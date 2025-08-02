Staff members at the SABC and eMedia have fallen victim to business email compromises, which resulted in phishing emails being sent to their contact lists.

The attack had been circulating around the SABC since at least Monday, when the address of a stakeholder relationships and partnerships manager sent a phishing email to contacts outside the organisation.

The attack email adopted a simple approach. It contained a PDF attachment, which it encouraged the recipient to click on.

Upon opening the attachment, the reader was presented with the blurry image of what appears to be a statement on a prominent bank’s letterhead, with a message to click to access the document.

Closer examination of the PDF revealed that it was purely a link to a website on top of a blurry image. Clicking the link took the victim to an attack site.

The attack site aimed to gain access to the victim’s email account and spread by sending itself to their address book.

MyBroadband received a second attack email from a different SABC executive on Thursday. On Friday, the virus had infected the email account of a senior executive at eNCA.

An eMedia spokesperson confirmed the attack and said it had been isolated to that single individual’s email account.

“The situation was contained quickly, and no broader evidence of business email compromise affecting eNCA at this stage,” they said.

“The affected user account was secured, and our Infrastructure and Security teams responded right away to investigate and contain the incident.”

eMedia said it took immediate steps to ensure its IT environment remained safe, and precautionary measures were reinforced.

Asked whether the SABC and eNCA attacks were related, eMedia said they appeared connected. “The email that led to the compromise originated from a compromised SABC account,” they said.

“An eNCA employee received and engaged with the message, which led to the incident. It suggests the attack may have been part of a wider phishing attempt across multiple organisations.”

Interpol warning

Screenshot of the phishing email sent to executives at the SABC and eNCA

Cybercriminal groups are increasingly targeting South African businesses, state-owned entities, and government departments.

Interpol recently released its Africa Cyberthreat Assessment Report 2025, which found that South Africa is a top target for cybercriminals operating on the continent.

Regarding business email compromise (BEC), Interpol member countries in Africa have identified the attack as a significant and growing cyberthreat within the broader landscape of online scams.

“Data from Interpol’s private sector partners indicate a sharp rise in BEC-related cybercriminal activity across Africa, both in attack volume and financial impact,” it stated.

“A substantial number of BEC criminals operate from the continent, particularly in West Africa.”

According to data from Interpol private partners, eleven African nations account for most BEC activity originating from the continent, with a concentration in Nigeria, Ghana, Côte d’Ivoire, and South Africa.

In West Africa, some criminal networks have evolved into highly organised, multi-million-dollar enterprises driven by BEC fraud.

The transnational syndicate Black Axe has thousands of members worldwide and is responsible for large-scale financial scams that have generated billions.

Data provided by Interpol African member countries indicated that in 2024, the finance sector was the most frequently targeted.

Companies engaged in international trade, frequent financial transactions, and those with underdeveloped security controls were particularly vulnerable to BEC attacks.

However, no industry was immune to BEC attacks. Organisations of all sizes, from small and medium-sized enterprises to large corporations, were affected.

“In addition to banks and microfinance institutions, significant incidents were reported in sectors such as the import and export trade, oil and gas, pharmaceuticals, transport, and e-commerce,” Interpol warned.

“Attacks on government institutions, as well as the voluntary sector and individuals, were also on the rise across the continent.”

Unfortunately, precise numbers of BEC incidents in Africa are challenging to obtain due to underreporting. However, several indicators reveal the scale of the problem.

“In 2024 alone, 19 African countries collectively reported 10,490 cybercrime-related arrests, suggesting that the actual number of BEC cases is significantly higher, given that only an estimated 35% of cybercrimes are officially reported,” Interpol said.

The type of BEC attack the SABC and eNCA fell victim to appear to be an example of cybercrime- as-a-Service (CaaS), which Interpol said was fueling the growing sophistication of BEC attacks.

“Microsoft’s Digital Crimes Unit detected a 38% increase in CaaS targeting business email accounts between 2019 and 2022,” it said.

“Threat actors now have access to ready-made phishing kits, allowing them to scale operations efficiently.”