The South African Broadcasting Corporation (SABC) has confirmed a business email compromise (BEC) incident that affected some staff email accounts.
According to the broadcaster’s head of communications, the organisation’s IT security team has since secured the compromised mailboxes.
“The SABC is aware of a recent email compromise affecting a small number of employee accounts,” she told MyBroadband.
“Our IT security team responded immediately, securing the affected mailboxes and containing the incident. Preliminary investigations indicate that the matter was isolated and quickly resolved.”
How the Attack Was Discovered
The attack reportedly began on Monday, 28 July 2025, when the email account of a manager for stakeholder relationships and partnerships sent a phishing email to external contacts.
The email included a PDF attachment containing an embedded link that redirected users to a malicious website controlled by the attacker.
Upon opening the attachment, recipients saw a blurry image resembling a prominent bank’s letterhead and were prompted to click a link to “access the full document.” Clicking this link redirected victims to a phishing site where their sensitive data could be harvested.
Media Companies Targeted
At least two South African media organisations were impacted by the compromised SABC email accounts. MyBroadband reported receiving two suspicious emails over a four-day period.
The first, received on 28 July 2025, originated from the stakeholder manager’s account. The second, sent four days later, came from the mailbox of a senior executive at SABC.
A day later, eNCA was also targeted. A spokesperson for eMedia Holdings, the parent company of eNCA, confirmed the incident but said it was contained and limited to a single email. “The situation was contained quickly, and no broader evidence of business email compromise affecting eNCA at this stage,” the spokesperson said.
The incident forms part of a broader trend of increasing BEC activity across the African continent. A recent INTERPOL report identified Nigeria, Ghana, Côte d’Ivoire, and South Africa as hotspots for such attacks in Africa.
“We encourage vigilance against suspicious emails among both our staff and external partners,” SABC spokesperson Ngubane ended.
About Author
