
A sophisticated wave of bank SMS fraud has escalated into a R2-billion problem, with cybercriminals exploiting vulnerabilities in bulk messaging platforms to send perfectly faked text messages that appear identical to legitimate bank communications, according to Dirk de Vos, CEO of Venture Labs.
De Vos revealed that fraudsters are purchasing access to the same bulk SMS services used by legitimate financial institutions, allowing them to spoof a bank’s alphanumeric sender ID and insert fraudulent messages directly into a customer’s existing message thread. This technique bypasses traditional warning signs—such as typos, suspicious links, or unfamiliar phone numbers—that consumers have long relied on to identify scams.
“These services aren’t particularly expensive; they operate almost like subscription platforms,” De Vos explained. “Once fraudsters insert themselves into the thread you have with your bank, it creates a false sense of comfort. You don’t look more carefully, and that’s when accounts can be emptied in minutes.”
The warning follows a detailed investigative series published by Venture Labs, which documents multiple cases of online fraud. One victim, referred to by the pseudonym “T,” lost R187,000 despite being vigilant and familiar with common scam indicators. De Vos emphasized that the victims are not typically the “vulnerable” individuals many assume—they include financially literate professionals and technically skilled individuals.
“The effort has moved away from hacking systems to manipulating customers,” De Vos said. “Fraudsters understand how to exploit anxiety—triggering concerns about account security—and that pressure makes even careful people susceptible.”
De Vos identified a systemic weakness in the SMS infrastructure itself. While cellphone networks possess the technical capability to address the spoofing vulnerability, they are under no regulatory obligation to do so. “It’s a flaw in the system, and it has nothing to do with the banks in this instance,” he stated. “The cell phone networks control this layer of connectivity.”
He pointed to regulatory developments in the United Kingdom as a potential model for resolution. There, banks are increasingly held strictly liable for fraud losses, creating a financial incentive for financial institutions to collaborate with telecommunications providers on systemic fixes. “When banks bear the loss, they become motivated to drive change,” De Vos noted.
In the absence of immediate infrastructure reforms, De Vos urged consumers to reconsider their confidence in spotting scams. “People believe they are immune because they are careful. That confidence is often misplaced,” he cautioned. He advised customers to independently verify any unexpected bank communication by contacting their institution through official channels—not by replying to or clicking links within the message.
Venture Labs’ eight-part series on online fraud, currently running in Currency News, outlines additional fraud typologies and protective measures. De Vos stressed that as fraud tactics evolve across platforms, public awareness and systemic accountability must advance in tandem.
“With fraud happening all year round and capable of targeting anyone at any time,” De Vos concluded, “this isn’t just an individual risk—it’s a collective challenge requiring coordinated solutions.”









