South Africa experienced an increase in cybercrime incidents in the first quarter 2025. This included a major breach where Parliament’s social media account was hijacked in order to promote a fraudulent cryptocurrency scam.
The increasing threat of cybercrime is causing millions of South Africans to lose their personal information as well as their hard-earned money. Fake emails, scam calls, and deceptive message are everyday realities. However, cybercrimes such as identity fraud, large-scale data breaches and other cybercrimes that affect ordinary citizens are on the rise. Digital banking fraud has increased by 45% and financial losses have risen by 47%. This leaves everyday citizens more vulnerable.
South Africa is one of the worst-hit countries in the world for cybercrime, with losses estimated at R2.2 billion ($118 millions). Cybercriminals have evolved beyond the 419 scams. They impersonate delivery agents today, as well as banks, trusted brands, and even familiar contacts. Artificial intelligence has heightened these threats. Fraudsters can now generate AI-manipulated images and deepfake voice to appear as real people. The South African Banking Risk Information Centre warns that criminals are now using these techniques to trick their victims into giving up sensitive data or draining bank accounts.
The ease with which personal information can fall into the wrong hands is fueling the growing sophistication of digital fraud. Criminals can create detailed profiles of potential targets, often without the victims’ knowledge, using methods such as data scraping, sharing with third parties, recycling phone numbers, and collecting personal information in large quantities.
Some individuals and organizations even sell these compiled database. This contributes towards the persistent problem of telemarketing where companies use vague terms and conditions to give data to third parties”, Chenai Chair the founder of MyData Rights told TechCabal.
A third-party access loophole is present in many terms and condition, which can lead to data being widely shared. This increases the risk of scams. Chair noted that consumers often have to contact several agencies to remove themselves from these lists.
Legal Protection and Ethical Concerns
South Africa implemented key legislation, such as the Protection of Personal Information Act(POPIA), Electronic Communications Act and the Cybercrimes Act, to provide legal recourse to victims. Businesses and banks have invested in fraud detection systems and advanced security software to reduce risks.
Digital privacy remains a major ethical issue despite these efforts. Chair points out, that even in the case of informed consent, it often comes down to a simple “yes” or “no”without a clear explanation as to how users’ data is stored, shared or exploited. Opting out of tracking could restrict users’ access to vital services, forcing them into compliance.
Regulations are not enough. Only 36% South African organisations are adequately ready for data security threats. Financial and reputational damage are increasing as breaches become more common. The average cost of a breach in 2024 is expected to be around R50 million ($2.7million).
Lebohang George is a privacy and data protection expert who highlighted the importance of regulations that are context-relevant. “Many African countries model their regulations on the GDPR in Europe, which prioritizes individual rights. In South Africa, where strong community structures exist, we need to consider collective impacts.
The Chair also noted that policymakers need ongoing capacity-building. The technology is constantly evolving, and they are always playing catch-up. We can strengthen existing oversight agencies, such as gender equality commissions and Human Rights Councils, by empowering them to understand the impact of data within their jurisdiction. “This avoids siloed regulations and addresses nuanced marginisation,” she said.
There’s also a wider duty to ensure that personal information is used ethically, and within the scope intended. George says that governments face a challenge in finding a delicate balance when it comes to using surveillance for security and protecting civil liberties. This issue is still highly controversial.
Bridging digital divide
Digital literacy remains a major challenge, especially in the Global South. Digital literacy is often taught in schools, but older, vulnerable populations that are new to social media and smartphones are often overlooked. They lack the knowledge necessary to protect themselves against online threats.
Although the Information Regulator of South Africa launched public awareness campaigns, George stressed that practical training was needed. “Regulations shouldn’t be a tick box exercise. We need to have leadership buy-in in order to ensure that cybersecurity is integrated into systems and not treated as a afterthought.
To safer data practices
Awareness and proactive communication are crucial for reducing cybercrime, especially during high-risk times like Black Friday and the holiday season. Banks and police departments should provide clear instructions on how to verify information and identify potential scams.
Chairman highlighted simple protective measures such as using services such as Apple’s Hide my Email, Firefox Relay and DuckDuckGo Email Protection amongst others that generate masked emails to prevent exposure. Access to these tools is often dependent on financial resources. This makes data security a privilege.
The Chair also stated that it is important to perform online hygiene checks in order to mitigate cyber-related risks. It is surprising just how much information is publicly accessible. Even details shared years ago when people were less aware of the importance of online privacy can resurface. Reporting cybercrime, beyond personal responsibility, is essential. George said that victims are embarrassed to share their experiences. However, open discussions can help promote a culture for awareness and help others avoid similar pitfalls.
.
