Tax season is a busy time, not just for taxpayers, but also for cybercriminals. Every year, scammers take advantage of the filing period to send messages that appear to come from the South African Revenue Service (SARS). 

Cybercriminals design these scams to trick you into giving away personal or financial information, and they’re getting more sophisticated each year. It’s important to stay alert, whether you’re filing for the first time or have years of experience as a taxpayer.  

It starts with a message 

You might receive an email, SMS or call addressed to “Dear Taxpayer”, which appears legitimate. This message may claim that you're eligible for a tax refund, encouraging you to take immediate action. Or you could get a notice insisting that you make an urgent payment to avoid steep penalties.  

The emails/messages take various shapes and sizes, but the most common ones include demands to immediately pay outstanding penalty fees, or tips on how to easily get a tax rebate if you follow a specific list of actions. They frequently contain links or attachments, which – when opened – can compromise your personal information or introduce harmful malware to your device. 

It looks legit, but it’s not  

Cybercriminals go to great lengths to make their scams appear authentic. They imitate the communication style of SARS, use fake but convincing email addresses, and create messages that seem timely and relevant. Some even add a personal touch, greeting you by name or by referencing previous filings. 

These scams typically include 

  • warnings about outstanding penalties or overdue tax returns 
  • promises of tax refunds if you “verify your banking details” 
  • links to fraudulent websites designed to steal your login credentials 
  • attachments that pretend to be official SARS documents 
  • urgent SMS messages pushing for immediate action 

Urgency is the trap 

Scammers exploit urgency, often using alarming phrases like "Final Notice!" or "Immediate action required!" to pressure you into responding without giving you time to think critically. 

Taking some time to verify information can help you to avoid exposing sensitive data or losing money. Here’s how to stay one step ahead. 

  • Don’t respond to unexpected emails or SMS’s from unknown sources. 
  • Avoid clicking suspicious links or downloading attachments. 
  • Never share your tax, banking, or eFiling details via email or SMS. 
  • Go directly to the official SARS website instead of clicking links provided in the message. 
  • If in doubt, contact SARS directly using verified contact details. 

Phishing scams operate by exploiting emotions such as panic, urgency, or even excitement to prompt hasty responses. If you find yourself tempted to click on a link embedded within the email, or to download an attached file, you run the risk of jeopardising your personal information. Such actions may lead to identity theft or result in your device being compromised by harmful malware. 

Always remember to exercise caution when encountering unsolicited emails. This is especially crucial for emails that involve financial matters or personal data. To keep your sensitive information protected, always verify the authenticity of such messages before taking any action. 

It’s not how SARS communicates... 

Understanding how SARS doesn’t operate is important. They have strict policies around how they communicate. For example, they’ll never ask you to confirm details via email or text. 

Official SARS communications will

  • not send hyperlinks to external websites or banking portals 
  • never request your banking details via email, SMS, or post  
  • direct you to log in to eFiling or use the SARS MobiApp 
  • not send *.htm or *.html attachments 

Staying safe starts with your device… 

Your device serves as your first line of defence. Keep your device’s operating system (i.e., Windows, Apple, Linux, or Android) and software updated with the latest available updates and security patches. 

  • Install anti-virus on all your devices and keep it updated.  
  • Scan your devices regularly. 
  • Keep your operating system (Windows, macOS, iOS, Android) and applications (browsers, Office, Acrobat, etc.) updated. 
  • Uninstall any software you no longer use. 
  • Be cautious about what you click on.  

Stay ahead of cybercriminals 

Scams will continue to evolve despite the best precautions. So, the more you know, the better prepared you will be.  

Check the SARS webpage for the latest tax-related phishing attacks and scams doing the rounds. You can also report these types of communications to phishing@sars.gov.za, or call their Fraud and Anti-Corruption hotline on 0800 00 2870., or call their Fraud and Anti-Corruption hotline on 0800 00 2870.