In the first quarter of 2025, South Africa experienced a surge in cybercrime incidents, including a major breach in which Parliament’s social media accounts were hijacked to promote a fraudulent cryptocurrency scheme.
The growing threat of cybercrime in South Africa, results in millions of people losing their personal information and hard-earned money to increasingly sophisticated cyberattacks. While fake emails, scam phone calls, and deceptive messages are daily realities, large-scale data breaches, identity fraud and similar cybercrimes are becoming alarmingly frequent, affecting ordinary citizens. Digital banking fraud alone has surged by 45%, and related financial loses rising by 47%, leaving everyday citizens more vulnerable than ever.
South Africa ranks amongst the worlds’ worst-hit countries globally for cybercrime density, with estimated annual losses reaching R2.2 billion ($118 million).
Cybercriminals have evolved far beyond the notorious 419 scams. Today, they impersonate delivery agents, banks, trusted brands or even familiar contacts. The rise of artificial intelligence has supercharged these threats, enabling fraudsters to generate deepfake voices and AI-manipulated images to convincingly pose as real people. The South African Banking Risk Information Centre (SABRIC) warns that criminals now use these techniques to trick victims into handing over sensitive data or draining their bank accounts.
This growing sophistication in digital fraud is fueled by the ease with which personal data falls into the wrong hands. Through methods like data scraping, third-party sharing, recycled phone numbers and widespread collection of personal information, criminals can construct detailed profiles of potential victims, often without their knowledge.
“Some individuals and organisations even sell these compiled databases. This contributes to the persistent problem of telemarketing, where companies exploit vague terms and conditions to share data with third parties,” Chenai Chair, the founder of MyData Rights, told TechCabal.
The third-party access loophole in many terms and conditions means that a single consent can result in data being widely distributed, increasing exposure to scams. Chair noted that even when consumers request to be removed from these lists, they often have to contact multiple agencies before their request is granted.
Legal protection and ethical concerns
South Africa has implemented key legislation such as the Protection of Personal Information Act (POPIA), the Electronic Communications Act, and the Cybercrimes Act to provide legal recourse for victims. Banks and businesses have invested in advanced security software and fraud detection systems, and public awareness campaigns to mitigate risks.
Despite these efforts, digital privacy remains a major ethical concern. Chair points out that even when at play, informed consent often boils down to a simple ‘yes’ or ‘no,’ without a clear explanation of how users’ data will be stored, shared, or exploited. Opting out of tracking can restrict access to crucial services, coercing users into compliance.
Regulations alone are insufficient. And in terms of preparedness, only 36% of South African organisations are adequately prepared for data security threats. As breaches become more frequent, financial and reputational damage is rising, with the average cost of a data breach in 2024 nearing R50 million ($2.7 million).
Lebohang George, a data protection and privacy expert, highlighted the need for regulations that are contextually relevant. “Many African nations model their regulations after Europe’s GDPR, which prioritises individual rights. However, in South Africa, with its strong community structures, we need rules that consider collective impacts.”
Chair noted that policymakers also need ongoing capacity building. Technology evolves rapidly, leaving them constantly playing catch-up. “We can strengthen existing oversight bodies, like gender equality commissions and human rights councils, by equipping them to understand data’s impact within their jurisdictions. This avoids siloed regulation and addresses nuanced marginalisation,” she said.
There is also a broader duty to ensure personal information is used ethically and within its intended scope. For governments, the challenge lies in striking a delicate balance between using surveillance for security purposes and safeguarding civil liberties, an issue, which according to George, remains deeply controversial.
Bridging the digital divide
Digital literacy remains a significant challenge, particularly in the Global South. While digital literacy is often addressed in schools, older, vulnerable populations who are new to smartphones and social media are frequently overlooked. They lack the foundational knowledge to identify and protect themselves from online threats.
The Information Regulator of South Africa has launched public awareness initiatives, but George stressed the need for practical training. “Regulations should not just be a tick-box exercise. We need leadership buy-in to ensure that cybersecurity is embedded into systems, not treated as an afterthought.”
Toward safer data practices
Public awareness and proactive communication play a crucial role in mitigating cybercrime risks especially during high-risk periods like Black Friday and holiday seasons. Banks and police departments can issue clear guidance on verifying information and identifying potential scams.
Chair highlighted simple protective measures, such as using services like Apple’s Hide My Email, Firefox Relay, DuckDuckGo Email Protection, amongst others, which generate masked email addresses to prevent exposure. However, access to these tools often depends on financial resources, making data security an issue of privilege.
Chair also noted that “it is important to do online hygiene checks to mitigate cyber related risks.” It is surprising how much information can be publicly accessible. Even details people shared long ago, when they were less aware of online privacy, can resurface.
Beyond personal responsibility, reporting cybercrime is vital. George said that many victims feel embarrassed, preventing them from sharing their experiences, yet open discussions can promote a culture of awareness, helping others avoid similar pitfalls.
.
