FAKE WEBSITES OF TRUSTED NAMIBIAN INSTITUTIONS

02 OCTOBER 2025 – WINDHOEK

The Namibia Cyber Security Incident Response Team (NAM-CSIRT) has observed a concerning rise in fake websites designed to mislead the public by impersonating trusted organisations. Cybercriminals are becoming increasingly sophisticated in creating “spoofed” websites that look nearly identical to legitimate ones.

Website spoofing occurs when a fake website is created to mimic a legitimate one. These fraudulent sites often copy the design, branding, and even web addresses (URLs) of an organisation particularly banks, government agencies, and other trusted organisations. Attackers with limited technical skills can register a domain name that closely resembles that of a trusted institution, they then build an identical replica of the original website and lure visitors through phishing emails, malicious advertisements, or social media campaigns. Once users land on the spoofed website, they may be tricked into providing sensitive information such as login credentials, credit card numbers, or personal details.

In recent months, well-known Namibian institutions were targeted, and the attackers cloned their branding and layouts, creating websites that appeared legitimate, but redirected all navigation links to suspicious advertising domains. These redirections aimed to mislead users into unsafe online platforms where they risked encountering fraudulent schemes or malicious software.

Ways how Spoof Sites Trick Individuals:
• Spoofed websites often use addresses that look like the real website of the organisation for example, nam-csirt.com (fake) instead of nam-csirt.na (real).
• Fraudulent pages often replicate real login portals. Once a user enters their credentials, the information goes directly into the attacker’s database.
• Spoofed sites and phishing emails frequently contain alarming notices such as “Your account has been locked” or “Verify your login now to avoid suspension.” These messages pressure users into acting quickly without verifying authenticity.

NAM-CSIRT advises members of the public and organisations to take the
following precautions:

• Verify web addresses carefully before engaging with a site by identifying misspellings, unusual domains, or extra characters.
• Avoid clicking on unsolicited links from advertisements, emails, or social media posts. When in doubt, navigate directly to the official website by directly typing the website address.
• Enable Multifactor Authentication (MFA), which provides an extra layer of protection by requiring a second step of verification even if your password is compromised.
• Report spoofed or compromised websites to the impacted organisation, such as NAM-CSIRT, or other relevant authorities.

Since these scams operate outside of an organisation’s direct security
perimeter, spoofed websites are often only detected after unsuspecting users
have already fallen victim. To protect against website spoofing, it is essential
for organisations to regularly monitor their websites and ensure that it is
appropriately secured against attacks.

Additionally, it is recommended that organisations include awareness training
on spoofed websites to ensure that they inform employees and customers on
how to protect themselves from such cyber-attacks.

END

Issued By:
Mr. Mufaro Nesongano
Executive: Communication and Consumer Relations
On behalf: Namibia Cyber Security Incident Response Team (NAM-CSIRT),
housed by the Communications Regulatory Authority of Namibia (CRAN)
Tel: +264 61 222 666
Email: Communications@cran.na