Quick Facts About Cybersecurity in SA

• R1.89 billion lost to digital banking fraud in 2024
• 86% increase in digital fraud incidents in 2024
• 60% of mobile banking fraud linked to SIM swaps
• R5.3 billion annual cost of telecoms fraud
• Free help available from SABRIC and FSCA

Understanding Cybersecurity

What Is Cybersecurity?

Cybersecurity means protecting your money and personal information online. It includes keeping your bank accounts, ID numbers, and passwords safe. Criminals use the internet to steal from people every day.

In South Africa, cybercrime is a huge problem. In 2024, criminals stole R1.89 billion through digital banking fraud. This number went up 74% from the previous year. More than 98,000 South Africans were victims of digital fraud in 2024.

Why You Need to Protect Yourself

Criminals are getting smarter every year. They now use artificial intelligence (AI) to create fake voices. They can make deepfake videos that look exactly like real people. They send messages that look like they come from your bank.

The South African Reserve Bank warned about a fake video in 2025. The video showed the governor promoting a fake investment. It looked completely real. Many people lost money before the warning went out.

🚨 Common Cyber Threats in South Africa (2025)

The Biggest Threats Right Now

Threat Type	What It Is	2024 Impact
Banking App Fraud	Fake banking apps that steal your login details	R1.2 billion lost (65% of all digital fraud)
SIM Swap Fraud	Criminals get your phone number moved to their SIM card	60% of mobile banking fraud, R5.3 billion annual cost
Phishing	Fake emails and SMS messages pretending to be your bank	Most common type (33% of all cybercrimes)
Deepfake Scams	AI-created fake videos and voices	New threat in 2024-2025, growing rapidly
Ransomware	Locks your files until you pay	126% increase globally

Real Examples from 2024-2025

Example 1: One South African investor lost over R6 million. Criminals created a fake trading app. The app looked exactly like a real JSE (Johannesburg Stock Exchange) trading platform. The victim entered all their banking details.

Example 2: Parliament’s social media accounts were hijacked in early 2025. The criminals used these official accounts to promote fake cryptocurrency schemes. Many people lost money thinking it was legitimate.

Example 3: Cell C suffered a data breach affecting millions of customers. Personal information including ID numbers and addresses leaked online. This information was then used for SIM swap attacks and identity theft.

⚠️ SIM Swap Fraud: The Biggest Mobile Banking Threat

How SIM Swap Scams Work

A SIM swap scam happens in steps:

1. Step 1: Criminals get your personal information. They use phishing, data breaches, or social engineering to get your ID number, address, and phone number.
2. Step 2: They go to your mobile network (MTN, Vodacom, Telkom, Cell C). They pretend to be you. They say their SIM card is lost or broken.
3. Step 3: The network gives them a new SIM card with your phone number. Now they receive all your calls and messages.
4. Step 4: They reset your banking passwords. They use the OTPs (one-time passwords) that come to your phone. You don’t receive these messages because they go to the criminal’s phone.
5. Step 5: They drain your bank accounts. They transfer money or make purchases. By the time you notice, the money is gone.

Warning Signs of a SIM Swap Attack

Act immediately if you notice:

• Your phone suddenly has no signal or says “No Service”
• You stop receiving calls and text messages
• You receive an SMS about a SIM swap you didn’t request
• You get a call telling you to ignore a SIM swap notification
• You can’t log into your banking app

How to Protect Yourself from SIM Swaps

Protection Step	How It Helps
Register with SAFPS (South African Fraud Prevention Service)	Makes it harder for criminals to use your ID
Use app-based authentication (Google Authenticator, bank apps)	Doesn’t rely on SMS, so SIM swap won’t help criminals
Enable biometric security (fingerprint, Face ID)	Much harder for criminals to bypass
Don’t share personal information on social media	Criminals use Facebook, Instagram to find your details
Contact your network immediately if you lose signal	Quick action can stop the attack before money is stolen

🚨 Phishing and Online Scams

What Is Phishing?

Phishing is when criminals trick you into giving them your information. They pretend to be your bank, SARS, SASSA, or another trusted organisation. Phishing is the most common cybercrime in Africa (33% of all cybercrimes).

