As the 2024 tax season officially gets underway and provisional and non-provisional taxpayers prepare their paperwork filing, Carey van Vlaanderen, CEO of ESET Southern Africa, says it’s essential to be extra vigilant as cybercriminals set their sights on South African taxpayers for a quick payday.
Tax season has become a popular time for criminals to send out fraudulent emails and SMSs claiming to be from the South African Revenue Service (Sars). These deceptive messages often appear legitimate, using addresses such as [email protected] or [email protected], and typically claim that the recipient is either due a tax refund or owes money to Sars that must be paid immediately. Messages include links to fake forms and websites designed to closely mimic the official Sars site, with the intention of tricking honest taxpayers into providing personal information or making payments.
“There are many variations on these scams, and although the specific premise and wording might change, it is concerning that spoofed emails, SMSs, and cloned sites mimicking Sars tend to look more convincing each year and are therefore quite successful in luring unsuspecting individuals into complying,” notes van Vlaanderen.
At their core, tax scams, and indeed many online scams, rely on some form of social engineering. “Scammers contact you via email or SMS and are quite deliberate in creating a sense of urgency to mislead you into revealing sensitive personal information, like banking details, passwords or pin numbers. Often, there’s the claim of an error on your tax return that needs immediate attention along with the threat of penalties for not acting quickly. Fake messages can also contain welcome news for taxpayers in the form of sizable refunds with a request to confirm banking details,” explains van Vlaanderen.
She says that because fraudsters are experts at manipulating emotions and pressuring individuals into making hasty decisions, it’s vital to remain calm and verify the authenticity of any communication before responding or taking action.
According to Sars’ own official communication protocols, Sars will never request banking details via post, email, or SMS. While a representative may verify personal details over the phone, Sars will not send hyperlinks to other websites to confirm said details. In addition, Sars does not send .htm or .html attachments and will never ask for credit card details.
“Awareness is the first line of defence. Understanding how Sars communicates and being able to recognise red flags can prevent you from falling victim. Although scammers can be quite sophisticated, the more individuals empower themselves with the right information and the right cybersecurity tools, the easier it is to stay safe online during tax season,” says van Vlaanderen.
Tips for staying safe
Submit your tax return early. The earlier you file, the less time scammers have to target you.
Take time to verify SMS messages and emails. Do not open or respond to emails from unknown sources. Always verify the sender’s information and check the official Sars e-Filing site directly for confirmation of official communication.
Be cautious with personal information. “If something feels off, it usually is. Always question unexpected requests for personal details and do not click on links, complete online forms, or open attachments if you have any doubts about their authenticity,” says van Vlaanderen.
Use strong Passwords. Use unique passwords for each website you use and consider using a password manager to keep track of them.
Keep your software updated. Regularly update your operating system, web browsers, and other software to ensure you have the latest version. Updates often include security fixes and other enhancements that can help protect you from scams.
Use online protection tools. Protect yourself from online scams with reliable and reputable cybersecurity tools. “Choose a comprehensive security solution for your personal devices. At a minimum, you should have features such as anti-phishing and Wi-Fi protection to keep your data safe online,” adds van Vlaanderen.
Stay informed. Keep up to date with the latest scams. Sars maintains an updated list of phishing scams on its website.
Choose the right tax professional to assist. Ensure any tax professional you consult is registered with Sars and an approved industry body such as the South African Institute of Tax Practitioners (SAIT) or the South African Institute of Business Accountants (SAIBA). “For those who prefer to get a helping hand with their tax matters, it’s important to be certain that you’re engaging with a legitimate, registered professional. Once again, be wary of unsolicited emails and messages offering personal tax services and do your research before sharing personal information or making payments,” advises van Vlaanderen.
PERSONAL FINANCE