Criminals and possibly syndicates are taking advantage of the close of the tax season, and the South African Revenue Service (SARS) has warned taxpayers to be on the look out.
Several members of ITWeb's staff received an e-mail in their inboxes yesterday, claiming to be from SARS and offering the recipient a tax refund. The mail provided a link to a realistic-looking site that asked for personal details, including debit or credit card and PIN numbers.
The revenue service responded quickly to the scam and the site is now down; however, it is unclear how long the scam had been in action. According to SARS spokesman Adrian Lackay, it is not sure how many people have fallen for the scam since it was only picked up late yesterday.
“SARS would like to caution taxpayers against a number of scams currently under way, which seek to defraud taxpayers of money, or to obtain their bank and other personal details,” he adds.
However, the scam ITWeb received is not the only one doing the rounds. Lackay says there is a second one aimed at VAT vendors and also uses a copied SARS eFiling letterhead. It requests that VAT vendors make all VAT payments into a fraudulent bank account.
SARS has referred both matters to the South African Police Service and, according to Lackay, a criminal investigation is under way.
How it works
ITWeb traced the first scam to a hacked Microsoft business server in the US, on AT&T's network. Phishing sites are typically placed on hacked Web servers where security has not been properly administered.
Often the owner of the server is unaware they are hosting a phishing site for criminals.
These kinds of scams are common during and after the filing season, because criminals pay close attention to the communication that SARS sends during the period, it says. They then try to accurately mimic the tone, look and feel.
However, Lackay says taxpayers who receive these mails should be more vigilant. “You should be able to tell the difference between a valid communication from SARS and one of these scams. There are telltale signs on the mails that show it is not from SARS.”
What to do
The scam that ITWeb received came from refund@sars.co.za, the first sign that the mail was fake, because the actual domain for SARS is .gov.za. The link to the phishing site also did not contain any reference to SARS.
Lackay says another sign is that the mail asked for banking details, something SARS will never do. He adds that any kind of financial transfer will be handled in a formal manner. “If a refund is due to the taxpayer, SARS automatically pays the refund into the taxpayer's bank account.”
If banking details are incorrect, taxpayers will have to visit a SARS branch office with supporting documents to correct the bank account details. “This Internet thing is ridiculous. People should be able to distinguish between what is real and what is a scam.”
The service has asked affected taxpayers to contact its anti-corruption and fraud hotline on 0800 002870.
Related stories:
E-filing withstands last-minute rush
eFiling gains momentum
Malware attacks on the rise
Share