Types of Phishing in South Africa

Scam Type	How It Works	Example
Email Phishing	Fake emails from “your bank” with links to fake websites	“Your account is blocked. Click here to unlock it.”
Smishing (SMS)	Fake text messages with dangerous links	“Your parcel is ready. Click to collect.” (when you didn’t order anything)
Vishing (Voice)	Fake phone calls from “bank staff”	“This is FNB security. We need to verify your card details.”
WhatsApp Scams	Messages from fake family members asking for money	“Mom, my phone is broken. Send R5000 to this account urgently.”
Fake App Scams	Criminals create fake banking apps that look real	Fake “Capitec” or “Standard Bank” app downloads from links

How to Spot Phishing Attempts

Red flags that it’s a scam:

• Urgent language: “Act now or your account will be closed!”
• Poor grammar: Spelling mistakes and bad English
• Suspicious links: Web addresses that don’t match the real bank (like “standardbankk.co.za” instead of “standardbank.co.za”)
• Requests for personal information: Banks NEVER ask for passwords, PINs, or OTPs
• Too good to be true: “You’ve won R50,000!” when you didn’t enter a competition
• Unusual sender: Email addresses that don’t look official
• Unexpected attachments: Files you didn’t ask for

✅ Protecting Your Passwords

Why Strong Passwords Matter

Weak passwords are the easiest way for criminals to access your accounts. Many South Africans use simple passwords like “123456” or “password”. These can be guessed in seconds.

Up to 95% of data breaches in South Africa involve human error. Weak passwords are a major part of this problem.

Creating Strong Passwords

Password Rule	Why It Matters
At least 12 characters long	Longer passwords are much harder to crack
Mix of uppercase and lowercase letters	Adds complexity that computers can’t guess easily
Include numbers and symbols	Makes millions more possible combinations
Don’t use personal information	Criminals can find your birthday, address, children’s names on social media
Use different passwords for each account	If one is hacked, others stay safe
Change passwords every 3-6 months	Limits damage if a password is stolen

Password Safety Rules

• Never write passwords down on paper or in notes on your phone
• Don’t save passwords in your browser on shared computers
• Never share passwords with anyone, even family
• Don’t send passwords via email, SMS, or WhatsApp
• Use a password manager if you have many accounts (apps like LastPass or 1Password)
• Enable fingerprint or Face ID when available

Safe Online Banking Practices

Essential Banking Security Steps

1. Enable Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security. You need both your password AND a second form of verification. This could be a fingerprint, face scan, or code from an authenticator app. Banks in South Africa now require biometric verification from May 2025.

2. Only Use Official Banking Apps

Download banking apps ONLY from official app stores (Google Play Store or Apple App Store). Check the developer name carefully. Fake apps are common. Banking app fraud caused R1.2 billion in losses in 2024.

3. Avoid Public Wi-Fi for Banking

Public Wi-Fi networks at malls, airports, and restaurants are not secure. Criminals can see what you’re doing. Never do banking on public Wi-Fi. Use your mobile data instead.

4. Set Up Transaction Alerts

Get SMS or app notifications for every transaction. This helps you spot fraud immediately. Most banks offer this service for free.

5. Monitor Your Accounts Regularly

Check your bank statements at least once a week. Look for transactions you don’t recognise. The sooner you report fraud, the better your chances of getting your money back.

What Banks Do to Protect You

South African banks invested heavily in security in 2024-2025:

• AI fraud detection: Banks use artificial intelligence to spot unusual transactions. Capitec blocked over 23,000 fraudulent transactions in 2024, saving customers over R200 million.
• Biometric authentication: Fingerprint and face recognition are standard from May 2025.
• Transaction freezing: If a bank suspects a SIM swap, they temporarily freeze your account until you verify your identity.
• Encryption: All data sent between your device and the bank is encrypted (scrambled so criminals can’t read it).
• Multi-layered security: Banks use multiple security checks, not just one method.

Device Security

• Lock your phone: Use a password, PIN, pattern, or biometric lock. Set it to lock after 1 minute of inactivity.
• Update your apps and phone: Security updates fix vulnerabilities that criminals exploit. Turn on automatic updates.
• Install antivirus software: Especially important for Android phones, which are more vulnerable to malware.
• Enable “Find My Phone”: This lets you remotely lock or wipe your phone if it’s stolen.
• Don’t root or jailbreak your phone: This removes built-in security protections.

🚨 What to Do If You’ve Been Scammed

Immediate Actions (First 24 Hours)

Step 1: Contact Your Bank Immediately

Call your bank’s fraud hotline right away. Don’t wait. Banks can sometimes stop or reverse fraudulent transactions if you act quickly.

Step 2: Change All Your Passwords

Change passwords for your banking apps, email, and any other accounts. Do this from a safe device (not the one that was hacked).

Step 3: Check Your Accounts

Look at all your bank accounts, credit cards, and store accounts. Check for unauthorised transactions. Make a list with dates, amounts, and descriptions.

Step 4: Report to SAPS (Police)

Open a case at your nearest police station. Get a case number. You need this for insurance claims and bank disputes. The SAPS recorded 544 cyber-related fraud cases in 2024, but experts say most crimes go unreported.

