Phishing Scams Targeting Bank Customers in South Africa
South African banking customers face targeted phishing attacks impersonating FNB, Standard Bank, Absa, Nedbank, and Capitec, with criminals harvesting internet banking credentials, OTPs, and card PINs through fake SMS alerts and cloned login portals.
Part of: Phishing
Last reviewed: 1 June 2026
South Africa's major banks are among the most impersonated brands in the country's phishing landscape. Criminals send SMS messages spoofed to appear from the victim's actual bank, directing them to cloned login pages that capture username, password, and the OTP required to authorise transactions.
The South African Banking Risk Information Centre (SABRIC) reports significant losses annually to digital banking fraud. Vishing (voice phishing) is also prevalent — callers impersonate bank fraud departments, use personal details purchased from data breaches to establish credibility, and then extract OTPs in real time.
How this scam works on South Africa
A victim receives an SMS appearing to come from their bank's official number — sometimes even appearing in the legitimate SMS conversation thread due to SMS spoofing. The message warns of a suspicious transaction and provides a link to verify their details. The link leads to a convincing clone of the bank's app login.
Vishing attacks follow a different pattern: the caller claims to be from the bank's fraud team and says a large transaction is pending on the account. To stop it, the victim must provide their card number, PIN, or the OTP that has just been sent to their phone — handed directly to the criminal.
SIM-swap fraud is closely linked: criminals transfer a victim's phone number to a new SIM by exploiting mobile network processes, then use OTPs to authorise bank transfers before the victim notices.
Common red flags
- SMS with a bank link that lands on a page with a slightly different URL from the official bank
- Phone call from someone claiming to be your bank's fraud department asking for your OTP
- Sudden loss of mobile signal — possible sign of a SIM swap in progress
- Bank login page that asks for your PIN as well as your password
- Transaction alert for a purchase you did not make, followed by a call asking you to confirm your identity
How to protect yourself
- Access your bank only through the official app — never via a link in an SMS
- Never share an OTP with anyone, including someone claiming to be your bank
- If your phone loses signal unexpectedly, contact your mobile network immediately to check for SIM swap activity
- Register for your bank's fraud alert service and set low transaction notification thresholds
- Report suspicious SMS messages to your bank's fraud line immediately
How to report it
- Contact your bank's 24-hour fraud line immediately to freeze accounts if you suspect compromise
- Report to SABRIC at sabric.co.za
- File a report with the South African Police Service (SAPS) if funds were stolen
Frequently asked questions
What is a SIM swap and how does it enable bank fraud in South Africa?
A SIM swap transfers your mobile phone number to a new SIM card controlled by the fraudster. They can then receive your bank OTPs, reset your internet banking password, and authorise large transfers. Contact your mobile provider immediately if your phone suddenly has no signal, and file a SIM swap fraud report with your bank.