Feb 2022 1st edition

Be careful of SARS eFiling scammers

Written by Silusapho Nyanda

Members of the public are warned to be vigilant of a new phishing scam that uses the name of the South African Revenue Service (SARS). 

The scam targets taxpayers through phishing emails and text messages. 

Phishing is the use of messages to trick a victim into revealing sensitive information. 

Phishing victims click on a link or open an attachment that seems to be from a reliable source - such as SARS or their bank - when, in fact, it often allows criminals to gain access to confidential information, such as passwords and usernames. 

The SARS scam is aimed at accessing information from a taxpayer’s eFiling. 

Once the scammers gain access to the eFiling profiles, they use the information to redirect tax refunds to their own bank accounts, rather than to the bank account of the intended recipient.
SARS Commissioner Edward Kieswetter says SARS is working around the clock to end this form of fraud.

“Let me leave no one in doubt about SARS’s capacity and capability to deal a massive blow to those hell-bent on these criminal activities. Working with other law enforcement agencies, SARS will leave no stone unturned to hunt and find these criminals.”

SARS has already made several changes to strengthen its systems to prevent security breaches.

Kieswetter says that taxpayers and tax practitioners – people who do tax returns on behalf of someone else – must avoid sharing their secret passwords, even within their own company. 

“All eFiling user access within practices or companies must be routinely reviewed and, where required, employee access should be revoked, particularly when an employee leaves the practice or company.”

Incidents of unauthorised changes to eFiling profiles can be reported to the SARS Anti-Corruption and Fraud Hotline at 0800 00 2870. You can also call this number to check if the email you received is really from SARS.

Did you know?
SARS will never request your banking details via post, email, or SMS. 

SARS will not send you any hyperlinks to other websites – even those of banks.

SARS does not send *.htm or *.html attachments.

SARS will never ask for your credit card details.

Share this page