Cyber Alert: COVID-19 phishing scams

phishing scams

The COVID-19 pandemic has had such far-reaching effects that fraudsters are stepping in and taking advantage. How? Cyber-attacks come in many packages from phishing scams and fraudulent products to insolvency fraud and misappropriation of assets. The demand for PPE has created a perfect environment for cybercriminals to develop fraud schemes. And, South Africa has seen plenty of cyber-attacks recently.

Currently, with the way businesses are operating – with staff working from home – many employees are more susceptible to fraud such as phishing scams, vishing, and zoombombing. Many companies have had to attend to quick internal changes for their business to cater to remote working. In their haste, they may have underestimated the importance of IT security tools or how remote working limits these.

Phishing Scams

Email phishing scams are carried out online by tech-savvy fraudsters and identity theft criminals. What they do is use fake websites that look identical to real websites and emails. In this way, they trick employees into divulging sensitive information. And then what? Well, it’s not just about stealing your money, they can also use your information to create fake accounts in your name, ruin your credit, and steal your identity.

South Africa’s Latest PPE Procurement Scam

The most recent phishing scam has been tricking companies that supply PPE goods and services to government. In this case, it was face masks. National Treasury has put out a notice warning suppliers of the phishing scam. The scam came in the form of receiving a fake Request For Quotations requesting provision of face masks, disposable aprons, safety goggles, PVC books, gloves, and sanitisers. With a very scary twist, when one goes to search for the specific item in question (and, often the RFQ is for a very specific PPE), you are taken to a website which has an amazing special on that item.  So, it stands to reason that these phishers have researched thoroughly on this particular scam.

It’s important to remember that the onus remains with suppliers to ensure the RFQs are legitimate and need to verify their validity themselves. Fraudsters are using departmental letterheads to send out fake tenders to companies and requests to supply equipment and goods.

The National Department of Health has alerted the relevant law enforcement authorities to investigate the scam. If you suspect that you are a victim of a scam urgently contact the police and the NDoH.

How to Identify a Phishing Scam

Phishers often look legitimate – with their website looking real and their message seemingly genuine. Here are some tips for identifying a scam:

  • Requests for confidential information come in over email or instant message;
  • The use of emotional language, scare tactics or short deadlines to meet; often gets you to respond quickly;
  • Misspelled URLs and the use of sub-domains for example correct domain for Department of Justice – someone@health.gov.za – what a typical fraudster would use could be someone@dohgov-za.co. Both are valid and usable domains, but the one is totally fake.
  • Links within the body of a message;
  • Lack of personal greeting or customised information;
  • Contact person’s name and telephone number don’t correspond to the correct business details;
  • Banking details of fraudsters are in a private name, not a business name, however not always. We have seen a fraudster that set up a valid company with a proper company bank account with Nedbank.

How can we help you?

At Complete IT Business Solutions, we offer a system audit and can set your business up with top IT security tools, antivirus software protection, firewall, and anti-spyware protection to ensure you avoid cybercriminals and threats to your business. Let us worry about the technical part, while you focus on the critical things.

For a free system audit, reach out to us here
Email us or
phone on +27 21 556 3524.

And, please do follow us.