With the launch of the 2010 Tax Season, the South African Revenue Service (SARS) expects an increase in phishing scams using bogus emails purportedly from SARS which falsely promises taxpayers a refund or ask them to make electronic payments into a fraudulent bank account.
SARS is already aware of a fraudulent letter that is being circulated to taxpayers falsely claiming that SARS has changed its banking details for electronic payments and therefore taxpayers must use the account details given in that emailed letter to make electronic payments. This is a phishing scam and the SARS anti-corruption and Security unit (ACAS) is investigating the matter.
How this scam works: Taxpayers may receive a fake email(s) from addresses resembling the following: email@example.com, firstname.lastname@example.org or email@example.com. The email content may also include fake SARS forms or fake websites (which can only be accessible via the link given in the email by the fraudsters). Taxpayers may even receive fake SMSes informing them of refunds to be paid into their bank accounts. These purported SARS emails and SMSes will ask taxpayers to verify their details i.e. personal records, internet banking access account numbers, pin codes and passwords.
These phishing emails will contain a SARS logo, links to various local banks (all bogus, of course) and will entice the recipient to click on a relevant bank link and/or request the taxpayer to provide the abovementioned details in a reply email to the sender. This method used by hackers and criminals is called phishing. Once in possession of the taxpayer’s banking details, the fraudsters will have access to their bank accounts and therefore their money.
Advice to give to taxpayers:
- The South African Revenue Service will never ask South African taxpayers for their personal banking information via an e-mail. If a taxpayer is due a refund, SARS will deposit the refund into the bank account of the eligible taxpayer’s account automatically.
- Never access online banking via a link provided in an email. It is best practice to retype the web address directly onto your browser address bar.
- Never respond to these emails, but delete them immediately.
- South African Taxpayers can report phishing scams or suspicious emails to SARS IT Security via e-mail to firstname.lastname@example.org
- All suspicious incidents can also be reported to SARS via the SARS anti-corruption hotline: 0800 00 2870.
For more information and advice on SARS scams visit http://www.sars.gov.za/
Also check out the Junk Mail blog’s Safety & Security section for other scam warnings and information.