While the tax filing season is a time of economic alignment and fiscal responsibility, it is also a prime opportunity for cybercriminals to exploit unsuspecting taxpayers.
With SARS introducing pre-assessments to simplify submissions for taxpayers, fraudsters and scammers are capitalising on this convenience to craft sophisticated scams that mimic official communications – and the Southern African Fraud Prevention Service (SAFPS) warns that this heightened activity demands equal vigilance from the public.
“Fraudsters are exceptionally active during this period and taxpayers must stay alert to the latest tactics being used to steal personal data and funds,” cautions SAFPS CEO Manie van Schalkwyk.
Modus operandi
“Scammers will often impersonate SARS officials and persuade and manipulate victims into voluntarily surrendering sensitive data under false pretenses, or into paying them money,” says Van Schalkwyk. “There are a few scam tactics that the public should be aware of to protect themselves.”
Phishing emails and SMSs: Van Schalkwyk warns that criminals are becoming increasingly sophisticated and phishing emails and SMSs look very realistic.
“Our brains are conditioned to gloss over subtle differences unless we’re actively scanning for them,” he says. “This is exactly what makes these tactics so dangerous.”
Scammers will send messages from a fake SARS email address containing a link to a fraudulent website, often changing a single character in the hyperlink like replacing South Africa with South Afrìca – using a special character that looks similar to the original (in this example, the normal i has been replaced with an ì).
They could ask you to verify your banking details or personal information, claim that there is a refund due to you, or even that they are auditing your refund – and then redirect you to a malicious website potentially compromising your device and phishing your personal information.
“The email may say it’s from SARS and look realistic, however, if you look at the actual email address it is not an official SARS email address,” explains Van Schalkwyk. “Scammers can change the display name to appear as SARS and if you are not concentrating, you could click on the link or action the request due to fear. Carefully examine the sender’s email address and if it does not include @SARS.gov.za, it is likely a scam.”
Impersonation: Another growing concern is direct scam attempts where scammers initiate contact by impersonating SARS representatives. The scammers claim to want to help taxpayers with their tax returns and follow up on payments or refunds, often creating a sense of panic by warning consumers that there is a problem and that their tax status needs urgent attention, or they may be subject to fines for incorrect submissions. They then offer to lend a helping hand, provided that the consumer provides them with their tax number or ID number.
“It is important to note that an official SARS representative will never ask for this information,” says Van Schalkwyk.
eFiling profile hijacking: This is when fraudsters take over existing profiles or impersonate a valid taxpayer’s profile and change banking or other details to redirect refunds to fraudulent bank accounts which have been set up for this purpose.
Victims are saying that legitimate refund payments were redirected to bank accounts they did not authorise or recognise. This emerging trend indicates a sophisticated form of identity theft where criminals exploit personal data, often gathered during legitimate interactions with SARS, to open bogus accounts and intercept refund payments.
In one case, a 68-year-old taxpayer lost R37 000 after his refund was paid into a bank account that had been fraudulently created under his name. Despite submitting his real bank details during his filing appointment, the payment was rerouted. Similar cases have surfaced involving other banks where victims reported that substantial refunds were paid into unfamiliar accounts using stolen credentials.
Fraudulent letters of demand: The SARS website shares examples of fraudulent letters claiming that SARS attorneys have issued a letter of demand which requires urgent attention. The letter prompts the taxpayer to pay an outstanding amount of money into a fraudulent bank account, claiming to be a SARS account.
Tips and steps to take
“Proactive awareness is the strongest defence against digital fraud during this critical financial period,” says Van Schalkwyk, adding that the SAFPS has some basic tips:
- Do not share your eFiling username or password.
- Do not share sensitive information: SARS will NEVER ask for information like your banking details, pin, or card info via an email or SMS.
- Verify and check payment details: Pay via your eFiling profile or check the payment options on the official SARS webpage. SARS is a pre-approved beneficiary with all the banks so, if a letter asks you to load banking details, these are fraudulent. Do not make payments to accounts provided via unsolicited communication.
- Use official SARS channels: Do not click on links in SMSs, emails, or WhatsApp. Visit the SARS website and utilise formal channels only. If in doubt, contact SARS directly to verify.
- Implement robust cybersecurity practices: Use strong and unique passwords, avoid public Wi-Fi when working with sensitive information, and implement multi-factor authentication where possible.
- Be wary of a sense of urgency or pressure: In general, be cautious when there is a sense of urgency – or the person or communication is trying to intimidate you or illicit a sense of fear.
Anyone who suspects their refund has been compromised must immediately contact their bank, report the incident to SARS, and open a case with the South African Police Service. You can also report the incident to the SAFPS using the www.yima.org.za website.