Best of Johannesburg
Tap, Snap, Scam: How South Africans Are Losing Millions to Fake EFTs in 2025
When a “payment done” message isn’t what it seems
You sell your phone online. The buyer sends a neat screenshot showing “payment made” and urges you to hand it over quickly. You check your messages, not your bank balance, and decide to trust them. Hours later, there’s still no money in your account, and the buyer has vanished.
Welcome to the world of “Tap, Snap, Scam,” a fast-growing wave of digital fraud where fake EFTs are at the centre of it all. Across South Africa in 2025, scammers are using AI tools, cloned voices, and realistic-looking payment proofs to trick even the most careful people into losing money or goods.
Courts have now made it clear: if you pay into a bogus account, you may well be liable for that loss. It’s time to look beyond the screenshot and take your power back.
The scams behind the names: Tap, Snap, Scam
Tap: contactless trickery
“Tap” scams exploit “tap and go” contactless card payments. Fraudsters hijack card data (via skimming or NFC cloning) and make small purchases to test whether the card still works. Some even use a “double tap” method, charging from a distance with their own POS machine, to slip through unnoticed.
Snap: the fake payment confirmation
In a “Snap,” you’re shown a convincing screenshot, pop-up, or fake app notification that claims an instant EFT has cleared. Sellers often release goods under pressure, only to find the funds never existed.
Scam: the master illusion
This is where deepfakes, AI voice clones, and phishing converge. You might receive a message from “your bank” asking you to verify your PIN or OTP. Or an email from a “client” who updates their banking details, but in reality, you’re paying the scammer.
Some frauds rely on business email compromise (BEC): hackers intercept legitimate email threads and alter banking instructions midway. If you don’t double-check, your money goes elsewhere.
Fraudsters also fabricate polished proof-of-payment PDFs that look totally legitimate. Under pressure and trusting the “evidence,” many victims release goods or authorize services before realisation hits.
The legal shift: You can’t just blame someone else
Here’s where it gets tougher. In 2025, South Africa’s Supreme Court of Appeal made a ruling that shifts the burden of responsibility onto the person making the payment. In cases involving BEC fraud, courts decided the debtor (payer) is responsible if they fail to verify new or changed banking information. That means paying into a fraudster’s account may be your mistake, even if you thought you were dealing with a trusted party.
One illustrative example involved a car transaction. Hyundai, believing they were paying a supplier, transferred funds to a fraudulent account after receiving doctored invoice email instructions. Despite Hyundai’s protest, the court ruled that they hadn’t discharged their duty to verify the correct account and ordered them to pay.
Another earlier high-profile case involved a property buyer who transferred R5.5 million based on a fraudulent email claiming to be from the seller’s law firm. A High Court initially found the law firm liable, but the SCA overturned it, ruling that extending a duty of care to cover cyber-intermediary fraud would create open-ended liability for all creditors.
The message is clear: payment is only complete when the money lands in the correct account. If you don’t check, you may suffer the loss.
Why we’re especially vulnerable in South Africa
South Africa is a prime target for these scams due to:
-
Widespread data leaks and breaches give fraudsters personal information to build trust.
-
Low digital fraud awareness among many users, especially as AI tools make scams more plausible.
-
Banks and institutions are struggling to keep pace. Studies show a scarcity of fraud detection expertise in the South African banking sector, which weakens their ability to flag anomalies.
-
Criminal syndicates operating across borders: In 2025, INTERPOL helped dismantle a network that defrauded nearly 88,000 victims and recovered millions.
In short, many security controls are still playing catch-up while fraudsters accelerate.
How to stay one step ahead
These aren’t complicated steps, but they require steady, consistent discipline.
-
Never trust a screenshot
If someone shows you proof of payment, log in to your own banking app and see if the funds appear. If in doubt, wait until cleared before releasing goods. -
Verify banking changes independently
If someone says their bank details have changed, call a known number (not one in the email) and confirm. -
Treat unsolicited offers with extreme scepticism
Promises of quick, guaranteed returns are classic bait. Don’t rush. Don’t click links. Don’t share sensitive info. -
Don’t share login credentials or OTPs
Banks will never ask for PINs, passwords, or OTPs via phone, text, or email. Keep those to yourself. -
Use secure payment methods
When possible, use cards with PIN requirements or mobile wallets with additional authentication. For large sums, opt for methods that offer traceability. -
Use two-factor authentication (2FA) everywhere
When your banking or email system offers 2FA, enable it. -
Educate, report, speak out
If you suspect a scam, report it to your bank, the police, the Southern African Fraud Prevention Service, and FSCA. If you or someone you know is targeted, share your experience; public awareness is a powerful deterrent.
A story to keep in mind
Earlier this year, a Joburg tech start-up CEO got a WhatsApp message from someone posing as their COO. The profile photo, tone of voice, and texting style were perfect. They requested an urgent transfer to a “new investor account.” The CEO paused. Something in the language felt off. Instead of wiring funds, they rang the COO using their known number. Sure enough, the request was fraudulent, but already the fake payment order was waiting in the email queue. The scam failed, but only because the CEO paused, verified, and refused to trust blindly.
That moment of hesitation, that one extra check, can be the difference.
Fraudsters are leaning harder on tech like AI, deepfake voices, and automatically generated documents. But your biggest vulnerabilities remain human: trust, distraction, and fear. In 2025, when “trust what you see” is no longer safe wisdom, your best defence is a slow heartbeat and a skeptical mind.
Stay sharp, Joburg.
Also read: How to Spot Job Scams in South Africa in 2025: What Every Jobseeker Should Know
Follow Joburg ETC on Facebook, Twitter, TikT
For more News in Johannesburg, visit joburgetc.com
Featured Image: Malwarebytes
