SARS Issues Urgent Warning to Taxpayers Amid Rising Cybercrime Threat

Escalating Threat of eFiling Profile Hijacking

The South African Revenue Service (SARS) has issued a critical warning to taxpayers regarding a surge in cybercriminal activities, specifically targeting eFiling profiles. This escalating threat has resulted in significant financial losses for individuals and businesses across South Africa. The revenue service, in a joint statement with the Office of the Tax Ombud (OTO), emphasized the sophisticated nature of these attacks and the ongoing efforts to combat them.

Cybercriminals are employing various methods, including phishing, vishing, and other social engineering tactics, to gain unauthorized access to taxpayer accounts. Once compromised, these profiles are used to alter banking details, redirect tax refunds to fraudulent accounts, and even submit fraudulent returns.

Modus Operandi of Cybercriminals

The methods used by these syndicates are constantly evolving and becoming more sophisticated. Taxpayers are often targeted through deceptive communications, such as emails, SMS messages, or WhatsApp messages, that impersonate SARS. These messages frequently contain malicious links or attachments, or request personal and login details under false pretenses, such as claiming an audit is underway or that details need verification.

Key tactics include:

• Phishing links: Directing users to fake websites designed to harvest sensitive information.
• Vishing and social engineering: Tricking taxpayers into revealing login credentials or personal data over the phone or through manipulative interactions.
• Malware installation: Through deceptive links or attachments, installing malicious software on devices to steal information.
• Fake taxpayer profiles: Creating entirely new fraudulent profiles using stolen identity numbers.

SARS Commissioner Edward Kieswetter noted that investigations into eFiling profile hijacking cases have pointed to perpetrators tied to syndicates with 'global links', underscoring the pervasive nature of this cybercrime.

SARS and OTO's Collaborative Response

Both SARS and the OTO have acknowledged the seriousness of the issue, with the OTO having investigated cases of profile compromise for over a year following numerous complaints from taxpayers and practitioners. The OTO is set to publish a draft report on October 1, 2025, which will reflect extensive investigations and aim to provide practical solutions to combat the problem.

SARS has taken several measures to bolster its systems and protect taxpayer information:

• Implementation of Multi-factor Authentication (MFA).
• Strengthening of password rules and introduction of biometric authentication.
• Establishment of a specialized Digital Fraud Unit and a dedicated Digital Fraud team to manage reported cases.
• Continuous assessment of system weaknesses and collaboration with financial institutions.

SARS maintains that it has built internationally recognized systems to safeguard taxpayer information and ensure internal accountability, finding no evidence of complicity by its staff in these incidents.

Advice for Taxpayers

To mitigate the risk of falling victim to these cybercrimes, SARS urges taxpayers to exercise extreme vigilance. Key recommendations include:

• Never share login credentials, One-Time Pins (OTPs), or personal information with anyone, even if they claim to be from SARS.
• Use strong and unique passwords for eFiling profiles and change them regularly.
• Activate Multi-factor Authentication (MFA) on eFiling accounts.
• Always access eFiling through the official SARS website (www.sars.gov.za) or the SARS eFiling mobi app.
• Do not click on suspicious links or attachments in emails, SMSes, or WhatsApp messages. SARS will never send hyperlinks to other websites or request banking details via these channels.
• Report any suspected eFiling profile compromise immediately via the SARS Online Query System or by contacting the SARS Contact Centre on 0800 00 7277.

Upon reporting, SARS will place a stopper on the eFiling profile to prevent any tax refunds from being paid until the case is fully resolved.