How to avoid being the next cyber scam victim this tax season
A cyber security expert has warned taxpayers to be extra vigilant when tax season opens on July 1.
GoldPhish, a cybersecurity awareness training platform that enables businesses to ward off potential attacks, says tax scams have increased significantly and become more sophisticated in SA.
CEO Dan Thornton said tax season – when taxpayers complete and submit annual tax returns to the SA Revenue Service (Sars) – is a prime opportunity for identity thieves to approach people with realistic-looking emails and SMSes about returns and refunds.
“Taxpayers need to be wary of these Sars impersonation scams, where criminals pose as Sars agents with the intention of stealing their victims’ money or personal information," he said.
“The latter can lead to identity theft, which allows scammers to file tax returns in their victims’ names and steal their tax refund, in addition to other negative financial implications.”
Thornton said common fraud tactics used by cybercriminals during tax season include SMS scams (better known as smishing), email scams (phishing), phone scams (vishing) and refund scams.
The cyber security awareness training company warned taxpayers to be on the lookout for professional-looking “tax return" phishing emails impersonating Sars which are in fact fraudulent communications enticing people to disclose specific information such as bank account details.
“These e-mail addresses may appear legitimate, for example, they could be from email@example.com or firstname.lastname@example.org so that they give the impression that they are legitimate,” it said.
“These emails contain links to mock-up forms and fake websites made to look like the real thing, but with the aim of fooling people into entering personal information which the criminals can then use in various ways.”
The company said another tactic used was to try to convince taxpayers they are entitled to a rebate or refund from Sars.
“The scammers, pretending to be from Sars, will ask you to make a small initial payment to cover administration fees or taxes, to claim the amount owed to you. Sars will never request your banking details or credit card details in any communication,” it said.
How to protect yourself
- Verify the identity of the contact by calling the relevant organisation directly – find them through an independent source such as a phone book or online search. Do not use the contact details provided in the message sent to you.
- Remember, government departments or trusted companies will never contact you asking you to pay money upfront to claim a fee or rebate.
- Never send money or provide credit card details, online account details or copies of personal documents to anyone you don’t know or trust, and never by e-mail. Sars will not send you hyperlinks to other websites, even those of banks.
- Avoid any arrangement with a stranger that asks for upfront payment via money order, wire transfer, international funds transfer, pre-loaded cards or electronic currency.
- Protect your identity — your personal details are private and invaluable; keep them away from scammers. Always remain sceptical before handing over personal information via the phone, e-mail or online form.
- Report any suspicious activity or communication received to Sars fraud and anti-corruption hotline on 0800-002870.
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.