Bonolo Sebolai, head of fraud at TymeBank.
The Remote Access Trojan (RAT) attack is one of the fastest growing and most dangerous scams targeting South African consumers, warns Bonolo Sebolai, head of fraud at TymeBank.
A RAT is malicious software that allows a fraudster to remotely control a person’s phone or computer.
According to TymeBank, in SA, these scams typically start with a call or message claiming to be from a bank’s fraud or security department, mobile network provider, courier company, online retailer or government department.
Victims are told there is an urgent problem with their account, device or expected service. They are instructed to install an app or click a link, often sent via WhatsApp or SMS, which leads them to install software onto their device that will supposedly provide a solution.
Once installed, the scammer can see the customer’s screen, capture PINs and passwords, intercept one-time passwords (OTPs) and even initiate banking transactions in real-time.
“RAT scams are particularly dangerous and extremely sophisticated because they are designed to use the device at the same time as the customer, without any clear signs of a device takeover. The criminal doesn’t steal your login details but rather takes control of your device,” says Sebolai.
“To the bank, it can look like the customer is making the transaction themselves because the criminal is actually using the customer’s own device,” he explains.
Sebolai adds that fraudsters exploit urgency warnings, such as an account is “about to be blocked” or the delivery of a service “can’t be completed”.
“These scams thrive on pressure and authority,” he says. “If you’re being rushed to act immediately, that’s one of your biggest red flags.”
Other red flags include requests to install software or apps to “fix” a problem, being asked to stay on the line while logging in, or supposed instructions to approve transactions to “reverse fraud”.
A key rule: a bank will never ask you to install remote access software or share your PIN or OTP, says Sebolai.
Ian Janse van Rensburg, head of security engineering for Africa at Check Point Software Technologies, says banks and other financial companies are facing increasing danger from RATs.
“Modern RATs are designed to hide from users, so there are usually no clear signs, like a slower computer. These threats steal passwords, move through networks and often go after important areas like treasury teams and payment processors,” he adds.
Janse van Rensburg’s advice to financial companies is to use several layers of security, including installing security tools like endpoint protection, network micro-segmentation and making sure accounts use multifactor authentication.
“It is also important to keep monitoring systems for abnormal outgoing traffic and signs that someone else is controlling them,” he adds.
According to Sebolai, as scams become more sophisticated, so must banking security.
“In 2026, bank-grade security means monitoring behaviour in real time, not just checking passwords,” he continues. “At TymeBank, we use real-time behavioural monitoring and risk-based controls to detect suspicious activity – even when fraudsters are using a customer’s own device.”
Monitoring and controls include real-time fraud detection, monitoring unusual behaviour, such as signs of remote device control, risk-based security that adapts to the situation and proactive alerts when something doesn’t look right.
Importantly, strong security should not create unnecessary friction.
“The goal isn’t to make banking harder for customers,” says Sebolai. “It’s to stop criminals while keeping everyday banking simple.”
Sebolai advises consumers to only download apps from official app stores. “And don’t be afraid to hang up and contact your bank directly if something feels wrong. You should act immediately if you suspect your device has been compromised.”
As digital banking grows, fraud attempts will continue, but awareness remains one of the strongest and most foundational defences.
“In banking, trust isn’t something you just say, but rather something you prove every day,” says Sebolai. “And that starts with keeping customers informed.”
