We give some examples of these scams in Tanzania and explain what they are and how to avoid them.
According to an African Cybersecurity Research Report most people don’t realise what a risky communictaion looks like or how their actions can result in their systems becoming infected.
While more than half of respondents from sub-Saharan Africa know enough to avoid responding to a scam, a startling 46% still trusted emails from people they knew.
More than half of respondents (52%) trust communications from people they know, while only 49.5% do not open attachments they have not expected.
Scammers have picked up on this and are getting better at pretending to be individuals or fraudulently claiming they are from trusted companies know to the victim.
We have firsthand experience: In 2024 scammers falsely used our company name, address and telephone number. They targeted consumers on WhatsApp in Tanzania to get them to divulge contact details to an Indian or Indonesian telephone number. Of course we offered immediate advice and support to all those consumers who contacted us directly to help them avoid this scam.
Questions we have been asked recently on the rise of Phishing scams in Tanzania and East Africa:
What is a phishing scam?”
How should I check if this email is a phishing scam?”
Can I be scammed on social media or in WhatsApp messages?”
My business is well known in Tanzania and our name and contact details have been used fraudulently by a phishing scam. What should I do to protect the reputation of my business because of scams?”
What is a Phishing scam and how do I recognise it?
Fraudsters often use emails, WhatsApp messages, or SMS texts to trick you into giving them your passwords, account numbers, or identification document numbers (like your passport, visa, or national ID). If they get this information, they could gain access to your email, bank, or other accounts, or they could sell your information to other fraudsters. These fraudsters launch thousands of these phishing attacks every day, and they’re often successful.
Fraudsters frequently change their tactics to keep up with current news or trends, but here are some common tactics used in phishing emails or text messages:
Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. You might receive an unexpected email or text message that appears to be from a company you know or trust, like a bank or a credit card or utility company. Or maybe it’s from an online payment website or app. The message could be from a fraudster, who might:
claim they’ve noticed some suspicious activity or login attempts — they haven’t
say there’s a problem with your account or your payment information — there isn’t
tell you need to confirm some personal or financial information — you don’t
include an invoice you don’t recognize — it’s fake
want you to click on a link to make a payment — but the link has malware
say you’re eligible to register for a government refund — it’s a scam
offer a coupon for free stuff — it’s not real
Always be cautious and verify any unexpected messages before responding. Remember, if it seems too good to be true, it probably is. Stay safe!
If you want expert advice please just contact us and ask our advice.
Scammers use email or text messages to trick you into giving them your personal and financial information. But there are several ways to protect yourself.
How do I recognise a Phishing scam?
Types of Phishing Attacks
Cybercriminals can steal your personal information in various ways to access your money or identity. They can trick you into giving them your details by pretending to be official representatives of legitimate companies. Knowing what phishing attacks look like can help prevent them. Some common phishing techniques used by hackers include: impersonating legitimate companies, duping victims into providing personal information, and using that information for financial gain or identity fraud.
Email:
Many people become phishing victims through malicious emails. These usually appear legitimate, pretending to come from websites that you know or have an account with, but are in fact, sent by the hacker to capture your personal data. The emails will often contain links that ask you to enter your login credentials or other sensitive data. The hacker is then able to steal this information—such as password or credit card information—and use them for their own means.
Text Messages (SMS):
Just like email phishing, text phishing, or smishing, involve links that appear to legitimate sources and ask you to log into an account or enter your personal details. You may be asked to call a different number from the source telephone number you received the text message from.
Phone/WhatsApp Call:
In this scenario, the scammer will call the you saying they are a representative of a legitimate company that you might have an account with or you know well. Often referred to as ‘vishing’, the hacker will then ask you for personal information to confirm details of the account and resolve a supposed problem or offer you something. If you provide this data, the scammer can use this to achieve their goals.
Social Media or WhatsApp message:
Some hackers set up fake social media profiles or Business WhatsApp numbers fraudulently pretending to be a valid company and run scams to try and get your personal information. For example, they might tell you that you have won a contest and need to provide your phone number, email address, or personal Identity number. Or, they might say there is a security problem with the account and if the you do not confirm your login information your account will be blocked.
Simply IT, is based in Tanzania, East Africa and also in London, UK
We have a growing team of international IT solutions providers and seasoned cyber-security experts.
We pride ourselves on professional standards, knowledge of European data laws and practices.
We offer professional services, great customer care at very competitive and affordable prices to East African and European businesses and NGOs.
What to do after a Phishing attempt
If you are a victim of a phishing scam you may wonder what to do after your details have been compromised.
There are numerous steps that you can be take which may limit any damage from the attack, stop other people from becoming phishing victims of the same scam, and even protect yourself from future attacks. Here are some things to consider.
Figure out what happened
After a phishing attack, victims need to understand how the attack happened. This might involve a bit of investigative work, such as scrutinizing the phishing email or text to work out what the purpose of the attack might have been, checking firewall logs for any suspicious URLs or IP addresses, and working out exactly what information and details might have been compromised. It is also a good idea to check any accounts that might be associated with the stolen information to see if there is any suspicious activity.
