What managed IT services do you offer?

We offer comprehensive managed IT services including network monitoring, system administration, cybersecurity, cloud services, help desk support, data backup and recovery, and IT consulting to keep your business running smoothly.

How can your cybersecurity solutions protect my business?

Our cybersecurity solutions include threat monitoring, intrusion detection, vulnerability assessments, employee training, data encryption, and incident response planning to provide multi-layered protection for your business against evolving cyber threats.

What's included in your cloud services?

Our cloud services include cloud migration, infrastructure setup, public/private/hybrid cloud implementation, cloud security, ongoing management, optimization, and support for platforms like AWS, Azure, and Google Cloud.

How do you handle IT emergencies?

We provide 24/7 emergency IT support with guaranteed response times, remote troubleshooting capabilities, and onsite support when needed, ensuring your critical business systems can be restored quickly with minimal downtime.

What makes Dexani different from other IT service providers?

We differentiate ourselves through our proactive approach to IT management, extensive industry experience, customized solutions, transparent pricing, and dedicated account management to ensure your specific business needs are always met.

Phishing Attacks in South Africa: What SMEs Need to Know

Every day, thousands of phishing emails land in the inboxes of South African businesses. Some are obvious—poorly written messages from "Nigerian princes." But modern phishing attacks are sophisticated, convincing, and increasingly successful.

For SMEs, a single employee clicking the wrong link can lead to devastating consequences: stolen credentials, compromised bank accounts, data breaches, and ransomware infections. Understanding how phishing works—and how to defend against it—is essential for every South African business owner.

The State of Phishing in South Africa

South Africa ranks among the top 10 countries globally for phishing attacks. Our businesses face unique challenges:

Sophisticated local scams impersonating SARS, major banks, and local courier services
Business Email Compromise (BEC) targeting finance departments
Increased remote work expanding the attack surface
Limited security awareness training in many organisations

According to recent research, over 90% of successful cyberattacks begin with a phishing email. The attackers know that humans are often the weakest link in any security chain.

How Modern Phishing Attacks Work

Email Phishing

The most common form remains email phishing. Attackers send messages that appear to come from trusted sources:

Banks: "Your account has been suspended. Click here to verify."
SARS: "Your tax refund is ready. Submit your banking details."
Suppliers: "Please update our payment details for future invoices."
Colleagues: "Can you quickly process this payment? I'm in a meeting."

These emails often include official logos, proper formatting, and domains that look legitimate at first glance (like "standardbank-secure.co.za" instead of "standardbank.co.za").

Spear Phishing

Unlike broad phishing campaigns, spear phishing targets specific individuals. Attackers research their victims using LinkedIn, company websites, and social media. They craft personalised messages that reference real projects, colleagues, or recent events.

A finance manager might receive an email that appears to come from the CEO, referencing an actual acquisition deal, requesting an urgent wire transfer. These attacks are highly effective because they seem legitimate.

Smishing and Vishing

Phishing isn't limited to email:

Smishing uses SMS messages ("Your FNB account is locked. Call this number...")
Vishing uses phone calls from "bank security" or "IT support"
Social media phishing uses fake profiles and direct messages

Attackers often combine multiple channels—sending an email, then following up with a phone call to add urgency and credibility.

Red Flags: How to Spot a Phishing Attempt

Train yourself and your team to recognise these warning signs:

Suspicious Sender Details

Email address doesn't match the supposed sender
Display name says "Standard Bank" but address is "@gmail.com"
Slight misspellings in domain names (standardbnk.co.za)

Urgency and Pressure

"Act immediately or your account will be closed"
"This offer expires in 24 hours"
"Urgent action required"

Legitimate organisations rarely pressure you to act instantly without verification.

Requests for Sensitive Information

Banks, SARS, and legitimate service providers will never ask you to:

Provide your full password via email
Share OTPs or security codes
Click a link to "verify" your account details

Poor Grammar and Formatting

While modern phishing is more sophisticated, many attacks still contain:

Spelling errors and grammatical mistakes
Inconsistent formatting
Low-quality logos or images

Suspicious Links and Attachments

Hover over links (don't click!) to see the actual destination
Be wary of shortened URLs
Never open unexpected attachments, especially .exe, .zip, or macro-enabled documents

Protecting Your Business from Phishing

Technical Controls

Implement these technical measures to reduce phishing risk:

Email Security

Advanced spam filtering with AI-powered threat detection
DMARC, DKIM, and SPF records to prevent email spoofing
Automatic flagging of external emails
Sandboxing of attachments before delivery

Multi-Factor Authentication (MFA) Even if credentials are stolen, MFA prevents attackers from accessing accounts. Enable it on:

Email (Microsoft 365, Google Workspace)
Banking and financial systems
Cloud applications
VPN access

Web Filtering Block access to known phishing sites and prevent users from downloading malicious files.

Employee Training

Technology catches most phishing attempts, but some will get through. Your people need to be prepared.

Regular Training Sessions

Conduct quarterly awareness training
Use real examples of phishing emails
Update training as new threats emerge

Phishing Simulations

Send test phishing emails to your organisation
Track who clicks and provide additional coaching
Celebrate improvements and reward vigilance

Clear Reporting Procedures Make it easy for employees to report suspicious emails:

Dedicated email address or button in email client
No punishment for reporting—even if they clicked
Quick feedback so employees know their reports matter

Process Controls

Payment Verification Establish procedures that prevent BEC fraud:

Verify any payment detail changes via phone (using known numbers, not those in the email)
Require dual authorisation for large transfers
Implement a waiting period for new vendor payments

Communication Protocols

Executives should never request wire transfers via email
Establish code words for urgent financial requests
Create a culture where questioning unusual requests is encouraged

What to Do If You've Been Phished

Act quickly to minimise damage:

Change passwords immediately for any compromised accounts
Enable MFA if not already active
Alert your bank if financial details were shared
Notify your IT team to check for broader compromise
Report the incident to your organisation's security contact
Preserve evidence (don't delete the email)

If sensitive data was compromised, you may need to notify the Information Regulator under POPIA requirements.

Building a Phishing-Resistant Culture

Stopping phishing isn't a one-time project—it's an ongoing commitment. The most secure organisations:

Make security awareness part of onboarding
Conduct regular simulations and training
Reward employees who report suspicious activity
Share learnings from attempted attacks (without blame)
Keep security measures user-friendly to encourage compliance

Partner with Experts to Stay Protected

Phishing attacks are constantly evolving, and keeping up requires dedicated expertise. Most SMEs don't have in-house security teams, but that doesn't mean you're on your own.

Dexani provides comprehensive email security, employee training, and phishing simulation services tailored for South African businesses. We help you implement the technical controls and build the security culture needed to stop phishing attacks before they succeed.

Ready to protect your team? Contact Dexani today for a security assessment and learn how we can help you stay one step ahead of cybercriminals.

Dexani is a Managed IT Services Provider helping South African businesses stay secure in an increasingly dangerous digital landscape.