South Africa loses over R2.2 billion to cybercrime every year โ€” and phishing is the single biggest weapon scammers use to get it. In 2026, these attacks have become frighteningly convincing. The fake FNB email looks exactly like the real thing. The fake SARS refund page has the right logo, the right colours, and even a working CAPTCHA.

This guide breaks down the top 10 phishing scams targeting South Africans right now, with real examples of what they look like and exactly what to do if one lands in your inbox.

๐Ÿ”‘ Key Takeaway

Phishing doesn't hack your computer โ€” it hacks you. Every scam on this list uses urgency, fear, or greed to make you act before you think. Slow down. Verify. Don't click.

What is Phishing?

Phishing is when a criminal pretends to be a trusted brand โ€” your bank, SARS, MTN, a well-known retailer โ€” and tricks you into clicking a link, entering your login details, or handing over sensitive information.

The name comes from "fishing" โ€” they cast a wide net and wait for someone to bite. In South Africa, scammers target millions of people at once. Even if only 0.1% of recipients click, that's thousands of victims from a single campaign.

Phishing arrives via:

  • Email โ€” the most common channel
  • SMS (smishing) โ€” short, urgent messages
  • WhatsApp โ€” increasingly popular in SA
  • Phone calls (vishing) โ€” someone pretending to be your bank
  • Social media DMs โ€” fake prize notifications

Now let's look at the 10 most active scams hitting South Africans in 2026.

1. FNB Bank Phishing Emails

FNB is the most impersonated bank in South Africa. Scammers clone the FNB brand almost perfectly โ€” correct logo, correct colours, even the same email footer layout.

๐Ÿ“ง

Real Example โ€” Reported by SA Users in 2026

"FNB Security Notice: Unusual login activity has been detected on your account. Your account access has been restricted. Click here to verify your identity within 24 hours or your account will be permanently suspended: fnb-secure-verify.co.za"

How to spot it: FNB's real domain is fnb.co.za. Any email from a domain like fnb-secure.com, fnb-alerts.co.za, or fnb.account-verify.net is fake. Also notice the threat: "permanently suspended." That's pure pressure designed to stop you from thinking.

What they want: Your FNB online banking username, password, and the OTP sent to your phone. With those three things, they can drain your account in minutes.

The rule: FNB will never email you asking for your password or OTP. Log in directly at fnb.co.za โ€” never through a link in an email.

2. ABSA Fake Login Pages

ABSA phishing pages are the most technically sophisticated of any SA bank scam. The fake login pages are often hosted on legitimate-looking domains with valid SSL certificates โ€” meaning they show the padlock icon in your browser, which many people wrongly believe means "safe."

๐Ÿ’ป

What the Fake Page Looks Like

A pixel-perfect clone of the ABSA online banking login page, hosted at something like absa-banking.co.za or absaonline.net. When you enter your credentials, they're sent directly to the scammer. The page then redirects you to the real ABSA site so you don't notice anything wrong.

How to spot it: The only real ABSA banking URL is absa.co.za. Bookmark it. Every time you want to bank online, type it directly or use your bookmark โ€” never click an email link.

Extra protection: Enable ABSA's transaction notifications. If someone logs into your account from an unfamiliar device, you'll get an SMS within seconds โ€” which gives you time to call ABSA and freeze the account before damage is done.

3. SARS Tax Refund Scams

Tax season is peak season for scammers, but SARS phishing emails circulate all year. They exploit something powerful: the hope of getting money back from the government.

๐Ÿ“ฉ

Classic SARS Refund Email

Subject: "SARS eFiling: Your Tax Refund of R6,842.00 Is Ready"
Body: "Please click the link below to verify your banking details so we can process your refund within 3โ€“5 business days." Link goes to sars-efiling-refund.co.za

Why it works: Many South Africans are genuinely waiting for a refund. The promise of R4,000โ€“R8,000 is compelling. And SARS branding โ€” green, official-looking โ€” is easy to clone.

How to spot it: SARS only communicates through sars.gov.za and the eFiling portal at efiling.sars.gov.za. Any other domain is fake. Also, SARS will never email you a refund amount out of the blue โ€” you log into eFiling and check your status yourself.

