Lerato Molefe, who owns a bakery in Actonville near Benoni, Gauteng, lost access to her company’s bank account after responding to an email claiming that the Companies and Intellectual Property Commission (CIPC) had deregistered her business. When the e-mail landed in her inbox, she had very little reason to doubt its authenticity.
It was branded with CIPC logos and warned that she would face penalties if she didn’t verify her information by clicking on a link in the e-mail. Concerned, she clicked on the link. That turned out to be a big mistake because after doing so, unauthorised debit orders began going off her account.
“By the time I got to the bank, more than R60000 had already been taken from my account,” said Molefe.
She had become yet another victim of one of many scams targeting businesspeople and consumers.
“I felt sick and ashamed. This is my livelihood, and in a matter of minutes, it felt like everything I’d worked for was slipping away. I couldn’t sleep, and I kept replaying the moment I clicked that link, wishing I had trusted my instincts,” she said.
Among their tricks, scammers send correspondence claiming to be from government departments, faking logos and offering investment or funding opportunities that seem too good to be true.
According to Manie van Schalkwyk, the CEO of the Southern African Fraud Prevention Service (SAFPS), these emails are designed to look authentic and contain links to phishing sites that are designed to steal login or banking details.
The South African Revenue Service (SARS) has warned taxpayers to be especially careful, as scam activity tends to increase during peak filing periods.
SARS Commissioner, Edward Kieswetter, said the fraudsters are now sending emails purporting to be from the authority or from companies contracted by it.
He advised that SARS would never ask for personal information through unsolicited links or a third party.
Cybersecurity expert Chris Norton said phishing remains one of the most common and effective cyber threats in South Africa.
“The SARS Scams and Phishing portal lists numerous ongoing scams, including fake final demand notices, counterfeit penalties, and phoney [fraudulent] audit alerts that mimic SARS branding,” said Norton.
The Financial Sector Conduct Authority (FSCA) Commissioner Unathi Kamlana said they have also found out that scammers are using fraudulent documents, including those that seem to be issued by the authority, to solicit funds.
These scams often include international legitimacy fees for nonexistent payouts.
“A growing concern involves deepfake videos and images featuring prominent figures, such as President Cyril Ramaphosa and business leader Dr Patrice Motsepe, to promote unrealistic investment returns on social media and messaging apps,” said Kamlana.
How to spot a phishing e-mail
Software giant Microsoft advises that “whenever you see a message calling for immediate action, take a moment, pause, and look carefully at the message. Are you sure it’s real? Slow down and be safe.”
“Be suspicious of emails and Teams messages that claim you must click, call, or open an attachment immediately. Often, they’ll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams. They do that so that you won’t think about it too much or consult with a trusted advisor who may warn you.”
Some of the signs to look out for include poor spelling and bad grammar, mismatched domains and generic greetings.
https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing
