DSD WARNS OF FAKE SITES FOR THE APPLICATION OF COVID SOCIAL RELIEF OF DISTRESS PAYMENTS

• Applicants for Covid-19 Social Relief of Distress are being warned to be on the lookout for fake websites and links.
• There is only one platform to use in making such applications – the official South African Social Security Agency site https://SRD.sassa.gov.za.
• This information came to light during the investigation into alleged weaknesses and fraud in the application and payment system of social grants, the parliamentary portfolio on social development heard today, 26 February 2025.

The Department of Social Development and the South African Social Security Agency (SASSA) are warning unsuspecting applicants of fake websites and links purporting to be platforms to apply for the Covid 19-Social Relief of Distress (cSRD).

The only platform for all applications for the Covid-19 Social Relief of Distress is https://SRD.sassa.gov.za.

The following links: https://srd-sassa.org.za and https://srdsassagov.co.za are fake and are being used to steal personal information from unsuspecting applicants of the cSRD.

This was one of the issues revealed in parliament today, 26 February 2025, when the portfolio committee on social development received an update on the investigation into alleged weaknesses and fraud in the application and payment system of social grants.

Minister of Social Development Nokuzola Sisisi Tolashe instituted an investigation into vulnerabilities of the applications and systems used by SASSA for the payment of social grants, following recommendations made by the committee to conduct an investigation on these alleged vulnerabilities after claims of fraud in the application system of the cSRD were made by two students from the University of Stellenbosch.

Phase 1 of the investigation consisted of a comprehensive audit of the SRD application system to determine the extent to which the system was exposed to fraud.

The findings will serve as input for Phase 2, which will be an investigation into alleged fraud and weaknesses within the broader social grant system that results in ineligible beneficiaries receiving social grants.

The final report on the vulnerability assessment and penetration testing on the SRD online system administered by SASSA made the following findings, amongst others:

• There are unidentified, malicious websites with .org and .co.za domain names that purport to be the authentic SRD application websites that are used to harvest the information from applicants for fraudulent purposes; and
• The SRD web application has weaknesses, such as unencrypted communications, that present threats to the security of the platform and the safety of users. These weaknesses are classified as medium risk by the final audit report.

The final audit recommends a communication campaign warning beneficiaries and applicants about the unofficial and fake sites that are being used to harvest their information.

SASSA has developed an action plan to respond to the recommendations of the final audit report.

The plan has short-, medium-, and long-term activities, including:

•       Replace the HTTPS method with a POST method to protect communications between the applicant and the server that processes their information;
•       Limit the abnormal number of requests made to the SRD application system;
•       Update outdated software, and implement regular patch updates;
•       Introduce biometric systems; and
•       Within 18 months, remove the fake websites and other content that violates its brand, copyright, or right to information and privacy.

Minister Tolashe has assured the committee of her commitment to addressing the vulnerabilities and weaknesses identified in the cSRD system.