What to do: Log into efiling.sars.gov.za directly. Your actual refund status is always visible there.

4. Post Office Parcel Scams

These scams surged alongside the growth of online shopping. You receive an SMS or email claiming your parcel couldn't be delivered and you need to pay a small fee โ€” usually R25 to R50 โ€” to release it.

๐Ÿ“ฆ

Real SA Example

"SA Post Office: Your parcel (Ref: SA123456789ZA) is awaiting customs clearance. A fee of R35 is required within 48 hours to prevent return. Pay here: sapost-tracking.co.za"

Why it's dangerous: The R35 feels trivial โ€” which is the point. You hand over your card number and CVV for a tiny payment. The scammers then use those details for much larger unauthorised transactions.

How to spot it: The real SA Post Office website is postoffice.co.za. DHL South Africa is dhl.com. Any other domain asking for a card payment is a scam. Also note: if you're not expecting a parcel, there is no parcel.

5. SHEIN & Online Shopping Scams

With millions of South Africans shopping on SHEIN, Temu, and Takealot, fake "order confirmation" and "shipping update" phishing emails have exploded. These are particularly dangerous because they arrive when you're genuinely expecting a delivery.

The scam works in two ways:

  1. Fake order confirmation โ€” "You placed an order for R1,499. Click here to cancel if this wasn't you." Panic makes you click immediately.
  2. Fake tracking update โ€” "Your order is delayed. Update your delivery preferences here." The link captures your login credentials.

How to spot it: Check the sender's email address โ€” not just the display name. A real SHEIN email comes from a @shein.com address. If the actual email address is something like shein-orders@deliveryupdate.net, it's fake.

Best practice: Always log into the retailer's official app or website directly to check your order status. Never through a link in an email or SMS.

6. MTN & Vodacom Prize Scams

"Congratulations! You've been selected as an MTN loyalty winner. Claim your R10,000 prize today." If you've received a WhatsApp message or email like this, you've been targeted by one of SA's most persistent phishing campaigns.

๐Ÿ†

How the Scam Progresses

Step 1: You "claim" your prize by clicking a link.
Step 2: You fill in your name, ID number, and cell number.
Step 3: You're told to pay a "processing fee" of R99 to release your prize.
Step 4: You pay. They disappear. There was never a prize.

The giveaway: You never entered a competition. Legitimate prize notifications from MTN or Vodacom come through official channels โ€” they do not ask you to pay anything to claim a prize. Advance fee fraud (paying to receive money) is always a scam, 100% of the time.

What to do: If you receive one of these, report it to the SAPS cybercrime reporting portal and delete the message.

7. WhatsApp Account Takeover

This is one of the most devastating scams in SA because it hijacks your identity and uses it to scam your contacts. Once attackers have your WhatsApp account, they message everyone in your contact list claiming to be you โ€” usually asking to borrow money urgently.

How the takeover happens:

  1. You receive a WhatsApp message: "Hi, I accidentally sent a 6-digit code to your number by mistake. Could you please send it to me?"
  2. The code arrives โ€” it's actually WhatsApp's registration OTP for your account on a new device.
  3. You forward it. They immediately register your WhatsApp on their device. You're logged out. They're in.

๐Ÿ”‘ The One Rule That Prevents This

Never share a 6-digit code sent to your phone with anyone โ€” ever. It doesn't matter who's asking or how convincing the story sounds. That code is the key to your account.

How to protect yourself: Enable Two-Step Verification in WhatsApp: Settings โ†’ Account โ†’ Two-Step Verification โ†’ Enable. Set a 6-digit PIN. Even if someone gets your OTP, they still need this PIN to activate your account on a new device.

For a full guide, read our article on how to secure your WhatsApp account in South Africa.

8. Fake Job Offer Scams

With South Africa's high unemployment rate, fake job offer scams are ruthlessly effective. They target people who are genuinely desperate for work and promise salaries that sound almost-but-not-quite too good to be true.

