South Africa is consistently ranked among the top targets for cybercrime in Africa. In 2025, SA recorded over 2.3 billion cybercrime-related incidents — and 2026 isn't looking any better. The attacks are getting smarter, more personal, and more convincing.

The good news? Most of these attacks are avoidable if you know what to look for. Here's what's actually hitting SA internet users right now, and exactly what to do about it.

⚠️

Active threat right now

A new phishing campaign impersonating FNB and Standard Bank is currently active. Do not click on any SMS or email links claiming to be from your bank.

1. Banking Phishing Attacks

Banking phishing is still the number one cybercrime affecting South Africans in 2026. The tactics have evolved significantly — scammers no longer send obviously fake emails full of spelling mistakes. Today's phishing messages look nearly identical to genuine communications from FNB, Standard Bank, Capitec, Nedbank and Absa.

How it works in 2026

You receive an SMS that appears to come from your bank's shortcode. It says your account has been "compromised" or that there's a "suspicious login." The link takes you to a near-perfect copy of your bank's website. You enter your login details — and the attacker now owns your account.

The 2026 twist: many of these attacks now use AI-generated voice calls as a follow-up. After you enter your details, a "bank employee" calls to verify — and asks for your one-time PIN. By the time you realise what's happened, the money is gone.

🔑 Key Takeaway

Your bank will never ask for your PIN or one-time password over the phone or by SMS. If anyone does, hang up and call your bank directly using the number on the back of your card.

Real SA examples from May 2026

  • FNB SMS phishing: "Your FNB account has been locked. Verify here: [link]"
  • Capitec voice call scam: caller claims to be "Capitec fraud team," asks for OTP
  • Standard Bank email: fake "account statement" PDF that installs banking trojan

2. SIM Swap Fraud

SIM swap fraud is devastating and increasingly common across Vodacom and MTN networks in South Africa. Attackers call your network provider, impersonate you using stolen personal information (often from data breaches or social media), and get your number transferred to a new SIM card they control.

Once they have your number, they can receive all your OTPs (one-time passwords) and take over your banking, email, and social media accounts in minutes.

Warning signs your SIM has been swapped

  • Your phone suddenly loses all signal (even in a good coverage area)
  • You can't make calls or receive SMS messages
  • You get an unexpected message saying your SIM has been updated
  • You receive emails about password changes you didn't request

If you suspect a SIM swap

Call your network provider immediately from another phone. Then contact your bank from a known safe line. Time is critical — every minute counts.

How to protect yourself from SIM swap

1

Add a SIM swap PIN to your account

Call Vodacom (082 111), MTN (083 173 1000) or Telkom (10210) and ask them to add a SIM swap PIN or "RICA block" to your number. This stops anyone from swapping your SIM without providing this PIN first.

2

Use an authenticator app instead of SMS OTP

Where possible, switch from SMS-based two-factor authentication to an app like Google Authenticator or Authy. These can't be intercepted via SIM swap.

3

Limit personal info on social media

Attackers gather your ID number, date of birth and address from LinkedIn, Facebook and public records before calling your network. Review your social media privacy settings.

3. WhatsApp Account Hijacking

WhatsApp hijacking has become one of the most reported scams in South Africa. The method is disturbingly simple: an attacker contacts someone in your contact list (whose account they've already taken over), claims to be you, says they accidentally sent a "6-digit code" to your number, and asks you to forward it.

That 6-digit code is WhatsApp's registration OTP. The moment you forward it, the attacker registers your number on their device and locks you out of your account entirely.

The business variant (more dangerous)

SA small businesses have been hit hard by a variant where attackers take over a business owner's WhatsApp and then message all customers saying there's been a "bank details change." Customers transfer money to the attacker's account thinking they're paying the legitimate business.

🔑 Key Takeaway

Never share any verification code with anyone — even if the request comes from a contact you trust. Enable Two-Step Verification in WhatsApp Settings → Account → Two-Step Verification right now.

