🚨 Phishing Scams in South Africa: Complete Protection Guide
How to recognise, avoid, and report phishing attacks
Last updated: December 2025
Table of Contents
What Is Phishing?
Phishing is when criminals pretend to be your bank or another trusted company. They try to trick you into sharing personal information. This includes passwords, PINs, OTPs, and banking details.
Criminals use this information to steal your money. They can empty your bank account in minutes. They can also open loans in your name. Or steal your identity completely.
⚠️ Why It Works
Phishing works because the messages look real. Criminals copy bank logos perfectly. They use official-looking email addresses. They create panic to make you act quickly.
Three Main Types:
- Email Phishing: Fake emails from “your bank” with dangerous links
- SMS Phishing (Smishing): Text messages with links to fake websites
- Voice Phishing (Vishing): Phone calls from fake “bank officials”
🚨 Current Threat Level in South Africa (2025)
Phishing scams in South Africa reached epidemic levels in 2025. The threat is EXTREME and affects everyone.
Shocking Statistics:
| Statistic | 2024/2025 Data |
|---|---|
| South Africans targeted by scams | 57% (more than half) |
| Digital banking fraud cases | 65.3% of all fraud |
| Total losses reported | Over R1.4 billion |
| Fraud cases increased | From 31,612 to 64,000 |
| People who lost money | 75% of those targeted |
New AI-Powered Threats
Criminals now use artificial intelligence to create perfect scams. This includes:
- Fake voice calls that sound exactly like your family
- Emails with zero spelling mistakes
- Deepfake videos of bank officials
- Perfect copies of bank websites
Real Case: A Pietermaritzburg man lost R80,000 in November 2025. Criminals cloned his identity. They changed his bank details. Money disappeared in minutes.
⚠️ Types of Phishing Scams
1. Email Phishing
What it is: Fake emails that look like they’re from your bank.
How it works: Email contains a link. Link goes to a fake website. Website looks exactly like your bank’s site. You enter your details. Criminals steal them immediately.
Affects: 41% of South Africans in 2025
2. SMS Phishing (Smishing)
What it is: Text messages claiming to be from your bank or SARS.
Common messages:
- “Your account will be blocked unless you verify”
- “SARS owes you a refund – click to claim”
- “Suspicious activity detected on your account”
- “Your card has been blocked – click to unblock”
The links lead to fake websites that steal your information.
3. Voice Phishing (Vishing)
What it is: Phone calls from fake “bank officials”.
What they say:
- “We detected fraud on your account”
- “We need to verify your identity”
- “Your account will be frozen today”
- “Please provide your OTP to stop the fraud”
NEW DANGER: AI can copy your family’s voices perfectly.
4. WhatsApp & Social Media Scams
What it is: Messages on WhatsApp, Facebook, or Instagram.
How it works: Someone hacks your friend’s account. They send you urgent messages. “I’m in trouble, send money now.” The profile picture and name look correct.
Impersonation fraud increased by 356% from 2023 to 2024.
✅ How to Spot Phishing Attempts
Learn these warning signs. They can save your money.
RED FLAGS – Email & SMS:
| Warning Sign | What It Means |
|---|---|
| Creates panic or urgency | “Act now or lose your money” |
| Asks for personal information | PIN, password, OTP, ID number |
| Strange email address | StandardBank@gmail.com (fake) |
| Poor spelling/grammar | Even one mistake is suspicious |
| Generic greeting | “Dear Customer” (not your name) |
| Contains links or attachments | Banks never send login links |
| Too good to be true | “You won money” or “Free loan” |
RED FLAGS – Phone Calls:
- Caller claims to be from your bank’s “fraud department”
- They ask for your PIN, password, or OTP
- They say your account will be closed today
- They want you to move money to a “safe account”
- They pressure you to act immediately
- They get angry if you ask questions
✅ What REAL Banks Do:
- NEVER ask for your full PIN or password
- NEVER ask for your OTP by phone or SMS
- NEVER send links in SMS or email
- NEVER ask you to move money to stay “safe”
- NEVER send attachments in emails
- ALWAYS let you call them back on official numbers
Check Website URLs Carefully:
| Real Website | Fake Website |
|---|---|
| standardbank.co.za | standardbank-secure.com |
| fnb.co.za | fnb-online.co.za |
| capitecbank.co.za | capitec-verify.com |
| sars.gov.za | sarsefiling.com |
🚨 Real Phishing Scams in South Africa (2025)
These scams are targeting South Africans right now. Learn to recognise them.