๐Ÿ’ผ

Common Scenario

A recruiter contacts you on LinkedIn or WhatsApp. The job is for a "remote data entry clerk" or "customer support agent" paying R18,000โ€“R25,000/month. The "company" is a foreign firm needing SA staff. You're asked to complete an online form with your ID number, banking details, and a R200โ€“R500 "registration fee" or "background check fee."

Red flags:

  • You never applied โ€” they found you
  • The salary is suspiciously high for minimal skills required
  • They ask for banking details before any formal interview or contract
  • There's an upfront fee of any kind
  • The company can't be verified on LinkedIn or company registrar databases

The rule: Legitimate employers never ask you to pay them. Job offers that arrive unsolicited with suspiciously high pay and an upfront fee are scams. Always verify the company through the Companies and Intellectual Property Commission (CIPC).

9. Cryptocurrency Investment Scams

Crypto investment scams have cost South Africans billions โ€” the MTI (Mirror Trading International) scam alone stole an estimated $1.7 billion from SA investors. In 2026, a new wave of smaller scams is targeting everyday people through social media and WhatsApp groups.

The pitch is always the same: invest a small amount, watch it grow rapidly through a "trading algorithm" or "bot," then recruit friends for even bigger returns. It's a Ponzi scheme dressed in fintech language.

โ‚ฟ

Warning Signs of a Crypto Scam

  • Guaranteed daily/weekly returns of 1โ€“5%
  • Referral bonuses for recruiting others
  • No FSCA (Financial Sector Conduct Authority) registration
  • Withdrawals suddenly become "blocked" or require additional fees
  • The platform only exists as a WhatsApp group or Telegram channel

How to verify: All legitimate investment platforms operating in South Africa must be registered with the FSCA. Check the register at fsca.co.za before investing a single rand. If they're not listed, walk away.

10. Netflix & Streaming Scams

As streaming services dominate SA entertainment, scammers have followed. Netflix phishing emails are among the most convincing fake emails in circulation โ€” the branding is near-perfect, and the message exploits something almost everyone fears: losing access to a service they use daily.

๐ŸŽฌ

Typical Netflix Phishing Email

Subject: "Action Required: Update Your Payment Information"
Body: "We were unable to process your last payment. Your Netflix membership will be cancelled in 48 hours unless you update your billing details." Link goes to netflix-billing-update.com

Why it works: It creates immediate anxiety about losing access. The fix seems simple โ€” just update your card. But the "update" page captures your card number, expiry, and CVV.

How to spot it: Netflix emails come from @netflix.com only. The real billing update page is at netflix.com/account. If you're unsure, open Netflix directly in your browser โ€” any real payment issues will show on your account page.

The same scam runs for Showmax, DStv Now, and Amazon Prime โ€” all popular SA streaming services.

How to Protect Yourself

Now that you know what the scams look like, here's a practical checklist you can act on today.

1

Enable two-factor authentication (2FA) on everything

Your bank account, email, WhatsApp, Netflix, and social media. Even if a scammer gets your password, 2FA stops them from logging in without your phone. Use an authenticator app (Google Authenticator, Microsoft Authenticator) rather than SMS where possible.

2

Never click links in emails or SMS โ€” type the URL directly

This single habit eliminates the vast majority of phishing risk. If FNB emails you, don't click the link. Open a new tab and type fnb.co.za. If SARS emails you, go to efiling.sars.gov.za. The link in the email is the weapon โ€” don't touch it.

3

Check the actual email address โ€” not just the display name

Email clients show a "From" name that can say anything. Click or tap on the sender name to reveal the actual email address. FNB Security <alert@fnb-secure-verify.co.za> is fake. The display name means nothing โ€” the domain is everything.

4

Check if your email has been compromised

Visit haveibeenpwned.com and enter your email address. It will tell you if your credentials have appeared in any known data breaches. If they have, change your passwords immediately โ€” especially if you reuse the same password across sites.

5

Use a password manager

Unique, strong passwords on every site means that even if one account is compromised, the rest stay safe. A password manager generates and stores these for you. You only need to remember one master password.

