The scam is as old as electronic tax submissions: you get an email “Dear taxpayer, we could not process your R[ instert amount] tax refund. Your refund is now expiring. Please click here to update your particulars”. As times get harder, we can expect that such scams will increase in number – and sadly cause many new victims. These scams cleverly exploit the desire of any taxpayer for a tax refund, especially in these difficult times.
What the scam is about
This type of scam is called phishing. Phishing is a cybercrime where targets (general thousands at once) are contacted by email by someone posing as a legitimate institution. The aim is to lure individuals into providing personal sensitive data. Criminal can then use the data to commit crime. In the case of SARS refund scams, criminals impersonate SARS officials to trick taxpayers into revealing personal information, claiming that the data is necessary for processing a tax refund.
It is amazing that each year thousands still fall prey to it. The scam typically begins with an unsolicited email or SMS that appears to be from SARS. The email would inform recipients that they are eligible for a tax refund and they have to give out personal information to process the refund. Typically, the message has a link to a fraudulent website that very much like the official SARS site.
Once on the bogus site, the victim is then asked to enter personal information such as an ID number, bank account details, and even bank login credentials! The level of detail in these fake sites can be incredibly convincing, making it difficult for even the wary taxpayer to spot the fraud. This is compounded by the sense of urgency we all treat SARS correspondence with.
A Few Red Flags to Watch Out For
The first red flag is the unsolicited email itself. Many times, SARS has informed the public that they do not request personal, tax, banking, or eFiling details via email or SMS. So any communication claiming to be from SARS and asking for such information should be treated with suspicion – to say the least.
Another warning sign is the presence of hyperlinks or attachments in the message. Legitimate SARS communications do not include clickable links or require the downloading of files.
Bad English like grammatical errors, awkward phrasing, and misspellings in the email are an indicators of a phishing attempt. Professional communications from SARS are typically well-written and free of such glaring errors.
Finally, any messages that convey a sense of urgency or pressure to act quickly is often from a suspicious source. Phishers often try to create a sense of urgency to prompt actions without proper scrutiny.
How to protecting yourself
Protection against SARS refund phishing scams involves a combination of vigilance and good digital hygiene. Here are some steps to keep yourself safe:
1. Verify the Source: If you receive a message about a SARS refund, do not respond directly. Instead, contact SARS through their official channels to confirm the message’s legitimacy.
2. Do Not Click on Suspicious Links: Avoid clicking on links or downloading attachments from unknown or unverified sources.
3. Keep Personal Information Private: Never share personal, financial, or sensitive information via email or SMS.
4. Use Secure Websites: When accessing financial information or conducting transactions, ensure the website is secure (look for “https” in the URL and a padlock icon).
5. Regular Updates and Security Software: Keep your computer and mobile devices updated with the latest security software, browsers, and operating systems.
6. Education and Awareness: Stay informed about the latest phishing tactics and educate family and friends about the dangers of such scams.
In the fight against phishing scams, knowledge and caution are your best defenses. By staying informed, vigilant, and skeptical of unsolicited communications, you can protect yourself against the cunning deceptions of SARS refund phishing scams and safeguard your personal and financial well-being. Remember, when it comes to your sensitive information, it’s always better to err on the side of caution.