Cellphone number scam warning in South Africa

Scammers are impersonating the Independent Communication Authority of South Africa (Icasa) in an elaborate scam through which they claim that your phone number has been used in banking fraud and to harass people.

A MyBroadband reader shared what appears to be a forged letter sent to them on an Icasa letterhead and featuring an electronic signature for Icasa chairperson Mothibi Ramusi.

Despite sporting a signature allegedly belonging to Ramusi, the letter is from “The Secretary, Department of Telecommunications, Ministry of Communications, 350 Witch-Hazel Avenue”.

MyBroadband has shared the letter with Icasa and asked if the signature is, in fact, Ramusi’s. We also asked the regulator to confirm or repudiate the letter’s legitimacy. However, it did not respond by publication.

“This letter is to inform you that your mobile number has sent a large number of illegal advertisement and harassing text messages to the public,” the letter, fraught with typos, reads.

“We have received a report Reference Number (CAS-207/02/2025) from Pretoria Moot Police Station to deactivate all your numbers within two hours.”

The fraudsters instructed the reader to get a clarification letter from the Pretoria Moot Police Station through the constable to avoid the disconnection.

“You have to send us the clarification letter from Pretoria Moot Police Station to keep all your mobile numbers active,” the letter reads.

The reader also received a call from a person claiming to represent Icasa informing them of the issue.

They told the target that they could connect them directly to a constable at the Pretoria Moot Police Station to confirm the case.

Curious, the MyBroadband reader asked to be put through. The “constable” then said that in addition to harassment, their number had been used in banking fraud.

After telling the scammers to take a hike, the reader informed us about this new scam tactic.

While Icasa provided no feedback, the Pretoria Moot Police Station confirmed to MyBroadband that no case with the reference number CAS-207/02/2025 exists at the station.

Phishing scams on the rise in South Africa

South African banks have warned that they have seen significant upticks in banking scams targeting their customers, adding that phishing and vishing are some of the most common mechanisms used to trick victims.

For reference, vishing is the term used for phishing over telephone calls, as the MyBroadband reader experienced when the claimed Icasa official contacted them.

“Most of the mobile app fraud is driven by customers being instructed by criminals impersonating bank officials to move funds to a safe account or to approve transactions,” Absa’s chief fraud strategy and analytics officer Ulrich Janse van Rensburg told MyBroadband.

Discovery Bank told MyBroadband that scammers are becoming increasingly brazen and aren’t afraid to call clients directly to authenticate fraudulent transactions.

Capitec agreed that social engineering techniques like phishing and vishing are the most common form of banking app fraud.

“This type of scam is leading to significant financial losses,” said Capitec.

It also warned that investment scams Ponzi schemes, courier scams, and advance fee scams are common in South Africa.

Standard Bank told MyBroadband that it had seen a shift from phishing and SMS-based phishing to vishing. It also warned of scammers getting remote access to banking apps through malware.

“Through manipulation and deception, we are now seeing fraudsters employ the aid of customers to facilitate payments or unknowingly grant access to their banking app,” said Standard Bank’s head of fraud risk management, Athaly Khan.

“Most customers are actively seeking ways to cut costs and spend when there are discounts. This gives fraudsters an opportunity to present offerings that are too good to be true, preying on customers’ vulnerability.”

The banks provided an extensive list of steps banking customers in South Africa can take to protect themselves:

• Don’t process transactions when asked by someone purporting to be from your bank. End the engagement and contact your bank directly to verify.
• Read any messages from your bank carefully before you act.
• Use your bank’s “Account verification service” to confirm that the account you’re making payment to belongs to the real entity.
• Be sceptical of offers that appear too good to be true, especially those promising quick or high returns.
• Avoid paying upfront fees for jobs, loans, or prizes. Reputable companies will not ask for such payments.
• Thoroughly research any investment opportunities to ensure they are offered by authorised financial services providers.
• Don’t click on links in unsolicited messages asking for personal or banking information.
• Ensure you only load applications from trusted marketplaces and that you keep them up to date.
• Don’t share sensitive information. A bank will never ask for your passwords or OTPs.
• Immediately report stolen cards or devices.
• Don’t authorise transactions you didn’t process.
• Check the transaction’s currency and in-app authorisation match.
• Don’t download files so anyone can view your device’s screen.
• Don’t allow remote access to your computer through software like AnyDesk or TeamViewer.
• Avoid using public Wi-Fi to access your banking app.
• Ensure your device’s browser and security software are up to date.
• Unlink your banking apps from devices that are no longer in use.