A 63-year-old retired teacher from Dowerglen, east of Johannesburg, is fighting to recover more than R1.2 million lost in a sophisticated phishing scam that drained funds from her bank accounts within minutes.
Luisa Elisabetta Westphal says her financial life was turned upside down after fraudsters gained access to her accounts through what appeared to be a legitimate promotional offer linked to South African Airways (SAA). Despite reporting the incident immediately, she claims she has received little assistance and was later offered only R20,000 as a goodwill payment.
The incident occurred on September 30, 2025, when Westphal received a WhatsApp call from a woman identifying herself as an SAA representative. The caller reportedly knew personal details, including Westphal’s name and identification number, and offered her a special travel discount available to senior citizens.
According to Westphal, the caller directed her to a link that appeared to be an official SAA application. Believing the offer was genuine, she clicked on the link. Shortly afterwards, she discovered that large sums of money had been removed from her accounts.
Bank records show that nearly R994,300 was withdrawn from her home loan access bond, while an additional R82,800 was taken from her credit card account. Her husband also reportedly lost R199,000 from his bank account. The combined losses amounted to more than R1.27 million.
Westphal insists she never authorised any of the transactions and says she did not provide banking credentials, one-time passwords, PINs, or biometric verification. She further argues that the unusual activity should have triggered security alerts, especially since her access bond account had not experienced significant withdrawals for years.
After reporting the incident to the bank’s fraud department, Westphal says she expected a thorough investigation and regular updates. However, she alleges that communication became limited after the initial stages of the inquiry.
Months later, the bank informed her that it believed the fraudsters had accessed her banking profile using compromised login details. As a result, the institution concluded that it was not liable for the losses and offered a R20,000 goodwill payment without admitting fault.
The offer represented only a tiny fraction of the money lost, leaving Westphal frustrated and determined to continue pursuing the matter.
Compounding her difficulties, she says she has continued receiving collection notices for debts linked to the compromised accounts. With the funds withdrawn from her access bond, monthly repayments reportedly increased dramatically, placing further financial pressure on her retirement income.
Westphal has since appointed attorneys and plans to explore all available legal avenues. She believes banks should have stronger systems in place to detect unusual transactions and prevent large transfers from being processed without additional verification.
The case has renewed debate around the growing threat of phishing and social engineering scams in South Africa. Cybercriminals are increasingly using stolen personal information to convince victims that fraudulent communications are legitimate.
While banks continue investing in fraud detection technologies and customer awareness campaigns, consumer advocates argue that financial institutions must do more to identify suspicious activity before substantial losses occur.
As the dispute continues, Westphal hopes her experience will raise awareness and encourage stronger protections for bank customers across the country.
About the Author