Step 5: Register with SAFPS

Register with the South African Fraud Prevention Service. This protects you from further fraud attempts using your identity.

Making an Insurance Claim

Some banks and insurance policies cover fraud losses. You’ll need:

• Police case number
• List of fraudulent transactions
• Timeline of events
• Proof you took reasonable security measures
• Any communication from the scammer

Will You Get Your Money Back?

This depends on several factors:

• If you shared your PIN or password willingly: Banks usually won’t refund you. This is considered negligence.
• If the bank’s security failed: You have a better case for a refund.
• For SIM swap fraud: Some banks automatically refund victims. One bank paid over R50 million in SIM swap refunds in one year.
• How quickly you reported it: Faster reporting improves your chances.

✅ Where to Get Help

Government and Regulatory Bodies

Organisation	What They Do	Contact Details
SABRIC (South African Banking Risk Information Centre)	Tracks banking crime, provides fraud prevention advice	Website: www.sabric.co.za Share fraud information and get safety tips
FSCA (Financial Sector Conduct Authority)	Regulates financial institutions, handles complaints about banks	Toll-free: 0800 20 3722 Phone: +27 12 428 8000 Email: info@fsca.co.za Website: www.fsca.co.za
National Financial Ombud Scheme	Resolves complaints against banks and financial institutions (FREE service)	Website: nfosa.co.za Independent complaints resolution
SAFPS (South African Fraud Prevention Service)	Protects you from identity theft, registers fraud victims	Register your identity for protection Essential after any fraud incident
Information Regulator	Handles POPI Act violations, data breaches	Report data breaches and privacy violations
SAPS Cybercrime Unit	Investigates cybercrimes	Report at your local police station or call 10111

Free Educational Resources

• Digify Africa: Created Kitso, a WhatsApp chatbot that teaches cybersecurity basics. Free to use.
• Bank security centres: All major banks have online security centres with guides and tips.
• Government Communication and Information System: Runs Cybersecurity Awareness campaigns (October is Cybersecurity Awareness Month).
• Microsoft South Africa: Announced R5.4 billion investment in cybersecurity training and tools in 2024.

⚠️ Daily Cybersecurity Checklist

Every day:

• ✓ Check your bank balance
• ✓ Look at recent transactions
• ✓ Keep your phone locked
• ✓ Don’t click suspicious links

Every week:

• ✓ Check your full bank statement
• ✓ Update your phone and apps
• ✓ Review your transaction alerts

Every month:

• ✓ Check all your accounts (bank, credit cards, store cards)
• ✓ Review your credit report (free once a year)
• ✓ Update important passwords

Every 3 months:

• ✓ Change your banking passwords
• ✓ Review your security settings
• ✓ Check which devices are linked to your accounts

Cybercrime Statistics: South Africa 2024-2025

Category	2024 Statistics
Total digital banking fraud losses	R1.89 billion
Increase in digital fraud incidents	86% increase (52,000 to 98,000 cases)
Banking app fraud losses	R1.2 billion (65% of all digital fraud)
Telecoms fraud (including SIM swaps)	R5.3 billion annually
Mobile banking fraud linked to SIM swaps	60% of all mobile banking fraud
Data breaches in Q1 2024	34.5 million accounts compromised
Annual cost to South African economy	R2.2 billion (close to 1% of GDP)
Cyberattacks targeting government weekly	3,312 attacks per week

Source: SABRIC Annual Crime Statistics 2024, Communications Risk Information Centre 2025 Report, Financial Sector Conduct Authority, Kaspersky Security Research

Cybersecurity doesn’t have to be complicated. Follow these basic rules and you’ll be safer than 95% of South Africans:

1. Use strong, unique passwords for each account. Change them every few months.
2. Enable two-factor authentication on all your banking apps. Use app-based authentication (not SMS) when possible.
3. Never share your PIN, password, or OTP with anyone. Your bank will NEVER ask for these.
4. Be suspicious of urgent messages. Criminals create panic to make you act without thinking.
5. Keep your phone and apps updated. Security updates protect you from new threats.
6. Avoid public Wi-Fi for banking. Use your mobile data instead.
7. Check your bank accounts regularly. Weekly checks help you spot fraud early.
8. If you lose your phone signal unexpectedly, call your network immediately. It could be a SIM swap attack.
9. Download banking apps only from official stores. Check the developer name carefully.
10. Report fraud immediately. The faster you act, the better your chances of getting your money back.

Remember: Cybercriminals are sophisticated and constantly evolving. But you don’t have to be a tech expert to protect yourself. Basic security habits make a huge difference. Stay alert, stay informed, and trust your instincts. If something feels wrong, it probably is.