Suspicious emails (phishing scams)
Posted by zz Werner vR on 21 Sep 2015 11:27
Phishing scams happen when a fraudster contacts you, claiming to be a representative of PayFast or you receive fake "automated" system messages which appear as if they were sent by our system. The goal is to trick you into believing that a payment has been made to your account and getting you to deliver items you might be selling or to retrieve sensitive financial information from you.
How can I tell if a message came from PayFast or not?
Always be vigilant!
Review the sender's email address
PayFast emails will only come from addresses ending with “payfast.co.za”.
Note that what a lot of scammers do is to use the name “PayFast” (or variations thereof) but upon inspection you can see that the email address comes from someone else:
Unfortunately even these "from" addresses can be spoofed by fraudsters, so it is good to know what else we do and don’t ask for.
When does PayFast send messages?
We send automated messages when you make a payment (successful payment sent emails), sign up for our services (welcome emails), when we communicate with you (via our newsletter or system updates, for example) and you can activate/deactivate automatic email notifications (to be sent when you receive payments).
Tracking and financial information?
We only process payments and will never ask for (or provide) any shipping confirmation messages, waybill or tracking numbers. Scammers want you to immediately part with your goods and usually ask for a tracking number before payments reflect in your account.
We never ask for (or share) sensitive financial information such as credit card numbers or banking details via email.
Spelling and grammar
Phishing emails are often riddled with poor grammar and typos. We do our best to make our correspondence error free ;-)
Sense of urgency
Phishing emails often contain a false sense of urgency or problem –"your account will be disabled if you don’t act right away" etc.—and a scenario that is often too good to be true, like a receiving a higher payment for the items you are selling.
OLX / Gumtree scams
If you’re trying to sell something on an online marketplace such as OLX and Gumtree and someone asked you to open a PayFast account, chances are near-certain that you are dealing with a fraudster. As per their site guidelines, only deal with people who you can physically meet up with and only do so in a safe place.
I think I’m a victim of a phishing scam, what do I do?
It’s important not to open any links, provide any sensitive information or send off goods if you think you’re dealing with a scammer.
If you've already sent off items for delivery and noticed that there is no payment in your PayFast account, get in touch with the courier company and report the matter (they could potentially stop the delivery).
Report it to PayFast
If you’ve reviewed an email (claiming to be from PayFast) and you’re suspicious about its authenticity, you should immediately notify our Support staff. You can send us the entire correspondence with the fraudsters and our team will investigate and report the matter.
Report it to your mail provider
A lot of times, the scammers will use similar information (same fake names, same email content, same email addresses, same fake URLs) to try and hook as many people as possible. Most email clients (like Gmail, Yahoo, Hotmail etc.) allow you to report phishing. If something has been reported as phishing, it helps avoid those fake emails arriving in someone else's inbox.
Report it to the authorities
It might be difficult to report the matter to the authorities (different priorities, lack of training in cyber crimes, no actual identity of the fraudster etc.), but the ISPA recently published a good PDF document outlining steps on how to lodge a cyber crime complaint with the police.