RAT attacks are on the rise: What South Africans need to know about the new face of banking fraud
A new generation of banking fraud is emerging in South Africa, giving criminals real-time control over victims’ devices.
Image: File
ONE of the fastest-growing and most dangerous scams targeting South African consumers involves something many people have never heard of: RAT attacks.
According to Bonolo Sebolai, Head of Fraud at TymeBank, these scams rely on tricking customers into giving criminals direct access to their devices.
“RAT scams are particularly dangerous and extremely sophisticated because they are designed to use the device at the same time as the customer without any clear signs of a device take over . The criminal doesn’t steal your login details but rather takes control of your device,” says Sebolai.
What is a RAT Attack?
RAT stands for Remote Access Trojan – malicious software that allows a fraudster to remotely control a person’s phone or computer. In South Africa, these scams typically start with a call or message claiming to be from a bank’s fraud or security department, mobile network provider, courier company , online retailer or Government department. Victims are told there’s an urgent problem with their account, device, or expected service and are instructed to install an app or click a link, often sent via WhatsApp or SMS, leading them to install software onto their device that will supposedly provide a solution.
Once installed, the scammer can see the customer’s screen, captured PINs and passwords, intercept one-time passwords (OTPs) and even initiate banking transactions in real time.
“To the bank, it can look like the customer is making the transaction themselves because the criminal is actually using the customer’s own device,” explains Sebolai.
Why RAT Attacks are increasing locally
Fraudsters exploit urgency warnings, such as an account is “about to be blocked” or the delivery of a service “can’t be completed”.
“These scams thrive on pressure and authority,” says Sebolai. “If you’re being rushed to act immediately, that’s one of your biggest red flags.”
Other red flags consumers should never ignore include requests to install software or apps to “fix” a problem, being asked to stay on the line while logging in, or supposed instructions to approve transactions to “reverse fraud”.
A key rule: Your bank will never ask you to install remote access software or share your PIN or OTP.
What “Bank-Grade” Security Means in 2026
As scams become more sophisticated, so must banking security.
“In 2026, bank-grade security means monitoring behaviour in real time, not just checking passwords,” says Sebolai. “At TymeBank, we use real-time behavioural monitoring and risk-based controls to detect suspicious activity — even when fraudsters are using a customer’s own device.”
This includes real-time fraud detection, monitoring unusual behaviour, such as signs of remote device control, risk-based security that adapts to the situation and proactive alerts when something doesn’t look right.
Importantly, strong security shouldn’t create unnecessary friction.
“The goal isn’t to make banking harder for customers,” says Sebolai. “It’s to stop criminals while keeping everyday banking simple.”
How Consumers Can Protect Themselves
“Only download apps from official app stores. And don’t be afraid to hang up and contact your bank directly if something feels wrong. You should act immediately if you suspect your device has been compromised,” advises Sebolai.
As digital banking grows, fraud attempts will continue, but awareness remains one of the strongest and most foundational defences.
“In banking, trust isn’t something you just say, but rather something you prove every day,” says Sebolai.