Ina Opperman

By Ina Opperman

Business Journalist


Fake websites are stealing South Africans’ money – here’s how to spot one

Cybercriminals are skilled at using technology and tools to create fake websites that appear genuine, even to the shrewdest internet user.


A fake website can cost you a lot of money if you pay for an order that will never arrive. These fake website are often used when you pay through PayPal.

Cybercriminals are increasingly resorting to fraudulent websites to deceive unsuspecting individuals and make off with their identities, sensitive information and hard-earned money. Phishing, smishing, email scams, dating scams, fraud, hacking—the realm of cybercrime has become more prevalent and sophisticated than ever before, says Simon Campbell-Young, co-founder of Digimune, that distributes anti-hacking software in South Africa.

“Fake websites, designed to look exactly like the brands they mimic, have become honeypots for unsuspecting people lured there to enter their details and fall victim to scammers. As cybercriminals continue to exploit individuals, it is crucial to stay informed and equipped with the knowledge to identify these deceptive websites.”

ALSO READ: Scam alert: Rise of NFC payment fraud in South Africa

Some fake websites look realistic

He says if you know what to look for, you can identify and avoid most fake websites. “However, if you clicked on a realistic-looking email that tells you your bank account has been hacked or frozen, you will think out of fear, rather than logic. You do not inspect the site and just click on the link, enter your details and you have been caught.”

Fake websites are intentionally designed to be as realistic as possible, down to the URL, which may initially seem authentic.

“Scammers rely on us not noticing the subtle differences in the URL or the site’s design. Believing it to be real, we unknowingly enter our login information, giving the scammers access to our actual accounts. Once they gain access, their first action is usually to change your password on the legitimate website, effectively locking you out of your own account permanently.”

To make matters worse, even legitimate websites can fall victim to malware infections. There are various ways websites can become infected, such as through vulnerabilities in their code or by being compromised through hacking attacks.

Once a website is infected, it can harbour viruses or scripts that run automatically when you visit the site. These malicious elements are designed to capture any information you enter, putting your sensitive data at risk.

ALSO READ: Threads threats: Dark side of Meta’s app and how to avoid scams, phishing

How to protect yourself from fake websites

However, Campbell-Young says, there are ways to protect yourself from these risks by following a simple checklist to verify every website before entering any personal information.

  • If you clicked on a link to visit a website, carefully analyse the source of the link and examine the domain name and URL. This will help you quickly determine if the URL does not belong to the company that the website claims to be. Pay attention to small spelling mistakes, added letters, or punctuation errors in the URL.
  • Check the SSL or TLS certificate in the top left-hand corner of the URL bar. Click on the certificate to verify its validity. The little padlock symbol theoretically means a site is safe, but remember, it can be manipulated. Therefore, relying solely on the padlock is not enough to determine a website’s authenticity.
  • Make sure to check the website thoroughly and take a look at the About Us or Information pages. Often any content that seems poorly written or does not sound right will be a dead giveaway. Also, verify the contact information provided on the website to ensure it is authentic.
  • Use intelligent tools such safe search and anti-virus protection. These tools provide secure browsing and real-time security against various threats such as malware, online scams, fake websites, and phishing emails.

ALSO READ: Ground-breaking platform to combat fraud coming in June

“Security tools are specifically designed to identify unusual patterns that may go unnoticed by users who are tired or under stress. These tools can detect suspicious domain names, check if the domain starts with HTTP or HTTPS and provide alerts to users if a website is infected with malware. This gives internet users additional safety measures to enhance their online security.”

Campbell-Young says the consequences of falling prey to these scams are too costly. A report from 2022 reveals that consumers lost approximately $5.8 billion to fraud the previous year. A South African survey found consumers are losing an average of R14 253 per transaction because of banking app fraud.

“Implementing protective measures and staying vigilant against these risks is not just about safe browsing; it also makes financial sense.”

For more news your way

Download our app and read this and other great stories on the move. Available for Android and iOS.