As the 2025 tax filing season ramps up, taxpayers and tax practitioners must remain alert due to increased scams and fraudulent activity that will leverage and seek to undermine the Tax Filing 2025 Season.
Criminals will use fear to create urgency or gain victims confidence by impersonating, in particular, SARS officials or official SARS correspondence. The criminal activity can be divided loosely into two types, namely scams seeking to directly get payment or banking access details from the taxpayer or by getting payment from SARS via the use of taxpayer eFiling profiles and/or submitting fraudulent taxpayer data.
The criminal activity can vary from very basic emails to highly complex and intricate scams using new technologies such as remote access software to take control of desktops or phones or using web calls to retrieve biometric information such as facial recognition.
Somaya Khaki, Saica lead for Tax Advocacy (Administrative Law) outlines some of the more common scam tactics below and how to stay safe.
- eFiling profile hijacking: Fraudsters gain access to profiles and redirect refunds to their own bank account by changing bank and other details on the profile.
- Phishing emails/SMS: Fake SARS messages ask for personal/banking information or contain links to malicious websites which will then ‘farm’ personal information from the user;
- Impersonation calls: Scammers pose as SARS officials to extract login credentials or one-time-pins (OTPs). They will often pretend to want to assist the taxpayer with payment of refunds.
- Fraudulent SARS letters of demand: Taxpayers may receive an email with ‘letters of demand’ or notice of ‘outstanding payment’ on a SARS letterhead, prompting the taxpayer to pay outstanding amounts into fraudulent bank accounts on the letter. The accounts are with various banks and are denoted as being ‘SARS’ accounts.
- Fake tax advisors: Individuals posing as registered tax practitioners who promise higher tax refunds, if you pay them to assist with your tax return. They then submit fraudulent returns and often disappear when SARS conducts a verification or audit on the refund. The taxpayer could end up with a higher tax bill, due to illegitimate deductions claimed, and potential criminal investigations.
- Audit scams: SMSs claim SARS is auditing your refund and redirect you to fraudulent websites which then gather personal data that can be used to defraud the individual.
- Targeting the elderly/vulnerable taxpayers: Vulnerable taxpayers can be more easily targeted and manipulated via calls, emails or text messages requesting sensitive information to gain access to eFiling profiles.
How to stay safe
While there are many scams and fraudulent schemes in operation, there are measures you can take to protect yourself to some extent. Knowledge is the first and greatest defense.
Know what the state of your tax affairs are by using SARS eFiling and the SARS MobiApp to resist acting in haste through fake urgency. Know when these scams are more likely to happen as well as what information your bank or SARS would in fact ask you.
If you have vulnerable family members or friends, set up assistance and support arrangements so that you can assist them by validating the status of their tax affairs or follow up on any SARS enquiries or requests for information.
When in doubt, reach out to SARS on an official direct channel or to your registered tax practitioner.
Ways to protect yourself include:
- Access SARS webpages directly: Don’t click links in emails, SMSs or WhatsApp. Instead, navigate via the SARS website directly, www.sars.gov.za and use official channels.
- Review submitted tax data: Always review and validate data and information on your tax return and profile (e.g. banking and contact details) to ensure that it is correct, especially data from third parties such as banks or employers that you did not provide directly.
- Never share sensitive information: OTPs, passwords, and bank details should remain private. SARS will never request these from taxpayers via calls, emails, text messages etc.
- Webcalls and remote access requests: Do not accept webcalls or other remote access requests on phones or PC’s unless you are 100% confident about the identity of the other person.
- Make tax payments only via SARS channels: Do not pay any outstanding taxes to account numbers provided in email or other communication. Always pay via your eFiling profile or check the different payment options on this SARS webpage.
- Check practitioner credentials: Ensure that if you are going to use a tax advisor, that the individual is registered with SARS and a recognised controlling body. You may verify the tax practitioner’s registration status via the SARS eFiling website and request that the tax advisor provide a letter of good standing from their recognised controlling body.
- Use strong cybersecurity practices:
- Strong and unique passwords;
- Multi-factor authentication; and
- Avoid public WiFi for accessing sensitive accounts – like your bank accounts, SARS eFiling, etc.
- Do not autocomplete or save login details for sensitive accounts
- Educate and support others: Assist elderly or less tech-savvy taxpayers and encourage family tax protocols whereby one or more family member is nominated to assist those family members who need such assistance with their tax affairs and in reviewing correspondence with SARS.
It is important to note that even with safeguards in place, there will always be fraudsters working hard at getting through newly implemented security measures. Therefore, it is important to stay informed via the SARS Scams & Phishing webpage, and regularly consult with trusted tax professionals to keep abreast of developments in this regard.
If you suspect that your computer, phone, banking details or eFiling profile, or that of a client, is compromised or has been accessed by an unauthorised person, this must be promptly reported as an identity theft case to the SAPS.
Immediately report via SARS’s Online Query System (SOQS) Report Digital Fraud option to lodge a case with SARS. This will ensure that any refund due to the affected taxpayer will be immediately stopped for investigating as soon as reported on SOQS. If you use the services of a Registered Tax Practitioner, also inform them so they can take the necessary risk management steps and be vigilant for further activity and will then be aware why SARS may block access to systems, suspend refunds or seek to validate details.
After reporting, also immediately change the passwords to suspected accounts from another device. If the device itself is suspected of being compromised, disconnect it from WiFi or 5G and change all the relevant passwords.
