Please be informed that multiple HPCSA-issued email accounts have been compromised following a recent phishing campaign. In this incident, some stakeholders — both internal and external unknowingly disclosed their HPCSA email passwords to malicious actors through fraudulent emails and deceptive websites. See example of fraudulent email below.
Once obtained, these credentials were used to access accounts and send further phishing messages to contacts, placing HPCSA’s systems, sensitive data, and network security at serious risk.
The IT Department urges all stakeholders to take our cybersecurity awareness campaigns seriously and follow secure practices to prevent future incidents. These compromises are preventable if all users:
- Never share their HPCSA email password with anyone.
- Do not click on suspicious links or open unexpected attachments.
- Verify the legitimacy of emails before responding or providing any information.
- Immediately report suspicious emails to the HPCSA IT Service Desk.
If you suspect your account may have been compromised, click here to inform the HPCSA IT Department without delay.
We apologise for any inconvenience caused and assure you that we are taking remedial measures to secure affected accounts, investigate the scope of the incident, and implement additional safeguards.
Thank you for your cooperation in protecting the HPCSA’s digital environment.
Example of Fraudulent HPCSA Email
Last Updated on 19 August 2025 by HPCSA Corporate Affairs