The Department of Social Development and the South African Social Security Agency (Sassa) have urged the public to be aware of fake websites and links for applications for Covid-19 Social Relief of Distress (SRD) grants.

The correct and authentic application platform for all Covid-19 SRD grants is available on Sassa’s website.

Scam website links

The links below are scam websites that are being used to steal personal information from people who think they are applying for the R370 SRD grant:

• https://srd-sassa.org.za
• https://srdsassagov.co.za

The Portfolio Committee on Social Development revealed this information in Parliament on Wednesday.

Minister of Social Development Sisisi Tolashe said an investigation into vulnerabilities of the applications and systems used by Sassa for the payment of social grants is underway following claims of fraud by two students from the University of Stellenbosch.

“Phase 1 of the investigation consisted of a comprehensive audit into the SRD application system administered by Sassa to determine the extent to which the system was exposed to fraud.

“The findings of this audit will serve as input as a basis for Phase 2, which will be an investigation into alleged fraud and weaknesses in the broader social grant system that results in ineligible beneficiaries receiving social grants,” the department said in a statement.

The final report on the Vulnerability Assessment and Penetration Testing on the SRD online system stated the following findings, among others:

• There are unidentified, malicious websites with .org and .co.za domain names that purport to be the authentic SRD application websites that are used to harvest applicants’ information for fraud purposes
• The SRD web application process has weaknesses, including unencrypted communications, that present threats to the security of the platform and the safety of users. These weaknesses are classified as medium risk by the Final Audit Report
• The Final Audit recommends a communication campaign warning beneficiaries and applicants about the unofficial and fake sites being used to harvest information for fraudulent purposes.

The department said Sassa has developed an action plan to respond to the recommendations of the Final Audit Report, including:

• Replacing the ‘https’ method with a ‘post’ method to protect communications between the applicant and the server that processes their information
• Implementing a ‘rate limit’ to limit the abnormal number of requests made on the SRD application system
• Updating outdated software
• Implementing regular patch updates and introducing biometrics.

Sassa will have the fake websites removed within 18 months.

Tolashe assured the committee of her commitment to addressing the vulnerabilities and weaknesses identified in the system. – SAnews.gov.za

Breaking news at your fingertips… Follow Caxton Network News on Facebook and join our WhatsApp channel.