Taxpayers warned about being targeted in scams by cybercriminals as tax season begins

People visiting the Sars offices in Long Street, Cape Town, during a previous tax season. Picture: Jeffrey Abrahams

People visiting the Sars offices in Long Street, Cape Town, during a previous tax season. Picture: Jeffrey Abrahams

Published Jul 10, 2023

Share

Cape Town - Taxpayers have been warned to be on the lookout for cybercriminals lurking in the shadows with dirty tricks to take advantage and scam them of their hard-earned money.

This warning from the SA Revenue Service, and cybersecurity experts comes as South Africans began filing their annual tax returns with the onset of tax filing season.

Cybercrime experts warned that tax-return time is open season for cybercrime and it is likely to be worse with many people continuing to work from home on various devices that are connected to unsecured networks.

Cybersecurity strategist Aamir Lakhani said cybercriminals were out in force, eager to prey on the stress and uncertainty surrounding tax season.

Lakhani said the criminals were using a range of tactics from the sophisticated to the simple to steal information and that “social engineering scams” were low-hanging fruit during tax season.

Social media is the preferred channel, but it is not unusual for contact to be made by telephone or in person.

Cyber security expert Aamir Lakhani. Picture: Supplied

Giving examples of social engineering attacks to watch out for, Lakhani said attacks may take the form of phishing email campaigns or phone calls from people claiming to be from Sars.

He said to appear legitimate, scammers might use stolen data with personal information, such as identity numbers.

“Cybercriminals use a ‘spray and pray’ model for phishing campaigns. They send thousands of emails, hoping that at least one person will fall victim to the attack.

“On the other hand, spear-phishing attacks are a targeted form of phishing that can be more difficult to detect because the emails are personalised to appear as if they were sent by someone the recipient knows.”

Lakhani said previously spear-phishing was challenging to implement, “but now some advanced cybercriminals use machine learning and artificial intelligence to execute these attacks more efficiently.”

Sars meanwhile says it has been alerted by its sophisticated risk engine that there was an unusual increase in the number of registrations, all of which were suspicious.

Sars commissioner Edward Kieswetter. File photo: Government Communication and Information System (GCIS)

Sars commissioner Edward Kieswetter said: “Our analysis suggests that large numbers of these registrations are being created with the intent to defraud Sars and, by implication, honest taxpayers.”

Kieswetter issued a stern warning to those engaged in these schemes.

He said Sars was augmenting its human effort using data insights, artificial intelligence and machine learning algorithms to enhance its capability to identify those engaged in criminal activity.

“Those who underestimate our resolve, do so at their own peril. Furthermore, I wish to apologise to honest taxpayers for the inconvenience that this may cause.”

Sars said a new scam was doing the rounds. In this scam an email titled “eFiling Credit Request” asks the email recipient to click on a link to view the amount.

Another scam features an email purporting to be from the Department of International Relations and Co-operation asking the recipient to assist the police to catch corrupt Sars employees.

This scam asks the recipient to click on a link and then to sign in using their unique Sars email address and password, but not their username, to verify their identity.

Sars also revealed that there was an email titled “Statement of Account request”, doing the rounds. This scam asks the recipient to download a statement of account.

A similar scam is an email titled “Debt Management – Final Demand”. This one also asks the recipient to download a statement of account.

In a statement Sars said: “Please do not click on any suspicious links and delete these messages.

“If in doubt, always visit our Scams & Phishing web page, where examples of these latest scams are published.”