Report the attack
For phishing victims wondering what to do in the aftermath of an attack, reporting it to the officials is one possible option. Although this is not always simple or straightforward, reporting the attack is important for various reasons. For example, if a legitimate organization has been implicated in the attack, it could ensure that they are aware that a scammer is masquerading as an official representative. Perhaps more importantly, it may help the victim regain control of any compromised accounts, protecting them from if the scammer tries to perpetrate identity theft, and block any suspicious financial transactions.
Contact the implicated company
Legitimate businesses are often unwittingly involved in phishing attacks because the phisher pretends to be a representative or sends a message that is supposedly from the company. If this is the case, then what to do after a phishing attack will involve contacting the company in question to let them know about the incident. This way, they can take steps towards preventing future phishing attacks by advising customers to be aware that scammers are contacting clients in their name.
Disconnect the device
In some cases, phishing attacks can be executed with the help of malware. For this reason, it is essential that phishing victims disconnect their compromised device from the internet. This will involve disabling the device’s Wi-Fi connection, or completely disconnecting and resetting the Wi-Fi network. This is important because it ensures that the malware will not be further transmitted through the network.
Update any compromised passwords
Phishing scams will often manipulate victims into providing sensitive information. Usually, they will use a link to redirect the user to a spoof website and get them to enter login credentials like passwords. After clicking a phishing link like this it is best to change any passwords that might have been compromised in the attack. Make sure this is done through the real website and not through the phishing link, and if the password has been reused on other accounts, be sure to change those, too.
Run a malware scan
Anti-virus software is a crucial part of ensuring the security and privacy of any device, but it is also an important part of phishing attack prevention. Once the software is installed, it should scan the device automatically to detect any potential malware. Ensure the software is always up to date—simply set up automatic updates—and run periodic manual scans that will check all devices, files, applications, and servers on the network for malware.
Watch out for identity theft
The purpose of some phishing attacks is to steal enough personal information about the target so that the phisher can steal their identity for fraudulent purposes. For example, by stealing someone’s passport number, phone number, and birth date, the attacker can take out new credit cards, or other kinds of fraud. Phishing victims should watch for signs of identity theft, such as unexpected financial transactions or medical bills, new credit cards they did not apply for, suspicious login attempts to online accounts, for example. If finances are impacted, the attack should be reported to the bank.
If you are made aware of phishing schemes that falsely use your company name, the victims of that attack may look to you for guidance on the next steps to take.
Offering immediate advice and support can help you retain the customer goodwill you’ve worked so hard to develop and mitigate against any reputational damage.
We experienced this also in April 2024. We would like to pass on what we learnt. Because we acted swiftly we even received a few extra Google reviews expressing the goodwill of the consumers we helped.
So how should you respond if your business is impersonated in a phishing scam?
If you are alerted to a phishing scam where fraudsters are impersonating your business, inform your clients as soon as possible in case they are targets. You can also inform your customers of the phishing scam by WhatsApp, email or letter.
If your business has a website or social media presence, you could announce the scam on your social media sites. When contacted by consumers concerned about the scam empathise and warn them to ignore suspicious emails or texts pretending to be from your company.
The important point is to remind your customers that legitimate businesses like yours would never solicit sensitive personal information through insecure channels like email or text messages.
If consumers believe they may be victims of identity theft because of the phishing scam impersonating your business, your could direct them to us at Simply IT for free advice, where they can discuss with us what may have happened.
For more information about recommended computer security practices, direct consumers to this article or others resources on our Knowledgebase where they can learn how to protect themselves online and avoid phishing attacks.
Given the increasing sophistication of cybercriminals, it is unfortunately common for people to becoming phishing victims. Understanding what these cybercrimes are and what measures to put in place to strive for phishing attack prevention is important. However, it is equally important that people know what to do after a phishing attacks. From securing their devices and accounts to reporting the phishing attack and understanding how it happened in the first place, these essential steps can help reduce any ensuing damage.
Any size business needs an online presence, so creating a website is a great way to build your brand, connect with clients both old and new, and expand your organization’s potential.
There is plenty that may be done to succeed, whether you need a promotional website or an eCommerce platform; yet, having a website alone won’t guarantee success.
ZANZIBAR’s DIGTAL IT INFRASTRUCTURE A nation’s Digital Infrastructure has become the lifeblood of all sectors of that nation’s society. In every country there are national
Pops has been an IT professional for over four decades, with a global work experience that spans multiple countries. Beginning as a Programmer and Analyst at a renowned corporation in the UK, he climbed the ladder to eventually become the Director of Global Information & Communications Technology. Along the way, he also led a Digital Marketing Consultancy in Europe for ten years. Presently residing in Zanzibar, Tanzania, Pops pursues his hobbies of watching rugby and football and Stand Up Paddle Boarding.
English 
Swahili 
Amharic 
Danish 
Dutch 
French 
German 
Italian 
Polish 
Arabic