With more than 3,3-million taxpayers submitting their returns via eFiling, there has been a noticeable increase in targeted attacks from cybercriminals looking to take advantage.
As their methods evolve to keep up with digital trends, it’s important for taxpayers to be aware of tax season-specific phishing tactics. Mimecast’s customer success manager Heino Gevers gives his five top tips to make eFiling safe.
* Consider the source – Exercising some basic email security tips can go a long way towards avoiding online tax scams. Be protective of your main email address – share it only with trusted sources to ensure it does not end up on spam mailing lists. Never open an email from an unknown sender and be careful of strange attachments as these can be malicious.
* Know thy SARS – We’ve all heard the story of a friend or acquaintance who ended up getting scammed after they opened a seemingly legitimate email requesting their password. The South African Banking Risk Information Centre estimates that the effectiveness of attacks rise from 3% to 70% when private personal information is included. It’s not always easy to tell a real e-mail from a phishing attempt. Beware of any emails that ask for personal, tax, banking and eFiling details such as login credentials, passwords and PINS as SARS will never request such information over e-mail.
* Observe and report – Don’t just assume that a cyberscam will never happen to you. Phishing attacks are very much seasonal, so keep a sharper eye out than normal for suspicious emails claiming to be from SARS during tax season. An excellent resource to keep abreast of these seasonal scams is SARS itself. Its web site has a section devoted to phishing prevention that is always being updated with information on the latest scams. If you do get an e-mail or phone call that starts ringing the alarm bell, report it to the relevant authorities. Send an email to email@example.com or call the Fraud and Anti-Corruption Hotline on 0800 00 2870.
* Don’t fall for SMS or phone scams – Today’s cyber attackers are more sophisticated than ever and are using multiple channels to target taxpayers. SMS attacks, known as smishing, are widespread in South Africa. Never give out personal details through SMS. Similarly, be careful of unsolicited phone calls from individuals claiming to be SARS employees. If in doubt, phone the SARS contact centre at 0800 00 7277 or visit your nearest branch to verify.
* Practice password security – The SARS web site uses password complexity on its eFiling site to ensure that users do not utilise easily-cracked passwords. However, there is even more you can do to ensure your password is never compromised. Create a unique password for eFiling that is not the same as that you use for any other sites on the web. Not every site utilises strong encryption practices so being hacked on one site can lead to disaster on another. As an additional safety measure, change your eFiling password every tax season.