SARS Phishing Attack

Scams & Phishing Attacks

There is a steady increase in email scams and phishing attacks in which the SARS brand is being abused.  Members of the public are randomly emailed with false “spoofed” emails made to look as if these emails were sent from SARS, but are in fact fraudulent emails aimed at enticing unsuspecting tax payers to part with personal information such as bank account details”.  Examples include emails to appear to be from returns@sars.co.za, or refunds@sars.co.za indicating that tax payers are eligible to receive TAX refunds.  These emails contain links to false forms and false websites made to look like the “real thing”, but with the objective to fool people into entering personal information such as bank account details which the criminals then extract and use fraudulently.

Below are a few examples of scams. The latest scam (8 July 2010) is an email sent to customers. It is a fraudulent email, please delete the email immediately and do not click on the link in the email. Please scroll down to see the conditions under which SARS will engage with taxpayers.

How to Detect If a Website Is Fraudulent?

Examples of The Latest Phishing Scam Emails

• Congratulation !. Your R 4,282.50 Tax Refund Processed Today - 23 August 2010
• New Bank Details Scam (Letter) - 20 August 2010
• Congratulations On Your eFiling Tax Refund !!! - 17 August 2010  
• Refund Notification To The Listed Bank - 04 August 2010
• FNB R4,282.50 Tax Refund Process From Sars @ August 2010 - 04 August 2010
• Fax Scam  - 22 July 2010
• Email Alert (Tax Alert) - 20 July 2010
• Message Alert (Tax Refunds) - 08 July 2010
• South Africa Revenue Service - Allocations Refunds - 06 July 2010
• Compensation to Tax Refund Victims - 06 July 2010
• Confirmation From SARS - 01 July 2010
• Tax Refunds  - 30 June 2010
• Change of Banking details and payment method - 28 June 2010
• Tax Refund Notification - 23 June 2010
• Tax Rebate  - 21 June 2010
• FNB - R7,282.50 Tax Refund Process From SARS @ Jun 2010  - 18 June 2010
• SARS - Economic Stimulus Refund Program  - 05 June 2010
• Your E-Tax Refund Notification  - 01 June 2010
   

Please note these are scams and SARS taxpayers should take note of the following:

• Do not open or respond to emails from unknown sources.
• Beware of emails that ask for personal, tax, banking and eFiling details (login credentials, passwords, pins, credit / debit card information, etc) as SARS will never ask taxpayers for such information in an email.
• SARS will not request your banking details through websites.
• Beware of false sms's.

To report or to get more information on phishing, please send an email to phishing@sars.gov.za or call the Fraud and Anti-Corruption Hotline on 0800 00 2870.
 

Nice to know definitions:

Phishing:
Phishing is where an email is sent to a person by someone who is pretending to be a legitimate business and they are not. Through this email they hope to obtain the person’s private and confidential information which will then use for illegal purposes. This type of fraudulent behavior is more commonly known in legal terms as identity theft.

Spoofing:
As for spoofing, this is where the email header of a legitimate company will appear on a message in order that the person receiving it believes that it has originated from somewhere other than the actual source. This type of email is often sent out by spammers (notice we say spammers as opposed to scammers) in order that they may get those people who they send it to as a way of trying to get them to open up or even respond to what they are trying to sell. Where as phishing is an illegitimate method of trying to obtain a person’s personal information, with spoofing the person sending it can do so legitimately.

  Back to top  |   e-Mail this page  |   Print this page