4. Ransomware Targeting SA Businesses

Ransomware attacks on South African organisations increased by 47% in 2025, according to cybersecurity firm Check Point Research. The targets aren't just large corporates — small businesses, medical practices, legal firms and municipalities have all been hit.

Ransomware encrypts all your files and demands a payment (usually in cryptocurrency) to restore access. SA businesses are attractive targets because many still run outdated software and lack proper backup systems.

Most common entry points in SA

  • Phishing emails with malicious attachments (PDFs, Word docs, Excel files)
  • Exposed Remote Desktop Protocol (RDP) — common on SA business networks
  • Unpatched software — especially old versions of Windows and Office
  • Weak passwords on business systems

5. Social Media Scams

Facebook Marketplace fraud is rife in SA. Fake job offers via LinkedIn are increasing. Instagram "investment" scams promising Forex returns are everywhere. The common thread: urgency, greed, and impersonation.

The "pig butchering" scam (also called "sha zhu pan") has arrived in South Africa. Attackers spend weeks building a fake relationship with you online before convincing you to invest in a fraudulent crypto platform. Victims have lost hundreds of thousands of rands.

How to Protect Yourself — SA Checklist

1

Use a reputable VPN on public Wi-Fi

Any time you connect at a mall, airport, restaurant or university, use a VPN. NordVPN is our top recommendation for SA users — it has local servers and a verified no-logs policy.

2

Install updated antivirus software

Windows Defender is a baseline, but a paid solution like Norton 360 or Bitdefender adds phishing protection, banking protection modules and real-time threat detection.

3

Use a password manager

Reused passwords are the #1 reason accounts get hacked after a data breach. Use a password manager like 1Password or Bitwarden to generate and store unique passwords for every account.

4

Enable two-factor authentication everywhere

Turn on 2FA for your banking apps, email, social media and WhatsApp. Use an authenticator app (Google Authenticator or Authy) rather than SMS where possible.

5

Keep software updated

Enable automatic updates on Windows, your phone's operating system, and all your apps. Most ransomware and malware exploits vulnerabilities in outdated software.

ⓘ Affiliate link — we earn a commission at no cost to you

Protect Yourself with NordVPN

Encrypt your connection, hide your IP, and stay safe on SA public Wi-Fi. 30-day money-back guarantee.

From ~$3.39/month (≈R65/month)
Get NordVPN Deal →

🔒 30-day money-back guarantee

Frequently Asked Questions

How do I report a cybercrime in South Africa? +

Report cybercrime to the South African Police Service (SAPS) at your nearest station, or contact the South African Banking Risk Information Centre (SABRIC) at 011 847 3000. You can also report phishing to your bank's fraud line and to the CSIRT (Cyber Security Incident Response Team) at csirt@gov.za.

Is South Africa a high-risk country for cybercrime? +

Yes. South Africa consistently ranks in the top 10 globally for cybercrime activity. According to Interpol's 2025 Africa Cyberthreat Assessment, SA accounts for the majority of cybercrime incidents on the continent, largely due to high banking activity, smartphone penetration and gaps in cybersecurity awareness.

What should I do if I've been phished? +

Act immediately: (1) Call your bank's fraud line to freeze your account. (2) Change all passwords, starting with your email account. (3) Contact your mobile provider if you think your SIM may have been swapped. (4) Report to SAPS and SABRIC. The faster you act, the better your chances of recovering funds.

Can a VPN protect me from phishing in SA? +

A VPN protects your connection from eavesdropping and encrypts your traffic, but it won't stop you from clicking a phishing link. NordVPN and other premium VPNs include "Threat Protection" features that block known malicious domains — this does add an extra layer of protection against phishing sites.

How do I check if my data has been leaked in a South African breach? +

Visit haveibeenpwned.com and enter your email address. This free service checks your email against thousands of known data breaches. SA-specific leaks from platforms like TransUnion, Liberty, and various government databases have been listed there. If your email appears, change those passwords immediately.