Hook, line, and sinker: SA’s phishing crisis deepens

Phishing accounts for more than half of South Africa’s cyber threats, double the global average – ESET bi-annual Threat Report 2025.

Tony Anscombe, Chief Security Evangelist at ESET. 

South Africa has emerged as the phishing capital of the cyber world, according to the latest bi-annual Threat Report from global cybersecurity provider ESET. Data and expert insight collected between November 2024 and May 2025 revealed that phishing attacks make up 52% of all cyber threats in South Africa – nearly double the global average of 28%. For cybercriminals, the country has become a lucrative pond in which to cast their nets.

“Phishing attacks in South Africa are not only frequent but accelerating well beyond regional and global trends,” says Tony Anscombe, Chief Security Evangelist at ESET. “Cybercriminals are profiting from the easy gains of stealing credentials and sensitive data. As long as phishing continues to deliver quick, low-effort returns, it will remain a preferred tactic. The consistently high success rate makes it clear this threat isn’t going away anytime soon.”

This growing risk is already playing out in a new wave of phishing scams impersonating the South African Revenue Service (SARS), timed to coincide with the start of the 2025 tax season. Fraudulent emails and SMS messages, crafted to closely mimic official SARS communications, are tricking taxpayers with threats of audits, legal action, or promises of tax refunds – a tactic that hits close to home in a tough economy, where many South Africans are looking for any way to stretch their money further.

The surge in targeted breaches points to a deeper, systemic issue. “South Africa’s rapid digital growth is exposing long-standing security gaps that cybercriminals are quick to exploit,” says Anscombe. “As more services move online and our digital dependence deepens, the attack surface expands. Phishing remains especially effective, exploiting human error and gaps in cybersecurity awareness through sophisticated social engineering. To counter this, we must prioritise education – giving both consumers and employees the tools to identify and respond to threats. A cyber-aware culture is our best defence.”

Global data – emerging trends

The ESET Threat Report also highlights the meteoric rise of ClickFix, a once-obscure technique that has quickly evolved into a major global cyber threat. “Between late 2024 and early 2025, ClickFix detections surged by 517%, making it the second most prevalent attack vector after phishing. It now accounts for nearly 8% of all blocked attacks and is one of the fastest-growing threats we’ve ever seen,” says Anscombe.

ClickFix deceives users into executing malicious PowerShell commands – a legitimate tool used to manage and automate tasks on a computer through typed instructions. The scam presents fake error messages or CAPTCHA prompts on the victim’s device, urging them to ‘fix’ the issue by pasting a provided script into PowerShell or a terminal. Once activated, it unleashes a dangerous arsenal of threats, from infostealers and ransomware to remote access trojans. While the threat is gaining ground globally, accounting for 7.7% of cyberattacks worldwide, its footprint in Africa remains smaller, with detections at 6.8% across the continent and just 3% in South Africa.

Still, South Africa’s relative insulation may be short-lived. As reliance on remote access and digital platforms continues to grow, the question is no longer if ClickFix will take hold, but when; “Education is key – not just in recognising cyber threats, but in building the confidence to act before damage is done. Our goal is to foster awareness at every level, making vigilance second nature,” says Anscombe.

The ESET Threat Report is released twice a year and includes data from across the globe – as well as expert insight on key trends. To access the full report, click here.