South Africans warned to stay vigilant against tax season phishing scams

As South Africa enters its annual tax season, Kaspersky has issued a critical alert urging both citizens and businesses to stay vigilant against a surge of phishing scams that impersonate communications from the South African Revenue Service (SARS).

With auto-assessments now rolling out, cybercriminals are seizing the opportunity to deceive unsuspecting taxpayers into divulging their personal or financial information.

It is revealed that phishing scams, fraudulent emails or messages crafted to steal sensitive data, are becoming increasingly sophisticated, making them harder to detect.

Kaspersky’s research has also uncovered a range of scams that typically masquerade as urgent tax refund notifications or eFiling alerts. These scams often feature official logos, realistic language, and links that lead to counterfeit SARS portals.

“Phishing remains one of the most common and effective cyber threats in South Africa. Cybercriminals prey on the pressure and complexity of the tax season, sending emails that claim to be from SARS and asking users to open attachments or click on links to confirm personal details. These often lead to malware infections or credential theft,” warns Chris Norton, general manager for Sub-Saharan Africa at Kaspersky.

A recent study reveals alarming statistics: phishing accounted for a staggering 67% of cyber incidents reported by local companies over the past year, alongside a 29% year-on-year increase in various cyberattacks overall. Meanwhile, globally, the cybersecurity company reveals that it blocked nearly 900 million phishing attempts in 2024 alone, a stark reminder of the extensive and evolving threat posed by these attacks.

It is emergence of artificial intelligence has further complicated the landscape, enabling attackers to craft more convincing emails and personalise messages. These advancements allow scammers to automate phishing websites and mimic SARS voice prompts during phone scams. “These attacks are no longer riddled with grammar mistakes. They are professional, timely, and dangerous,” adds Norton.

In light of these challenges, the cybersecurity company offers the following practical steps to help the public protect against tax-related phishing scams:

• Think before you click: Always check the sender’s address. SARS will never request personal, tax, banking, or eFiling details via email or SMS.
• Go directly to the source: Access eFiling services by typing www.sars.gov.za into your browser, rather than clicking links in unsolicited emails.
• Avoid downloading attachments: Be cautious of emails that urge you to open PDFs, ZIP files, or invoices allegedly from SARS.
• Use updated security software: Tools like Kaspersky Next or Kaspersky Premium provide real-time detection of suspicious activity and block known phishing sites.
• Stay informed: Regularly check SARS’s website for updates on known scams and alerts.
• Report phishing attempts: If you suspect a scam, report it to SARS at [email protected] and notify your IT administrator if you're part of an organisation.

For individuals who may have already fallen victim by clicking on a phishing link or providing sensitive information, the company recommends immediate action. Change your SARS and banking passwords, enable two-factor authentication, and scan your device for malware. Additional guidance can be found on Kaspersky’s phishing response resource, “What to do if you're a phishing victim.”

“Tax season does not have to be risky. With greater awareness, updated software, and a healthy dose of scepticism, South Africans can protect themselves from even the most sophisticated scams,” concludes Norton.

Saturday Star