“The backbone of any successful phishing attack is a well-designed spoofed email or spoofed website, which is why it pays to have a healthy level of scepticism when it comes to opening emails and visiting websites.” (Phishing.org)
With Tax Season 2023 upon us, expect an upsurge in scam emails, seemingly from SARS but actually clever attempts by online criminals to swindle you.
“Phishing” is a cyberattack that uses fraudulent emails made to look as if they come from a reputable source – such as SARS – to trick people into disclosing sensitive personal information or taking an action such as clicking on a link that installs malware on their systems.
While fraudulent SMSs “smishing” and phone calls or “vishing” are also used, email “phishing” is the preferred method.
Examples from SARS include emails that appear to be from email@example.com or firstname.lastname@example.org, notifying taxpayers that they are eligible to receive tax refunds or owe SARS money.
One of the most recent scams involves an email titled ‘eFiling Credit Request’ that asks the email recipient to click on a link to view the amount. Another scam email titled ‘Debt Management – Final Demand’ guides the email recipient to download a ‘statement of account’. New scams are popping up all the time – for examples see SARS’ Scams and Phishing webpage.
These emails contain attachments, icons or links to false forms and fake websites made to look like the SARS website, to fool people into entering personal information or sharing one-time pins (OTPs).
Those caught by phishing often suffer financial loss as well as psychological trauma, while some may be unaware that they are victims of crime. It may also result in a breach of a company’s data security, as employees often use their work email addresses to sign up to websites and email lists.
Remember never to click on links in a suspicious email from SARS. You can email suspicious SARS correspondence to email@example.com. You can also check here to see all current legitimate SARS surveys, emails and SMSs.
While protecting yourself against scammers, it remains crucial to ensure that all legitimate SARS correspondence to you is still promptly attended to. If you are in any doubt, it is best to check with your accountant, who will be able to verify if the request is from SARS or report fraudulent emails to the relevant authorities. That way, you are certain you are complying with your tax responsibilities, without ever falling prey to scams and fraudsters.
Disclaimer: The information provided herein should not be used or relied on as professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your professional adviser for specific and detailed advice.