Banking

Capitec banking app fraud warning

2 December 2025
Add Google Preferred Source Follow on Google News

Capitec warned that it is seeing banking-app-related fraud from criminals manipulating people through tactics like phone theft, intimidation, impersonation scams, malware, and social engineering.

Capitec’s head of financial crime, Nick Harris, told Daily Investor that the bank continues to see the most significant risks in mobile and app banking driven by criminal tactics that target individuals, rather than the technology itself.

Instead of trying to directly defraud Capitec’s app, which remains secure, criminals are focussing on another weak point.

Harris warned that fraudsters try to persuade clients to hand over access or to make payments themselves. He explained that there are five main types of banking app-related fraud Capitec encounters.

The first involves criminals physically forcing, causing panic, or intimidating clients to unlock their phones and banking apps so that funds can be transferred quickly.

Another common tactic involves phone theft and social engineering to gain access to a victim’s device. “It often starts as a ‘simple’ phone theft. Criminals then attempt trusted contact resets to try to gain access to the device,” Harris warned.

Their goal is to retrieve locally stored card details, gain access to the banking app, or determine if they can obtain the client’s banking PIN.

“Even if they succeed in obtaining the PIN, large transactions cannot be processed without selfie biometric verification. This prevents high-value payments from being made on a stolen device,” he explained.

Vishing and impersonation schemes, where fraudsters phone clients and convincingly pose as employees of banks, retailers, or even law enforcement, are also common, Harris said.

Fraudsters create a sense of urgency in clients to authorise high-value payments, “Send Cash”, or send money to so-called “safe haven” accounts.

Fraudsters trick South Africans

Capitec is also seeing a number of malware cases linked to well-known brands, Harris warned. “Downloading fake apps is becoming a growing problem. These scams are often coupled with enticing deals.”

According to Haris, Capitec clients are being defrauded, in particular, by fake offers linked to flights and streaming services.

“Clients are then contacted by a friendly “support” agent who convinces them to download malware and ignore all device warnings. Once installed, the malware can take over the client’s phone,” he explained.

“In the background, it activates the client’s banking apps and initiates payments using biometrics. This includes triggering the camera or other biometric features without the client’s awareness.”

Finally, Harris warned that Capitec frequently sees general scams and schemes involving push payments (APP fraud).

With this type of fraud, the client is tricked into sending the money themselves. Even though the client technically authorises the transaction themselves, they do so under false pretences.

Common examples include fake investment opportunities, cryptocurrency or trading schemes, online marketplace scams, and refund or overpayment stories.

Romance scams, fake courier schemes, and SMS messages that target the retrieval of card details are also common types of APP fraud.

How clients can stay safe

“The app environment is generally very secure,” Harris said. “The real battle is against social engineering, malware, and scams that manipulate people.”

“If clients protect their PINs, are cautious about who they trust, and verify before paying, they dramatically reduce their chances of becoming a victim of banking app fraud.”

According to Harris, clients can significantly reduce their risk by never sharing or disclosing their remote banking pin, phone pin or one-time pin with anyone.

Clients should also monitor their accounts regularly and urgently report any suspicious activity to reduce their chances of being defrauded.

Harris also said clients should be sceptical of calls and messages, especially when there is pressure, panic or urgency.

If a client receives a call claiming to be from the bank and asking them to act urgently, they should hang up and call the number listed on the official Capitec app or website.

“Our app will warn you that you are not talking to Capitec. Do not click on links in unexpected SMSs or emails that ask you to log in or ‘verify’ your account,” he explained.

Harris also urged South Africans to protect their phones as they would their wallets. This entails using a strong lock screen and keeping the operating system and apps updated.

“Do not install unknown apps or ‘support tools’ from links sent via SMS, email, or social media. Always use official app stores. If your phone is lost or stolen, contact Capitec immediately to block the app and your cards,” he said.

He stressed that consumers should also slow down before they pay. For investments, online purchases, or requests from new contacts, they should pause and verify independently before making a purchase.

“Be cautious of high returns, ‘guaranteed’ profits, or pressure to pay immediately. If someone claims they accidentally paid you and needs an urgent refund, verify with the bank first,” Harris warned.

Finally, Harris advised that when someone’s phone is stolen, they should report it to Capitec immediately so the bank can block their app and secure their accounts.

“Alert your family members and trusted contacts,” he added. “Criminals often use stolen phones to trigger trusted contact resets or social engineering attempts.”

“They may contact your relatives or friends pretending to be you. asking them to approve reset codes or share one-time passwords.”

Newsletter

Top JSE indices

1D
1M
6M
1Y
5Y
MAX
 
 
 
 
 
 
 
 
 
 
 
 

Comments

Privacy policy | Contact | Advertise |

Articles and other information on Daily Investor is for information purposes only and is not financial or investment advice. It should not be seen as a recommendation to buy shares in any company. Our content is produced without considering the objectives, financial situation, or needs of individuals. Before making any investment decision, prospective investors should consider the appropriateness of the information to their own objectives, financial situation and needs and seek legal and taxation advice appropriate to their jurisdiction.

Profile Data logo

Price and trade data source:

JSE Ltd All other statistics calculated by Profile Data.

All data is delayed by at least 15 minutes.

Press Council South Africa IAB South Africa
Daily Investor proudly displays the “FAIR” stamp of the Press Council of South Africa, indicating our commitment to adhere to the Code of Ethics for Print and online media which prescribes that our reportage is truthful, accurate and fair. Should you wish to lodge a complaint about our news coverage, please lodge a complaint on the Press Council’s website, www.presscouncil.org.za or email the complaint to [email protected] Contact the Press Council on 011 4843612.