.jpg)
Beware of Fake Tender Emails: The SACAA Scam Breakdown
Businesses are regularly targeted by cybercriminals using cleverly disguised emails that mimic government or corporate entities. One of the most common tactics is the fake RFQ (Request for Quotation) scam — designed to trick suppliers into engaging with fraudulent schemes. Let’s examine a recent email claiming to be from the South African Civil Aviation Authority (SACAA) and how to protect yourself.
📧 The Fake Email in Question
Subject: Request for Quotation – SACAA
From: Procurement Department
Email: pertunia.manana@caabids-supply.online
“The SACAA invites tender submissions... even if not within your scope — find a supplier and quote us.”
🔍 Keyword Suggestions (SEO)
Use these keywords to increase article visibility:
-
Fake RFQ email
-
Tender scam South Africa
-
Procurement email fraud
-
SACAA email scam
-
How to spot phishing
-
Email spoofing South Africa
-
Government tender scam
-
Cybersecurity for businesses
-
Quotation fraud warning
-
Fake procurement alert
🚩 Red Flags in This Email
Despite its formal tone, the email raises multiple red flags. Let’s break them down:
1. Suspicious Email Domain
pertunia.manana@caabids-supply.online
The legitimate domain for SACAA is @caa.co.za. This fake email uses a misleading domain (caabids-supply.online) designed to trick recipients who aren’t paying close attention.
2. No Mention of Specific Product
The email asks for pricing “for the specific product requested” — yet no product is ever mentioned. Scammers do this to encourage recipients to respond and start a dialogue, where the fraud deepens.
3. Vague Language Encouraging Outsourcing
“You can find a supplier and provide us with a quotation...”
This is an attempt to make you do the work of pricing something you don’t even sell. It’s another layer of deceit — scammers hope you’ll feel invested and send personal or financial information in follow-up emails.
4. Automated Email Disclaimer
“Due to a system delay, it may reach you after office hours.”
This vague disclaimer is designed to discourage phone verification or delay you long enough that you can’t confirm it with the actual SACAA until it’s too late.
5. Short Deadline
“Closing date is within 3 working days.”
Scam emails often use urgency to bypass rational thinking. If a tender is legitimate, it usually comes with a clearly documented process and longer response times.
6. Generic Signature
“Procurement Department”
No official titles, no names you can verify, and no direct website or branding.
🕵️ Real vs. Fake Tender Emails
| Email domain | Official gov/business domain (e.g. @caa.co.za) | Suspicious or fake domain (e.g. @supply.online) |
| Specificity | Clearly describes items, requirements | Vague or missing product description |
| Scope | You must qualify or register to respond | Says “anyone can quote” or encourages outsourcing |
| Contact verification | Easily verifiable online | Contact person often doesn’t exist online |
| Documentation | Comes with reference number and documents | Missing or suspicious file attachments |
🧠 Best Practices for Email & Tender Verification
-
Always check the sender’s domain.
Example: @caa.co.za is legitimate, @caabids-supply.online is not. -
Search the person and company online.
If “Pertunia Manana” doesn’t appear on the official SACAA site or LinkedIn, it’s a red flag. -
Never quote without verifying the tender.
Contact SACAA using verified contact details from their official website. -
Avoid clicking links or downloading unknown attachments.
These may lead to phishing sites or malware. -
Educate your procurement or sales teams.
Share real-life examples like this so your team doesn’t fall victim. -
Use email filtering software to catch and quarantine suspicious messages.
📌 Common Scam Variations to Watch For
-
Government Contracts: Fake emails from departments like Health, Transport, or Home Affairs.
-
Awarded Tenders: Messages claiming your company was "pre-approved" for work.
-
Payment Processing Requests: Fake follow-ups asking for banking info to "process" your award.
🏷️ Recommended Tags for This Article
-
#ProcurementScam
-
#FakeTenderAlert
-
#SACAAFraud
-
#EmailSecurity
-
#PhishingScam
-
#BusinessSafety
-
#CybersecurityTips
-
#SouthAfricaScams
-
#RFQWarning
📸 Suggested Image for the Article
You can use:
-
A photo of a fake invoice or scam email on a laptop screen.
-
A phishing hook symbol over a fake tender letter.
-
A professional staring at an email with “WARNING” or “SCAM” banner.
Would you like me to provide a royalty-free image for this?
🧾 Conclusion: Don’t Take RFQs at Face Value
The SACAA example is just one of many fake procurement emails currently circulating in South Africa. Cybercriminals are getting smarter — and so should we. Always double-check domains, verify senders, and never engage with emails that seem vague, rushed, or too good to be true.
By learning how to spot and report scam emails, you protect not just your business, but also your clients, suppliers, and colleagues.
.jpeg)
