Cape Town: The Department of Social Development and its entity, the South African Social Security Agency (SASSA), have issued a warning to the public regarding fake websites and links that are fraudulently claiming to offer applications for the COVID-19 Social Relief of Distress (cSRD) grants.

According to South African Government News Agency, the only legitimate application platform for the COVID-19 Social Relief of Distress grants is https://SRD.sassa.gov.za. The fake sites, such as https://srd-sassa.org.za and https://srdsassagov.co.za, are being used to gather personal data from unsuspecting applicants, compromising their information in the process.

This issue was brought to light during a Parliamentary session when the Portfolio Committee on Social Development was briefed on the ongoing investigation into potential weaknesses and fraud within the social grants application and payment system. The investigation was initiated by the Minister of Social Development, Sisisi Tolashe, to explore vulnerabilities in the systems utilized by SASSA for social grant payments.

The investigation was partly prompted by claims from two University of Stellenbosch students who alleged fraud within the cSRD application system. Phase 1 of the investigation involved a comprehensive audit of the SRD application system managed by SASSA to assess its susceptibility to fraud. The audit’s findings will inform Phase 2, which will delve into broader systemic issues that enable ineligible beneficiaries to receive social grants.

The Final Report on Vulnerability Assessment (VA) and Penetration Testing (PT) of the SRD online system identified several key issues. Among these are the presence of malicious websites with .org and .co.za domain names that falsely represent themselves as legitimate SRD application sites, aiming to deceive users and steal their information. Additionally, the report highlighted weaknesses in the SRD web application, such as unencrypted communications, posing medium-risk threats to platform security and user safety.

In response to the audit’s recommendations, SASSA has devised an action plan that includes replacing the HTTPS method with a POST method to enhance communication security between applicants and servers. Other measures include implementing a rate limit on application requests, updating outdated software, and conducting regular patch updates alongside the introduction of biometric security features.

Over the next 18 months, SASSA aims to dismantle fake websites and any other content infringing on its brand, copyright, or rights to information and privacy. Minister Tolashe has reaffirmed her commitment to addressing the identified vulnerabilities and weaknesses within the system.