6

Install reputable antivirus software

A good antivirus will flag known phishing URLs before you even reach the page. It's your last line of defence when a link slips past your attention. We're reviewing the best antivirus options for South Africans โ€” check our reviews page for updates.

For a deeper dive on email-specific warning signs, read our guide on how to spot a phishing scam.

What to Do If You've Been Scammed

If you think you've clicked a phishing link or entered your details on a fake site, act immediately โ€” time is critical.

1

Call your bank immediately

If banking details were entered, call your bank's fraud line right now โ€” not in an hour, now. Banks can freeze transactions and reverse unauthorised payments if you report quickly enough. FNB fraud: 087 575 9444. ABSA fraud: 0800 111 155. Standard Bank: 0800 020 600. Nedbank: 0800 110 929.

2

Change your passwords immediately

Change the password for the compromised account and any other account using the same password. Start with your email โ€” if scammers have your email, they can use "forgot password" on everything else.

3

Report the crime

Report it to the SAPS cybercrime unit and to the South African Banking Risk Information Centre (SABRIC). Reporting helps law enforcement track active campaigns and warn other South Africans.

4

Run a malware scan

If you downloaded any attachment from the phishing email, run a full malware scan on your device. Some phishing attacks install keyloggers or remote access tools when an attachment is opened.

5

Warn your contacts

If your email or WhatsApp was compromised, your contacts may receive messages pretending to be you. Send a message warning them not to respond to any unusual requests from your account until you've confirmed it's secured.

For bank-specific scam reports and statistics, visit SABRIC.co.za โ€” they publish annual crime statistics for South African banking fraud.

FAQ

Check the actual email address (not just the display name) โ€” click or tap on the sender name to reveal it. FNB only sends from @fnb.co.za domains. ABSA from @absa.co.za. If the address is anything else, it's fake. Also note: your bank will never ask for your password, PIN, or OTP by email. If an email asks for any of those, it is definitely a scam โ€” regardless of how real it looks.

You are likely safe, but run a malware scan just to be certain. Some sophisticated phishing pages can attempt drive-by downloads that install malware simply by visiting the page. Close the tab immediately, don't go back to it, and run a full antivirus scan on your device. If you're on a work computer, notify your IT team.

Absolutely โ€” and mobile phishing is growing rapidly in SA. SMS phishing (smishing) and WhatsApp phishing are particularly common because people trust their phones more than their email. The same rules apply: don't click links in messages, don't share OTPs, and type URLs directly into your browser rather than tapping links.

No โ€” never click any link in a phishing email, including the unsubscribe link. Clicking it confirms your email address is active, which often results in more phishing emails, not fewer. It can also take you to a malicious page. Simply delete the email and mark it as spam.

Report to three places: (1) Your bank's fraud line if banking details were involved. (2) The SAPS Cybercrime Unit โ€” you can report online. (3) SABRIC (SA Banking Risk Information Centre) for bank-related scams. You should also forward the phishing email to the impersonated company โ€” most SA banks have a dedicated fraud@[bank].co.za address. Reporting helps prevent others from being scammed.

Conclusion

Phishing scams aren't going away โ€” they're getting better. In 2026, a convincing fake FNB page, a well-timed SARS refund email, or a "quick favour" WhatsApp from a compromised contact can fool almost anyone if they're not paying attention.

The good news is that awareness is the most powerful defence. Now that you know what these 10 scams look like, you're already harder to fool than the majority of South Africans. Pass this article on to family members โ€” parents and grandparents are among the most targeted demographics.

๐Ÿ›ก๏ธ Your 3 Non-Negotiables

  • Never click a link in an unexpected email or SMS โ€” type the URL directly
  • Never share an OTP or password with anyone, ever
  • Enable 2FA on your bank account, email, and WhatsApp today

๐Ÿ›ก๏ธ Protect Yourself With a Trusted Antivirus

A reputable antivirus flags phishing URLs, blocks malicious downloads, and warns you before you land on a fake banking page. Reviews of the best antivirus software for South Africans are coming soon at TechCruze.com โ€” we'll only recommend tools we've thoroughly tested.

See Our Security Reviews โ†’

Related Articles