to always be very critical about the person at the other end of the line asking for personal details to be shared.  If in doubt, go to or call your nearest branch and speak to a consultant who will clarify the request for you if it is legitimate.

Covid game changer

The Covid-19 pandemic has been a major global disrupter. Statistics show that in many markets around the world, consumers are prioritising their health and safety over their need to conduct physical transaction, be it purchasing groceries or transacting at their bank. This trend has been replicated in the South African market to a large extent.

With the exponential rise in online transactions as opposed to in-branch transactions, vishing scams have become one of the preferred methods for fraudsters to steal bank customer’s money. It must be pointed out that these individuals are very believable and are so convincing that consumers are lulled into a false sense of validity (that the request is legitimate) which then leads to the fraud taking place.

How the scam works:

  • A bank customer will receive a phone call from someone who says they are from the customer’s bank;
  • The customer is informed that funds have been fraudulently taken from their account or that they (the bank representative) is helping the customer to claim from a rewards program that is offered by the bank. For this to take place, the customer needs to confirm their details so that the funds can be credited to their account;
  • Alternatively, customers are told that they need to act quickly and urgently, as fraudsters “are about to take funds out of their account, but this can be stopped, if they act quickly and do-operate”!
  • The fraudster already has the customer’s phone number (he/she is calling the customer) and may have a host of other personal information at his/her fingertips. This includes addresses, ID numbers, other contact details, email addresses, employment details, or even a customer’s bank card number;
  • The customer is asked to update or verify their details, possibly on their cell phone;
  • The customer is then requested to provide everything required to access their bank account, such as card details, the cards pin number, transaction OTPs,  and mobile or internet banking passwords. The fraudster says that this is necessary for them to assist the customer, to redeem the rewards, to do a transaction, stop a fraudulent payment, or recover the stolen money;.
  • Once the customer has provided the requested details, their accounts are emptied.

The possible stories behind these scams are endless. The following case studies demonstrate the typical modus operandi of the fraudsters. The actual names of the victims have been altered:

 #Pensioners being tricked – more than once. Mr X, is a 69 year old pensioner who received a call from a person (fraudster) who claimed that they were from the bank. He was advised that the bank was in the process of stopping unlawful transactions that had been made from his account. The fraudster requested the OTP that had been sent by the bank which he gave them. An amount of R10 000 was stolen from his account. He complained to the OBS. In this instance, despite being 100% at fault for the loss, the bank considered him a vulnerable consumer. As a gesture of goodwill, the bank gave him a full refunded and educated him about the various types of fraud. The bank further assisted him with downloading the bank’s app on his phone to improve the security measures in place to prevent this type of incident. A few months later, he received a call from fraudsters and was persuaded into processing a transaction of R26 500 from his banking app. He reported the matter to the bank and his profile was blocked. He received another call from the fraudsters a month later and again disclosed his confidential banking details resulting in R5 500 being stolen from his account. While the bank declined to refund the R26 500, through the OBS’s investigation, it was discovered that the last transaction should not have been successful as his profile was supposed to be blocked. The bank agreed to refund the full amount of the last fraudulent transaction (R5 500).

We need to stress the fact that the fraudsters are extremely sophisticated and convincing con-artists. It will be foolish to think that you will immediately see through the scam unless you are 100% clued up on these matters.

Pensioner act on investment advice from “her banker”. Mrs Y, a 90-year-old pensioner, received a call from a fraudster who said that they were calling from her bank’s fraud department. The fraudster provided her with his landline number and a reference number for the call. The fraudster also knew her e-mail address and these few seemingly unimportant facts put her mind at ease. The fraudster convinced her into investing in a product called Luno and the fraudster persuaded Mrs Y into purchasing bitcoin. Since the complainant was convinced that she was talking to someone from the bank, she provided the fraudster with her ID number and proof of residence (documents that are required to register an account at Luno). When the fraud was discovered, an amount of R50 000 had been transferred from her bank account to a Luno account, and the funds were converted into bitcoin. Unfortunately, no recovery was possible. Upon investigation of the matter, it transpired that she had given the fraudsters remote access to her computer. As such, her online banking details were compromised when she logged onto her online banking profile.

As stated before, this type of scam is not only targeting pensioners, but anyone and everyone who engages with the fraudsters and believes their stories.

