Telkom scam warning

Telkom has posted a notice on its website informing customers that malicious actors compromised an employee’s email account, enabling them to send phishing emails from an official Telkom address.

While it says its cybersecurity team swiftly contained the incident to prevent further disruption, it warns customers to be wary, as the fraudsters did manage to send out phishing emails.

Phishing scams involve malicious actors manipulating victims into revealing sensitive information. Like fishing, the process consists of sending multiple phishing emails, hoping that someone will “bite.”

“Between 6 and 12 June 2025, a Telkom employee’s account was compromised, resulting in phishing emails being sent externally from a Telkom email address,” the network operator says.

“The phishing email may have appeared to originate from a legitimate Telkom address.” The emails were sent with the subjects “TELKOM GROUP” or “TELKOM SA”.

It emphasised that the incident has been fully contained and that there is no evidence to suggest that sensitive information, such as financial information or ID numbers, was accessed.

“Our internal cybersecurity team acted swiftly to contain the incident and prevent further distribution of the phishing campaign,” it says.

Telkom states that it has implemented additional technical controls and initiated a full forensic investigation, supported by external cybersecurity expertise.

It warned South African residents who receive an email with the subject “TELKOM GROUP” or “TELKOM SA” from an official Telkom email address that they should remember the following:

• Don’t open the email or click on any links.
• Notify your IT administrator immediately.
• Contact Telkom’s support channels at [email protected].

Telkom isn’t the only mobile network operator in South Africa that has warned of scammers impersonating its employees.

South Africans have been increasingly targeted by scams and fraud attempts in recent years.

According to data from TransUnion, nearly 5% of all attempted digital transactions originating in South Africa in 2024’s first half were suspected to be fraudulent.

It cited a survey in which six of every 10 respondents said they had been recently targeted by fraud. Respondents indicated that many attacks arose from the telecoms, financial, and online communities.

Vodacom Rewards scam and arrests

In March 2025, South Africa’s biggest mobile network operator, Vodacom, sent an SMS to customers warning them of malicious actors posing as Vodacom Rewards staff.

“Beware of scammers posing as Vodacom Rewards. We will never ask for payment to redeem or deliver a prize,” the SMS read.

“Don’t share personal info or make payments. If you get such a request, it’s a scam.”

It said customers can verify suspicious messages or calls by calling 082135.

While the mobile operator runs lucrative competitions through its Vodapay app, including giving away cars and paying out between R10,000 and R100,000, it will never ask for a payment to secure a prize.

However, fraudsters are piggybacking on the Vodapay Rewards programme with a tailored advance fee scam in the hope of tricking victims.

The mobile operator is cracking down on fraudsters it identifies on its network.

Later in March 2025, a MyBroadband reader informed us of their experience dealing with a Vodacom Rewards scammer.

The reader shared three different numbers with which the fraudster had contacted them, which MyBroadband shared with Vodacom.

A highlight from their conversation was that the caller claimed to be Vodacom’s Chief Marketing Officer.

In its feedback to MyBroadband, Vodacom stated that it had removed the numbers from its network and blacklisted the fraudsters’ IMEIs to prevent them from targeting additional customers.

“Vodacom has concluded an investigation into a reported vishing incident, confirming evidence of fraudulent activity involving the reported mobile numbers,” a Vodacom spokesperson said.

“To this end, we have taken swift and decisive action with the three mobile numbers linked to the vishing activities being permanently deleted from our network, and the IMEI numbers of the associated devices have been blacklisted to prevent further misuse.”