1. SARS Tax Refund Scam
The Message: “SARS is conducting an audit on your tax refund. Click here to verify your information.”
The Truth: SARS never sends links in SMS or email. They will never ask for banking details electronically.
How to check: Type www.sarsefiling.co.za directly into your browser. Never click links.
2. Account Security Alert
The Message: “Suspicious activity detected on your account. Your card will be blocked unless you verify now.”
Why it works: Creates panic. Makes you click without thinking.
What to do: Close the message. Call your bank on the number printed on your card.
3. Fake Loan Application
Real Case – November 2025: A man received a message about a R35,000 Wonga loan. He never applied for this loan. Documents had his real details but a different face. He opened a fraud case. Meanwhile, R80,000 disappeared from his accounts.
The danger: Criminals already had his information from data breaches.
4. WhatsApp Family Emergency
The Message: WhatsApp from your “child” or “spouse”. “My phone broke. Using friend’s phone. Emergency – need money now.”
The trick: Profile picture and name match your family member. But the account is hacked or cloned.
What to do: Call your family member on their regular number. Don’t send money.
5. Bank Statement Download
The Email: “Your ABSA/FNB statement is ready. Click to download.”
The Truth: South African banks never email links to download statements. You must log into their official app or website.
Red flag: Email asks you to click a link instead of logging in normally.
6. JSE Trading App Scam
Real Case – 2025: An investor lost R6 million. Criminals posed as bank staff. They created a fake trading app. They promised to trade on the JSE. Money disappeared completely.
Warning: Always verify investment apps on the FSCA website (www.fsca.co.za).
✅ How to Protect Yourself From Phishing
Follow these steps to stay safe. Share them with your family.
🛡️ Basic Protection Steps
1. Never Click Links in Messages
- Don’t click links in SMS from banks
- Don’t click links in emails from banks
- Don’t click links in WhatsApp messages
- Type website addresses directly into your browser
2. Never Share These Details
- Full PIN or password
- OTP (One-Time PIN) numbers
- Card CVV number (3 digits on back)
- Full ID number over phone
- Banking app login details
3. Verify Before You Act
- If someone calls claiming to be your bank, hang up
- Call your bank on the number printed on your card
- If family asks for money on WhatsApp, phone them
- Take time to think – real banks don’t rush you
📱 Banking App Security
- Only download banking apps from Google Play or Apple App Store
- Never install apps from links sent via SMS or WhatsApp
- Enable fingerprint or face recognition if available
- Use a strong, unique password for banking apps
- Update banking apps when prompted
- Don’t use banking apps on public WiFi
📧 Email & SMS Security
- Check sender’s email address carefully
- Look for spelling mistakes or odd grammar
- Don’t open attachments from unknown senders
- If it creates panic, it’s probably fake
- Mark suspicious emails as spam
- Delete suspicious SMS immediately
🔒 Advanced Protection
- Register for Protective Registration at SAFPS (free) – Call 011 867 2234
- Enable transaction notifications – Get SMS for every transaction
- Set low daily limits – Limit damage if account is compromised
- Check credit report regularly – Catch fraud early at www.compuscan.co.za
- Use different passwords – Don’t reuse banking passwords anywhere
- Be suspicious – If it feels wrong, it probably is
⚠️ What to Do If You’re Targeted or Fall for a Scam
Don’t panic. Don’t feel ashamed. 75% of targeted South Africans lose money. This can happen to anyone. Act immediately.
If You Clicked a Link (But Didn’t Enter Details)
Immediate Action:
- Close the website immediately
- Run antivirus on your phone or computer
- Change your passwords on a different device
- Monitor your accounts closely for 30 days
If You Entered Banking Details
ACT WITHIN MINUTES – Every second counts!
- Immediately call your bank’s fraud line:
- Standard Bank: 0800 020 600
- ABSA: 0860 557 557
- FNB: 087 575 9404
- Nedbank: 0860 555 111
- Capitec: 0860 102 043
- Tell them: “I think I gave my details to scammers”
- They will freeze your account immediately
- Block your card and issue a new one
- Change ALL passwords and PINs
- Enable extra security features
If Money Was Already Stolen
Within 24 Hours:
- Report to your bank immediately – Some banks can reverse transactions within 24 hours
- Open a case at your nearest police station – Get a case number
- Call SABRIC Hotline: 011 641 8200 – They track fraud patterns
- Call SAFPS: 011 867 2234 or 0860 101 248 – Protect your identity
- Email SARS if tax-related: [email protected]
- Contact your bank’s Ombudsman if bank not helping – 0860 800 900
Protect Your Identity After a Scam
- Apply for Protective Registration (FREE):
- Visit www.safps.org.za or call 011 867 2234
- Alerts banks that your identity was compromised
- Makes it harder for criminals to open accounts in your name
- Get your free credit report:
- TransUnion: www.transunion.co.za
- Experian: www.experian.co.za
- Compuscan: www.compuscan.co.za
- Check for unauthorised accounts or loans
- Set up fraud alerts on your credit profile
- Monitor your credit report every 3 months
📞 Where to Report Phishing Scams
Reporting helps stop scammers. It protects other South Africans. Only 65% of victims report scams. Please be part of the solution.