Social engineering fraud knows no boundaries. Mr Z described the following scenario that happened to him during lockdown last year. During the lockdown, he was unable to go to the shops to pay a clothing account. As a result, his account fell into arrears. He then received a call from someone claiming to be a representative of the clothing store and offered to assist him with settling his arrears through an online payment. The caller knew his name, his account number, and the fact that his account was in arrears. This put Mr Z at ease that the caller was a representative from the clothing store.  The caller requested Mr Z to share his card number to allegedly “facilitate an online payment”. Mr Z obliged.  The caller then requested Mr Z to confirm the three-digit CVV number (PIN for online transactions) which was found on the back of his bank card. At this point, Mr Z became suspicious, hung up the call, and immediately contacted his bank’s fraud department to report the incident.

The lesson for all of us from these case studies is that criminals are smart. If we are ever going to make headway against these fraudsters, we need to become smarter. Consumers need to be alert to the various types of banking scams that are out there and teach themselves, their families, and communities, about the scams as well as the many safeguards provided by banks to prevent them from falling victim.

OBS tips on how to protect yourself from a vishing scam:

  • Be aware. Always remember that legitimate businesses, especially banks, will never ask you for your personal, sensitive, or confidential banking information (pin, OTP, password). Anyone who does this over the phone is probably a fraudster;
  • Do not give in to pressure. If someone tries to coerce and/or pressurise you into giving them sensitive information hang up and immediately contact your bank’s fraud department to report the incident. Especially if the prompt is of an urgent nature;
  • Stay calm and do not panic. These criminals frequently play on unsuspecting consumer’s emotions. Keep a cool head and hang up the phone. Call your bank, credit card company, or wherever the caller claimed to be from immediately and verify whether there is a real problem;
  • Always be sceptical. Even if your Caller ID gives the name of a bank, or some other company or organisation, it could be a trick;
  • If you lose cellphone connectivity for some time for no apparent reason, receive an SMS for a sim swap or a number port you did not request, contact your bank and then your network service provider immediately.

Reana Steyn, Banking Ombudsman.


Sort by:
  • Oldest first
  • Newest first
  • Top voted

You must be signed in and an Insider Gold subscriber to comment.


Bring back the death penalty.

That is the only worst decision to make.

Already the governing party with the power that they have been blessed with by the voters and restrictions imposed by the Constitution has all be ensured things are a complete mess whilst corrupt killers walk freely due to their political status and You want to give them the power to decide Life or Death???

Only the All Mighty can decide Life or Death.

The Coligny judgement tells me – loudly – that this would be terrible disaster for minorities.

Good article. Banking systems are going to have to become a lot smarter to protect their customers. It’s interesting that banks most of the time do not take responsibility for the security breach when they enforced the process/ease of banking on the consumer. There are very basic actions a consumer can take, for instance, if you are a person who never purchase anything online, perhaps request the bank that your card is set to not accept online purchases if you don’t have a banking app to do so. From what I read here, it’s really not wise interacting telephonically at all. Perhaps we need some technology to verify calls on the spot?

Customers are their own worst enemies, but then again so are the card swipe operators. Banks and suppliers of services should determine how these scamsters get their information in the first place and close that loophole. All banks have security and fraud departments they need to track the perpetrator down and lay charges to have them imprisoned

Banks need to stop calling customers and asking us to verify our details. This is at the core of this kind of fraud. If a legitimate bank calls a customer, they know who we are. They should NEVER have to ask for our personal details, except for maybe asking us to complete the second half of an ID number after they give us the first half. Not the half dozen questions they currently ask, extracting ALL our personal information before they will talk to us. THEY called US.

I recently complained to the ombudsman about the conduct of ABSA Stockbrokers on a managed account but was disappointed. I figured the ombudsman chose the bank’s side without doing a ordering a proper investigation, probably because the ombudsman is funded by the banks.

Use the following rule:

Don’t let an unknown caller say anything. Ask the caller who they are and what the call is about? If the answer is not satisfactory cut the call and block the number.

Since I started doing this I am receiving very few spam calls.

In general do not conduct any business on the phone. Contact the company through their legitimate contact methods and use e-mail so there is a documented trail.

I still cannot understand how the banks can wash their hands. The funds are being transferred, into an account. An account that was opened with FICA in place.

End of comments.



Subscribe to our mailing list

* indicates required
Moneyweb newsletters

Instrument Details  

You do not have any portfolios, please create one here.
You do not have an alert portfolio, please create one here.

Follow us:

Search Articles:
Click a Company: