Cybercrime is on the rise in South Africa, with phishing scams leading the way. These attacks are becoming more sophisticated by the day, using advanced AI and fake websites that closely resemble legitimate ones. Cybercriminals are exploiting the trust we place in well-known institutions, including the South African Revenue Service (SARS), to trick us into sharing personal details or making unnecessary payments.
A common scam involves emails that look like they’re from SARS, promising tax refunds but linking to fraudulent websites designed to steal your banking details. SARS has made it clear that they will never ask for personal or banking information via email, SMS, or phone. Another growing scam sees fraudsters posing as SARS customs officials, claiming payment is required for “detained parcels.” These scammers are out to steal money from unsuspecting victims. SARS has strongly advised the public to ignore these messages and not to share any personal information or make payments in response.
With that said a concerning new tactic involves cybercriminals impersonating courier companies. They send emails claiming that import taxes or shipping fees are due and provide links to fake websites where victims are asked to make payments. These emails can look incredibly convincing, making it hard to spot a scam until it’s too late and the victim’s funds are gone.
In 2024, Kaspersky’s security solutions blocked over 893 million phishing attempts globally, marking a 26% increase from the previous year. In South Africa, the telecommunications sector alone saw a 15.5% rise in suspected digital fraud, with an alarming 78% year-on-year increase. This surge in cybercrime highlights the urgent need for both individuals and businesses to take proactive steps to protect their information.
Experts have also observed that cybercriminals are using a variety of tactics in their email campaigns targeting businesses. These tactics include sending emails with password-protected archives containing malicious content, as well as SVG images disguised as harmless graphics. Additionally, fake court appeals, bogus offers, and counterfeit official notifications are commonly used to lure victims into clicking on harmful links or downloading dangerous files.
Recent data shows that nearly half of all emails in corporate inboxes, 47% of global email traffic are spam, marking a 1.27% increase from the previous year. South African users saw a 20% rise in malicious emails, signaling an increasing threat. While not all spam is malicious, much of it is simply unsolicited advertising, experts have noted a concerning trend. More corporate spam is now promoting AI solutions, webinars, online marketing services, and follower-boosting schemes.
So, how can you protect yourself?
- Be Suspicious: If you receive an unsolicited email or message, especially one asking for personal information or a payment, don’t trust it. It’s always better to double-check the spelling of the domain/URL if you suspect you are faced with a phishing page. If you are, the URL may contain mistakes that are hard to spot at first glance, such as a 1 instead of I or 0 instead of O.
- When in Doubt, Verify: If something feels off, it probably is. Contact the organisation directly using official contact details to verify if the message you received is legitimate.
- Use Strong, Unique Passwords: Create complex passwords for each of your accounts and make sure to change them regularly – at least every 3 to 6 months.
- Turn On Two-Factor Authentication: Adding an extra layer of security makes it much harder for cybercriminals to access your accounts.
- Keep an Eye on Your Accounts: Regularly check for any strange activity on your bank accounts. If you spot anything suspicious, report it immediately and freeze your account or card if needed.
- Hang Up if You’re Unsure: If you get a call claiming to be from your bank, SARS, or any other service provider asking for personal details, just hang up. Call the organisation directly using their official contact details.
- Update Your Devices: Keep your software up to date. Cybercriminals often exploit known vulnerabilities, and updates can patch these up.
- Avoid Public Wi-Fi for Sensitive Transactions: Don’t conduct sensitive transactions or access secure sites while connected to public Wi-Fi – it’s too risky.
- Share This Information: Talk to friends, family, and colleagues about these scams and how they can protect themselves. The more people who know, the less chance the scammers have.
- Report Suspicious Activity: If something feels wrong, don’t hesitate to report it. Trust your instincts and act before it’s too late.
By staying alert and following these simple steps, you can massively reduce your chances of falling victim to phishing scams and other types of cybercrime. Your personal and financial information is valuable – take action now to protect it.
Written by: RVN Group
While every reasonable effort is taken to ensure the accuracy and soundness of the contents of this publication, neither writers of articles nor the publisher will bear any responsibility for the consequences of any actions based on information or recommendations contained herein. Our material is for informational purposes and should not be construed as financial advice.