Heightened threat of phishing scams targeting eFiling taxpayer profiles

By BVSA06082018

Posted June 11, 2024

In recent months, there has been a significant uptick in phishing scams aimed at hijacking eFiling taxpayer profiles in South Africa. Fraudsters are altering login and banking details on SARS profiles to submit fraudulent VAT returns and redirect funds to their accounts. These scams not only result in the hacking of individual taxpayer profiles but also in the hijacking of entire companies.

Tax director Jean-Louis Nel from Van Huyssteens Commercial Attorneys highlights the severe implications of such fraud. He refers to the case of Medtronic International, where accountant Hildegard Steenkamp exploited system vulnerabilities to embezzle R537 million through false VAT returns between 2004 and 2017. Despite Medtronic’s successful plea for relief under the Voluntary Disclosure Programme, it still had to repay a staggering R457.6 million in overstated VAT claims.

Nel underscores that taxpayers must diligently protect their login information to prevent liability for fraudulent transactions traced back to their accounts. He warns that in instances of VAT fraud, if the taxpayer does not promptly address the issue, they may face severe financial penalties or even corporate liquidation.

To combat these threats, SARS has set up a specialized digital fraud unit tasked with addressing profile hijackings and implementing rigorous security measures. The unit focuses on continuous monitoring and maintaining alignment with best practices to safeguard taxpayer information from phishing, malware, and social engineering attacks.

Taxpayers are urged to be vigilant against emails or messages that mimic official SARS communications, often directing them to fake websites or asking for personal details. Official SARS communications will only come from the “SARS.GOV.ZA” domain, emphasizing the importance of verifying suspicious emails before interacting with them.

Despite SARS’ efforts to secure its systems and recover funds from these fraudulent activities, the outcome of these recovery efforts is generally kept confidential due to privacy concerns. However, SARS has the authority to write off tax debts deemed irrecoverable under certain circumstances, though it remains a last resort after all other recovery options have been exhausted.

In summary, as phishing scams become more sophisticated, the responsibility falls on both taxpayers and SARS to prevent potential financial disasters. Vigilance and prompt reporting of suspicious activities are crucial in mitigating the risks associated with digital fraud.

Source: https://www.moneyweb.co.za/mymoney/moneyweb-tax/efiling-taxpayer-profile-hijackings-on-the-increase/

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.