Suspicious emails and text messages (phishing scams)

Suspicious emails and text messages (phishing scams)

Phishing scams happen when a fraudster contacts you, claiming to be a representative of PayFast or you receive fake "automated" system messages which appear as if they were sent by our system.  The goal is to trick you into believing that a payment has been made to your account and getting you to deliver items you might be selling or to retrieve sensitive financial information from you.

How can you tell if a message came from PayFast or not?

Always be vigilant!

1. Review the sender's email address

PayFast emails will only come from addresses ending with “payfast.co.za”.


Please note: What a lot of scammers do is to use the name “PayFast” (or variations thereof) but upon inspection, you can see that the email address comes from someone else:


Unfortunately even these "from" addresses can be spoofed by fraudsters, so it is good to know what else we do and don’t ask for.

2. When does PayFast send messages?

We send automated messages when you make a payment (successful payment sent emails), sign up for our services (welcome emails), when we communicate with you (via our newsletter or system updates, for example) and you can activate/deactivate automatic email notifications (to be sent when you receive payments).

Please note: Always check your PayFast account for payments received. The same way one should check a bank statement for payments received after receiving an email/SMS stating a payment has been made, you should always log into your PayFast account to confirm that you've received your payments.

3. Tracking and financial information

We only process payments and will never ask for (or provide) any shipping confirmation messages, waybill or tracking numbers. Scammers want you to immediately part with your goods and usually ask for a tracking number before payments reflect in your account.

We never ask for (or share) sensitive financial information such as credit card numbers or banking details via email.

4. Spelling and grammar

Phishing emails are often riddled with poor grammar and typos. We do our best to make our correspondence error free.

5. Sense of urgency

Phishing emails often contain a false sense of urgency or problem –"your account will be disabled if you don’t act right away" etc.—and a scenario that is often too good to be true, like a receiving a higher payment for the items you are selling.

6. OLX / Gumtree scams

If you’re trying to sell something on an online marketplace such as OLX and Gumtree and someone asked you to open a PayFast account, chances are near-certain that you are dealing with a fraudster. As per their site guidelines, only deal with people who you can physically meet up with and only do so in a safe place.

7. Text messages 

If you receive a text message claiming to be from PayFast, make sure the URL is a legitimate PayFast domain and be careful of any URL shortener. If PayFast ever sends you a text message, we would use the PayFast URL shortener payf.st/

I think I’m a victim of a phishing scam, what do I do?

It’s important not to open any links, provide any sensitive information or send off goods if you think you’re dealing with a scammer.

If you've already sent off items for delivery and noticed that there is no payment in your PayFast account, get in touch with the courier company and report the matter (they could potentially stop the delivery).

Report it to PayFast

If you’ve reviewed an email (claiming to be from PayFast) and you’re suspicious about its authenticity, you should immediately notify our Support staff. You can send us the entire correspondence with the fraudsters and our team will investigate and report the matter.

Important: Be sure to include the header of the email, which contains the most important information. Follow the steps below and send us all of the information displayed.
Gmail: Open the email, select the arrow (next to the reply icon) and click on 
show original.
Hotmail/Outlook: Right click the email and select 
show message source.
Yahoo!: Right click the email and select 
view full header.
Outlook desktop: Open the email, select file, properties and then 
details.
Mac Mail: Open the email, select view, message and then 
raw source.

Report it to your mail provider

A lot of times, the scammers will use similar information (same fake names, same email content, same email addresses, same fake URLs) to try and hook as many people as possible. Most email clients (like Gmail, Yahoo, Hotmail etc.) allow you to report phishing. If something has been reported as phishing, it helps avoid those fake emails arriving in someone else's inbox.

Gmail: Open the email, select the arrow (next to the reply icon) and click on report phishing.
Hotmail/Outlook: Select the checkbox next to the email, choose the arrow next to junk and click on 
phishing scam.
Yahoo!: Select the checkbox next to the email, click on the arrow next to spam and click on 
report a phishing scam.

Report it to the authorities

It might be difficult to report the matter to the authorities (different priorities, lack of training in cyber crimes, no actual identity of the fraudster etc.), but the ISPA recently published a good PDF document outlining steps on how to lodge a cyber crime complaint with the police.


    • Related Articles

    • Why am I not receiving email confirmation of payments?

      Email confirmation of payments is only sent when payment is initiated from a Pay Now button or if you have turned Email Confirmation on, on your account. Most shopping carts can be set up to send you a summary of your orders.  If you want to get an ...
    • How do I change my primary email?

      To change your primary email address, do the following: Log in to your PayFast account and navigate to the Profile page. Click the Edit icon next to Personal information. Select the Emails tab and add an email address. You will  receive a ...
    • What happens if I get an error when processing a refund?

      If you get an error when processing a refund it means that you won’t be able to action the refund to the buyer’s card.  There are a few reasons why a card refund can fail, common error messages include: Lost/stolen card Card expired/cancelled Pick up ...
    • How do I restrict/allow credit cards from certain countries?

      One of the easiest ways to secure yourself against online fraud is to limit receiving funds from credit cards issued in the country that your online business serves. New PayFast Dashboard To restrict/allow credit cards from certain countries, do the ...