"BEWARE OF PHISHING SCAMS: DO NOT TAKE THE BAIT AND BE THE “PHISH THAT GETS CAUGHT”!

Phishing is an email-based attack when a malicious email is being sent to you with the purpose of you disclosing sensitive information about yourself or the SAPS. It is also the most common means of obtaining information to attack an organisation or unsuspecting users.

The false emails often look surprisingly legitimate and even the web pages, where you are asked to enter your information, might look genuine. However, the URL in the address field can alert you whether the page you have been directed to is valid or not.

Different emails are being sent to attract the victims. Some emails might refer to your personal information that needs to be updated or validated and you being asked to enter your username and password, after clicking on a link provided in this email.

Other emails might even ask you to enter more information, such as your full name, address, phone number and credit card numbers. By just visiting the false website and entering your username and password, the phisher might be able to gain access to more information by logging into your account.

How to deal with phishing scams

• Do not trust poorly written emails with spelling errors or incorrect grammar. Legitimate corporate companies have quality control measures in place that prevent such mistakes.
• Do not click on any links in such emails. Rather navigate directly to the website in question.
• If you are uncertain about the authenticity of an email rather ask your service provider directly whether it is valid or not.
• If possible, visit the company personally or phone the customer contact centres number of their official website (remember not to trust phone numbers in a suspicious email!)
• Only provide personal or financial information through an organizations website when you have typed in the web address yourself and had seen indicators that the site is secure, such as an URL that begins with “https” (the "s" stands for secure). Unfortunately, an indicator is not a total guarantee that a site is secure; some phishers use forged security icons.
• Review your credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call the bank to confirm your billing address and account balances.
• Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files might contain viruses or other malware that can weaken your computers security.

Action steps you can take to avoid a phishing attack

• Use trusted security software and set it to update automatically. In addition, use the following computer security practices
• Do not send personal or financial information in an email as it is not a secure manner of transmitting confidential information.
• Only provide personal or financial information through an organizations website when you have typed in the web address yourself and had seen indicators that the site is secure, such as an URL that begins with “https” (the "s" stands for secure). Unfortunately, an indicator is not a total guarantee that a site is secure; some phishers use forged security icons.
• Review your credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call the bank to confirm your billing address and account balances.
• Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files might contain viruses or other malware that can weaken your computers security.

noc@ssa.gov.za – National Operational Centre
ecs-csirt@e-comsec.com – State Security Agency
phishing@sars.gov.za– South African Revenue Service