WARNING: Don’t trust anyone this tax season
The SAFPS warns of scammers exploiting the new auto-assessment service to gain access to unsuspecting people’s financials.
While the tax filing season is a time of economic alignment and fiscal responsibility, it is also a prime opportunity for cybercriminals to exploit unsuspecting taxpayers.
With SARS introducing pre-assessments to simplify submissions for taxpayers, fraudsters and scammers are capitalising on this convenience to craft sophisticated scams that mimic official communications. The Southern African Fraud Prevention Service (SAFPS) warns that this heightened activity demands equal vigilance from the public.
“Fraudsters are exceptionally active during this period, and taxpayers must stay alert to the latest tactics being used to steal personal data and funds,” cautions SAFPS CEO Manie van Schalkwyk.
Modus operandi
“Scammers impersonate SARS officials and persuade or manipulate victims into voluntarily surrendering sensitive data under false pretences or into paying them money,” says Van Schalkwyk. “There are a few scam tactics the public should be aware of to protect themselves.”
Phishing emails and SMSes: Van Schalkwyk warns that criminals are becoming increasingly sophisticated, and phishing emails and SMSs seem very realistic.
“Our brains are conditioned to gloss over subtle differences unless we are actively scanning for them. This is exactly what makes these tactics so dangerous,” adds Van Schalkwyk.
Scammers will send messages from a fake SARS email address containing a link to a fraudulent website, often changing a single character in the hyperlink, like replacing South Africa with South Afrìca, using a special character that looks similar to the original (in this example, the normal i was replaced with an ì.
They could ask you to verify your banking details or personal information, claim a refund is due to you, or even that they are auditing your refund and then redirect you to a malicious website, potentially compromising your device and phishing your personal information.
“The email may say it’s from SARS and look realistic; however, if you look at the actual email address, it is not an official SARS email address.
“Scammers can change the display name to appear as SARS and if you are not concentrating, you could click on the link or act on the request due to fear. Carefully examine the sender’s email address and if it does not include @SARS.gov.za, it is likely a scam.”
Impersonation: Another growing concern is direct scam attempts, where scammers initiate contact by impersonating SARS representatives.
The scammers claim to want to help taxpayers with their tax returns and follow up on payments or refunds, often creating a sense of panic by warning consumers that there is a problem, and that their tax status needs urgent attention, or they may be subject to fines for incorrect submissions. They then offer to lend a helping hand, provided that the consumer gives them their tax number or ID number.
“An official SARS representative will never ask for this information,” says Van Schalkwyk.
eFiling profile hijacking: This is when fraudsters take over existing profiles or impersonate a valid taxpayer’s profile and change banking or other details to redirect refunds to fraudulent bank accounts set up for this purpose.
Victims said legitimate refund payments were redirected to bank accounts they did not authorise or recognise. This emerging trend indicates a sophisticated form of identity theft, where criminals exploit personal data, often gathered during legitimate interactions with SARS, to open bogus accounts and intercept refund payments.
In one case, a 68-year-old taxpayer lost R37 000 after his refund was paid into a bank account fraudulently created in his name. Despite submitting his real bank details during his filing appointment, the payment was rerouted.
Similar cases have surfaced involving other banks where victims reported that substantial refunds were paid into unfamiliar accounts using stolen credentials.
Fraudulent letters of demand: The SARS website shares examples of fraudulent letters claiming that SARS attorneys have issued a letter of demand which requires urgent attention. The letter prompts the taxpayer to pay an outstanding amount of money into a fraudulent bank account, claiming to be a SARS account.
Tips and steps to take
“Proactive awareness is the strongest defence against digital fraud during this critical financial period,” says Van Schalkwyk.
The SAFPS shares some tips:
• Do not share your eFiling username or password;
• Do not share sensitive information: SARS will NEVER ask for information like your banking details, PIN or card info via email or SMS;
• Verify and check payment details: Pay via your eFiling profile or check the payment options on the official SARS webpage. SARS is a pre-approved beneficiary with all the banks, so if a letter asks you to load banking details, these are fraudulent. Do not make payments to accounts provided via unsolicited communication;
• Use official SARS channels: Do not click on links in SMSes, emails or WhatsApp. Visit the SARS website and use formal channels only; if in doubt, contact SARS directly to verify;
• Implement robust cybersecurity practices: Use strong and unique passwords, avoid public Wi-Fi when working with sensitive information, and implement multi-factor authentication where possible;
• Be wary of a sense of urgency or pressure: In general, be cautious when there is a sense of urgency, or the person or communication is trying to intimidate you or illicit a sense of fear.
Anyone who suspects their refund was compromised must immediately contact their bank, report the incident to SARS, and open a case with the SAPS. You can also report the incident to the SAFPS via www.yima.org.za
Scam prevention toolbox
Van Schalkwyk points out that the SAFPS launched Yima in response to the growing need for a proactive approach to fraud prevention.
Fraud and scams remain a serious and growing threat in SA; however, proactive solutions are helping to mitigate their impact.
The Yima website is a scam prevention toolbox and reporting service, empowering consumers to teach themselves about scam tactics, scan websites for vulnerabilities and report scams to the SAFPS.
Through Yima, South Africans can report suspicious activity directly to the SAFPS. The intelligence gathered is shared with law enforcement, strengthening fraud investigations. Additionally, users can access a dedicated scam hotline, enabling direct reporting to banks and the police.
“They can log onto www.yima.org.za or call the Scams Prevention Hotline, which is 083 123 SCAM (7226),” says Van Schalkwyk.
The SAFPS also protects individuals against identity theft through protective registration and victim support, with fraud victim listings on the SAFPS database. These services are free.
“All of these products and services actively take the fight to fraudsters, reinforcing consumer protection and shaping a more secure financial landscape,” says Van Schalkwyk, who points out that the SAFPS remains committed to being on the front line of combating fraud.
