Digital fraud is on the rise in South Africa, with the number of incidents reported by the banking sector in the 2024 calendar nearly doubling year on year. The rate of successful incidents is just as endemic, growing by more than two-thirds over the same period.
This is according to the South African Banking Risk Information Centre’s (Sabric’s) Annual Crime Statistics report, released this week.
“In 2024, digital banking crime continued to soar following the sharp upward trend from 2023,” Sabric said in the report. “Digital banking fraud incidents escalated in 2024 compared to the previous year, depicting an 86% increase in reported incidents from the banking industry and a 74% increase in the associated losses. This significant increase highlights the need for robust countermeasures.”
According to Sabric, gross losses from the 97 975 digital fraud incidents reported by the banking sector amounted to a staggering R1.9-billion. Comparing with data from 2022 and 2023, Sabric concluded that more than half of the total digital banking fraud cases in the last three years occurred in 2024 alone.
Banking apps were found to be the most popular channel cybercriminals used to perpetrate digital banking fraud. Some 65% of reported incidents in 2024 occurred through banking apps, amounting to R1.2-billion. Despite the number of exploits through banking apps being so high, it is the human element that has been identified as the biggest loophole, will all reported incidents driven by social engineering techniques.
“Human fallibility is a primary attack vector that is exploited to deploy social engineering attacks. The surge in fraud during 2024 was largely due to phishing, ‘vishing’ and other social engineering tactics. Criminals obtained passwords, Pins or approvals by tricking victims through sophisticated fraud schemes, and in some cases, scams driven by AI,” said the report.
Smishing and quishing
Other forms of online banking, such as PC-based web access and USSD-based mobile banking, each accounted for around 10% of all reported incidents.
Phishing, vishing and “smishing” are all methods of exploiting trust and fear to gain access to confidential information through SMS, e-mail or calls. Newer ways of phishing, such as “quishing”, where QR codes are used to trick users into compromising their security, are also coming to the fore.
Sabric said cybercriminals create manipulated or fake QR codes that embed malicious links that, when scanned, victims are unknowingly redirected to fraudulent and spoofed websites designed to steal sensitive information with seemingly legitimate webpages, such as fake login pages and credential harvesters, or to initiate malware downloads.
Read: Hackers target Ingonyama Trust in ransomware attack
Another newer form of manipulation is executive impersonation and payment fraud, where employees and suppliers are tricked into making payments under the impression that one of their executives has given the instruction. These scams can happen over e-mail, but criminals are increasingly using more familiar platforms like WhatsApp to earn the trust of their targets more easily.
“These scams are particularly effective because they combine the perceived authority of financial executives with the accessibility and informality of social media and messaging apps,” said Sabric.
AI is playing an ever-increasing role in the facilitation of various types of scams. In the past, the discerning user could rely on a lack of good grammar and spelling to suss out suspicious e-mails. Using AI, criminals are able to create error-free messaging that uses emotive language effectively to slip under the user’s radar.
AI is also being used in more sophisticated ways to create convincing deepfakes, some of them imitating the voices of well-known celebrities or company executives. Sabric said banks are exploring countermeasures like AI detection systems to combat these type of scams. One pernicious use of AI is automation, which has given criminals the ability to increase the number of attacks they put out with very little effort.
Read: SharePoint attackers hit another government department
“These emerging trends paint a picture of an ever-evolving threat landscape. Criminals are innovating constantly, whether through technology like AI and malware or through inventive social tricks. However, banks and partners are also evolving in response, using better tech, stricter policies and teamwork,” said Sabric. – © 2025 NewsCentral Media
Get breaking news from TechCentral on WhatsApp. Sign up here.
