It would be a mistake to think that these are somehow 'victimless' crimes; businesses suffer not just serious financial, but also severe reputational damage; some never recover. Individuals lose their hard-earned money, and sometimes their identities. Breached data has a snowballing effect because it is frequently used to commit further cybercrimes such as identity theft, phishing and government impersonation scams.
In the lead up to tax season, SARS (South African Revenue Services) has already warned of a sharp increase in scams targeting taxpayers aimed at getting us to disclose personal information that can be used to defraud us, as well as SARS.
While the disaster of the pandemic has somewhat abated, economic woes are accumulating globally; geopolitics remains on a knife-edge with war in Europe ongoing and a worldwide food catastrophe is looming.
Opportunities are rife for cybercriminals, and if you are not cyber-savvy, it would be wise to learn about and implement cyber hygiene strategies to properly protect yourself, your money and your personal and financial information.
What is well-known across the cyber security industry is that more often than not, a success for the bad guys happens because there's a good guy who made an unfortunate, but preventable mistake. It's important to note that over the next month or two, criminals will unleash a volley of bogus schemes and scams. They view every honest taxpayer as potentially easy prey. We need to be on guard all the time and help others in our lives to protect themselves.
Tax season is a prime opportunity for identity thieves to approach people with realistic-looking emails, SMSs and WhatsApp messages about their tax returns and refunds. But taxpayers need to be wary of these SARS impersonation scams, where criminals pose as SARS agents with the intention of stealing their victim's money or personal information. The latter can lead to identity theft — which allows scammers to file tax returns in their victims’ names and steal their tax refunds, in addition to other negative financial implications.
Common fraud tactics used by cybercriminals during tax season include SMS scams (‘smishing’), email scams (‘phishing’), phone scams (‘vishing’) and refund scams. Be on the lookout for professional-looking ‘tax return’ phishing emails impersonating SARS, which is in fact fraudulent communications enticing one to disclose specific information such as bank account details.
These email addresses may appear legitimate, for example they could be from returns@sars.co.za or refunds@sars.co.za so that they give the impression that they are legitimate. These emails contain links to mock-up forms and fake websites made to look like the “real thing”, but with the aim of fooling people into entering personal information which the criminals can then utilise in various ways. Links can also contain malware, and if you click, your device and all your data can be compromised.
Another tactic is to try to convince you that you are entitled to a rebate or refund from SARS.
The scammers, pretending to be from SARS, will ask you to make a small initial payment to cover administration fees or taxes, in order to claim the amount owed to you.
Check the SARS Scams and Phishing webpage for their updates on the latest bogus schemes. Report any suspicious contact or communication you receive to the SARS Fraud and Anti-Corruption Hotline on 0800-00-2870. To report or get information on phishing, you can email az.vog.sras@gnihsihp.