🏦 Bank Fraud Hotlines (24/7)
| Standard Bank | 0800 020 600 |
| ABSA | 0860 557 557 |
| FNB | 087 575 9404 |
| Nedbank | 0860 555 111 |
| Capitec | 0860 102 043 |
| African Bank | 0861 274 226 |
| TymeBank | Via app or 0860 999 119 |
🏛️ Official Reporting Bodies
SABRIC (South African Banking Risk Information Centre)
- Phone: 011 641 8200
- Website: www.sabric.co.za
- What they do: Track banking fraud patterns across South Africa
SAFPS (South African Fraud Prevention Service)
- Phone: 011 867 2234 or 0860 101 248
- Scam Hotline: 083 123 7226
- Website: www.safps.org.za (Report via Yima website)
- Email: protection@safps.org.za
- What they do: Protective Registration, fraud victim support, scam reporting
South African Police Service (SAPS)
- Visit: Your nearest police station
- What to ask for: Open a case for fraud/theft
- Important: Get a case number for insurance and bank claims
📋 Specialized Reporting
For SARS-Related Phishing:
- Email: [email protected]
- Phone: 0800 00 2870 (Fraud and Anti-Corruption Hotline)
For Investment Scams:
- FSCA (Financial Sector Conduct Authority)
- Phone: 0800 110 443
- Website: www.fsca.co.za
If Your Bank Isn’t Helping:
- Banking Ombudsman
- Phone: 0860 800 900
- Website: www.obssa.co.za
✅ What Information to Provide When Reporting:
- Screenshots of suspicious messages
- Phone numbers that called you
- Email addresses (full address, not just name)
- Website URLs (copy exact address)
- Dates and times of contact
- Details of any money lost
- Bank transaction numbers
📌 Quick Reference: Phishing Protection Checklist
🚫 NEVER Do This:
- Click links in SMS or email
- Share your PIN or password
- Give out OTP numbers
- Install apps from messages
- Act on urgent demands
✅ ALWAYS Do This:
- Type bank URLs directly
- Verify calls by calling back
- Check sender addresses
- Take time to think
- Report suspicious messages
Our Final Recommendations
Phishing scams are getting more dangerous every day. AI makes them look perfect. Even educated, careful people fall for them. The only defence is knowledge and suspicion.
Remember: Your bank will NEVER ask for your PIN, password, or OTP. If someone asks for these details, they are criminals. No exceptions.
Share this guide with your family, especially elderly relatives and young people. Scammers target everyone. The more people who know these tricks, the safer we all become.
When in doubt, do nothing. Call your bank on the number printed on your card. Real banks respect careful customers. Scammers get angry when you ask questions.
🛡️ Action Steps Today:
- Register for Protective Registration at SAFPS (011 867 2234) – It’s FREE
- Enable transaction notifications on your banking app
- Add bank fraud numbers to your phone contacts
- Check your credit report for unauthorised accounts
- Share this guide with three people you care about
🚨 EMERGENCY CONTACTS – SAVE THESE NOW
If Scammed:
Your Bank Fraud Line
SABRIC: 011 641 8200
SAFPS: 083 123 7226
Police: 10111
For Help:
Banking Ombudsman: 0860 800 900
FSCA: 0800 110 443
SARS Fraud: 0800 00 2870
SAFPS: 011 867 2234
Disclaimer: This information is provided for educational purposes and was last updated in December 2025. Phishing methods change constantly. Always verify current scam warnings with official sources. If you believe you’ve been targeted by a phishing scam, contact your bank immediately.
For fraud-related complaints, contact SABRIC at 011 641 8200 or the Financial Sector Conduct Authority (FSCA) at 0800 110 443.
This guide is part of CodeCash Personal Finance Guide’s consumer protection initiative. Share it freely to protect other South Africans from phishing scams.