When South Africans think of fishing, they imagine a weekend at the dam, not scammers trawling for personal info. But with phishing and its sneaky cousins, the cyber crooks are hoping you’re the next one to bite.

Let’s break down the main types of phishing attacks and show you how to keep your inbox and bank balance safe.

🎣 Phishing: The Classic Scam

What is it?
Phishing is the shotgun approach to scamming. Criminals send out thousands of emails, SMSes, or WhatsApp messages hoping someone will click. The messages usually pretend to come from banks, SARS, online shops, or even Netflix.

How it works:

• You get a message asking you to click a link or open an attachment.
• The link goes to a fake website, designed to steal your login info or infect your device.

Local Example:
“Absa Security Alert: Your account will be suspended. Click here to update your information!”
Click and you hand over your bank details to a criminal.

🕵️‍♂️ Spear Phishing: Personalised Attack

What is it?
Spear phishing targets you personally. Scammers do their homework, using your real name, company info, or things from your social media to fool you.

How it works:

• You get an email that feels familiar and legit.
• The message mentions real colleagues or projects to win your trust.
• The goal is still to get you to click a link or share sensitive information.

Local Example:
An email to your HR manager says, “Hi Sipho, please urgently send me all staff IRP5s for the year. Regards, ‘Your Boss’.”
But the email address is a fake.

🐋 Whaling: The Big Fish Job

What is it?
Whaling is spear phishing for high rollers. The scammers go after CEOs, directors, or finance managers, often using info from public company documents.

How it works:

• A senior exec gets an urgent email that looks like it comes from the chairperson or a supplier.
• The scam asks for a big payment, confidential files, or sensitive business info.

Local Example:
“Hi Zanele, please process the attached payment of R500,000 for a confidential acquisition. Do not discuss with anyone else. Regards, Chairman.”
If Zanele acts fast without checking, the money is gone.

📱 Smishing and Vishing: Scams on Your Phone

Smishing is phishing by SMS or WhatsApp.
Vishing is when scammers use phone calls, pretending to be from your bank, SARS, or IT.

How it works:

• Smishing: “FNB: Your profile is blocked. Visit this link to unblock.”
• Vishing: A “bank employee” calls, asking you to confirm your PIN or OTP for your safety.

👩‍💻 Business Email Compromise (BEC): The Inside Job

What is it?
BEC is when a scammer hacks or fakes a business email account and uses it to trick people inside or outside your company.How it works:

• The scammer sends an email from a real or almost-real address, giving legit-sounding instructions (like new bank details).
• Victims pay money or send data, thinking it’s a genuine request.

Local Example:
A supplier emails your finance team with new banking details. You pay—money disappears.

🚨 How to Stay Safe: Tips for South Africans

• Never click suspicious links or open attachments you weren’t expecting.
• Check the sender’s email address carefully every time.
• If a request for money or information seems odd, phone the person to check, using a number you already know.
• Ignore urgent threats, like “your account will be closed” or “act now.”
• Use strong passwords and enable two-factor authentication.
• Train your team and family to be alert. If in doubt, double-check before you click.

Worried about phishing, or want to test your team with real-life training?

Reach out to the Hackerstopped EDR team at protect@hackerstopped.com.

We help South Africans stay safe, one scam at a time!