This Halloween, Stay Safe From eFiling Profile Hijackings

/in /by

“Profile hijacking points to pervasive cybercrime with global links.” (Edward Kieswetter, SARS Commissioner)

The Tax Ombud has again warned South Africans about the concerning increase in eFiling profile hijackings, which has spurred the Office of the Tax Ombud (OTO) to launch a survey of taxpayers’ experiences and a systemic investigation into SARS.


What is eFiling profile hijacking? 

eFiling profile hijacking involves cybercriminals gaining unauthorised access to taxpayers’ SARS eFiling accounts. Once inside, they change the security details and banking information, and submit fraudulent tax returns to redirect the refunds into their own accounts.

Methods such as SIM swaps and phishing are commonly employed to get access to taxpayers’ eFiling profiles. Using calls and fraudulent SARS text messages, emails and letters of demand, scammers pose as SARS officials or tax advisors, often pretending to want to assist taxpayers to get their SARS refunds.

Concerns have also been raised about possible internal fraud and insider involvement at SARS and certain banks.


SARS systemic investigation

While SARS acknowledges the rise in eFiling profile hijackings, it emphasises that although individual profiles have been compromised, the SARS system itself has not been breached.

SARS adds that additional security measures have been implemented and that it is collaborating with financial institutions and the OTO to combat the scourge of profile hijacking.


How to safeguard your eFiling profile

SARS has issued the following advice:

  • Avoid sharing your eFiling login details. SARS will never request OTPs, passwords or bank details via calls, emails or text messages.
  • Use strong and unique passwords and update them regularly.
  • Enable two-factor authentication for an additional layer of security.
  • Regularly check your eFiling profile and submitted returns for any unauthorised changes.
  • Verify your bank account on eFiling before a refund is paid, even if there was no change to the banking details.
  • If you suspect your profile has been hijacked, change your login credentials promptly using another device, and report it immediately to SARS and to the SAPS as an identity theft case.