Online Scam: Woman loses R120,000 after downloading app to buy discounted airline tickets

An unsuspecting woman has become the latest victim of an alarming and sophisticated scam, losing a staggering R120,000 after responding to a seemingly legitimate social media advert offering discounted airline tickets.

The victim, whose identity is being withheld for privacy reasons, was lured in by the alluring promise of discounted travel. After clicking on the advert, she was directed to a page where she submitted her phone number and email address via a link. 

Shortly after, her phone buzzed with a WhatsApp message from the scammers, and she was directed to download an app from the Google Play Store to access promo codes. Though the link appeared secure, the app was fraudulent and embedded with malware.

Upon examining her banking app, the woman realised that she had fallen victim to fraud: two unauthorised transactions had been processed. In an effort to salvage the situation, she reported the fraud to her bank and the South African Police Service (SAPS) merely 27 minutes after noticing the suspicious activity.

Despite her prompt action—just 27 minutes after the transactions—the bank denied liability, citing that the payments had been authorised via selfie-authentication on her phone.

Undeterred, the distressed woman escalated the matter to the National Financial Ombud (NFO), seeking a full refund for her considerable loss.

The NFO conducted a thorough investigation and reached several critical findings. It was revealed that the stolen funds had already been spent by the time the fraud was reported, depriving the victim of any possibility of recovery. The bank also presented evidence indicating that biometric authentication had been used to endorse the transactions in question.

Ultimately, the NFO concluded that the compromise originated from the woman's interaction with a fraudulent third-party app, which contained malware capable of remote access and biometric simulation.

By downloading the fraudulent application, the woman had unknowingly granted the criminals full access to her device, thereby facilitating the fraud.

Furthermore, there was no proof was provided that the transactions took place as a result of maladministration or safety and security failures on the part of the bank.

The NFO accordingly could not conclude that the bank was liable for the consumer’s loss.

The NFO said the type of malware that was used doesn’t just steal passwords—it can hijack devices, simulate identity, and bypass security measures by exploiting biometric systems.

"That’s why downloading apps from unofficial sources—even if they appear secure—is extremely risky," said the NFO.

The NFO has advised consumers to think twice before downloading apps.

"Use trusted sources, only download apps from verified developers with strong reviews and a high download count. Check permissions, be wary of apps requesting access to your camera, contacts, or banking apps."

sinenhlanhla.masilela@iol.co.za

IOL News

Get your news on the go. Download the latest IOL App for Android and IOS now