Rat attacks on the rise in SA

South Africans are being warned about a fast-growing and highly dangerous form of digital fraud that is increasingly targeting people through their smartphones.

Known as RAT attacks, these scams are particularly effective because many victims have never heard of them and don’t realise what is happening until it is too late.

RAT stands for Remote Access Trojan, a type of malicious software that allows criminals to remotely control a person’s phone or computer.

RAT attacks give fraudsters direct access to a victim’s device, enabling them to operate banking apps in real time while the customer is still using the phone.

Bonolo Sebolai, Head of Fraud at GoTyme Bank, says that these scams are among the most sophisticated currently affecting South African consumers.

“RAT scams are particularly dangerous and extremely sophisticated because they are designed to use the device at the same time as the customer without any clear signs of a device takeover.” 

He explains that criminals don’t steal your login details; they take control of your device.

In South Africa, RAT scams usually begin with a phone call or message claiming to be from a bank’s fraud department, a mobile network provider, a courier company, an online retailer, or even a government department.

Victims are told there is an urgent problem with their account, device, or a pending delivery. They are then instructed to click a link or install an app, often sent via WhatsApp or SMS, which supposedly resolves the issue.

Once that software is installed, the scammer can see everything happening on the screen. This includes PINs and passwords as they are entered, one-time passwords sent by the bank, and even live banking transactions.

“To the bank, it can look like the customer is making the transaction themselves because the criminal is actually using the customer’s own device,” said Sebolai.

Fraudsters rely on panic and pressure to succeed. Common tactics include warnings that an account is about to be blocked or that a service cannot be completed unless immediate action is taken.

“These scams thrive on pressure and authority. If you’re being rushed to act immediately, that’s one of your biggest red flags,” Sebolai warned.

Other warning signs include being asked to install software to “fix” a problem, being told to stay on the line while logging in, or being instructed to approve transactions to supposedly reverse fraud. 

A critical rule remains that we will never ask customers to install remote access software or to share PINs or OTPs.

Due to growing fraud concerns, banks are strengthening their security systems. Sebolai says modern banking security now goes beyond passwords. 

“In 2026, bank-grade security means monitoring behaviour in real time, not just checking passwords.” 

At GoTyme Bank, this includes real-time fraud detection, behavioural monitoring to spot signs of remote device control, and risk-based security that adapts to each situation. Consumers are also urged to take basic precautions. 

Sebolai advised people to only download apps from official app stores, to hang up and contact their bank directly if something feels wrong, and to act immediately if they suspect their device has been compromised.