By Mamela Luthuli, CEO of Take Note Group of Companies
Starting a new job should be a moment of pride and optimism. For many professionals, especially young South Africans. entering the workforce, it’s also a digital milestone, they update their LinkedIn, celebrate the news online, and begin to navigate their new environment.
But amid this excitement, there’s a growing and under-acknowledged threat: cybercriminals are watching too.
At Take Note, we’ve observed an alarming increase in cyber scams targeting new hires across corporate South Africa. These attacks aren’t random, they’re calculated, intentional, and often very effective. And they’re exploiting something as simple as a LinkedIn post.
The Scam: “Hi, It’s the CEO…”
Imagine this: you’re a few days into your new role when you get a message. It looks like it’s from the CEO, or another senior executive. It’s polite, respectful, and urgent.
“Hi, I’m in back-to-back meetings. I need a quick favour—please send through a few online gift card codes.”
For someone new, eager to prove themselves and unaware of internal norms, this seems legitimate. By the time they realise it’s a scam, the money is gone, and the cybercriminal has vanished without a trace.
Why New Hires Are Being Targeted
From our analysis, there are clear reasons why new employees are being specifically targeted:
- They’ve recently made their new job public.
- They may not know their CEO or direct manager’s communication style.
- They’re motivated to impress.
- They haven’t yet received internal cyber training.
- They don’t want to be seen as questioning authority.
These are human vulnerabilities, not technical gaps. And that’s exactly what attackers are exploiting.
What We’re Seeing in the Field
Across our clients, we’ve seen repeated patterns:
- New employees being asked to buy and send through voucher codes.
- Fake executives sending urgent WhatsApp or SMS requests.
- Social engineering tactics designed to discourage verification.
These scams are increasingly sophisticated, crafted in perfect English, referencing real names, and disguised with spoofed email addresses.
Our Stance: Security Begins with People
At Take Note, we believe cybersecurity is not just about firewalls and software, it’s about people. That’s why awareness must be the first layer of any organisation’s defence.
Our advice to companies is simple but powerful:
- Train every employee on cybersecurity from day one as part of employee onboarding. Nobody should start work until training is completed
- Create a culture where asking questions is encouraged.
- Teach your team to verify unusual requests, always.
- Equip your systems with smart, layered tools that flag impersonation.
- Communicate clearly and often about cyber risks.
What We’re Doing at Take Note
Our work seats at the intersection of cybersecurity, IoT innovation, and education. Through our Academy of Excellence, we’re not only protecting organisations, we’re developing the next generation of cybersecurity professionals.
We partner with both government and private sector stakeholders to help build a more secure, more inclusive digital economy, one where opportunity and safety go hand in hand.
A Final Word
Cybersecurity will always be part technical, but it will always be, at its heart, deeply human.
And for new employees stepping into their roles with hope and ambition, one question could make all the difference:
“Does this feel right?”
If it doesn’t, pause, verify, and ask. Let’s make sure that “Welcome to the team” stays a celebration, not a cyber trap.
For more information visit us on