Industry experts have warned South African businesses to expect a sharp increase in cybercrime during the upcoming festive season, further compounding the exponential growth in cyberthreats since COVID-19 forced many companies to implement remote working and compelled many organisations, including SARS, to curtail client visits to its branches and restrict client interaction to telephonic and digital methods.

In this article, we share the most common forms of cyberattacks and find that locally, cybercriminals frequently misuse the SARS brand to deceive unsuspecting companies and individuals. Find out here what steps you can take to safeguard your business this festive season.

“Cyber Attack: An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.” (CSRC – Computer Security Resource Center)

South African businesses, already facing significant risk of cyberattacks, have been warned to step up their cybersecurity as the festive season is expected to see significantly more and increasingly sophisticated cyberattacks. Below are listed some of the common types of cyberattacks.

Common cyberattacks

• Phishing (random fraudulent emails), spear phishing (emails targeting specific people or companies), vishing (voice phishing) and smishing (SMS phishing) – these all refer to fraudulent communications that appear to come from a reputable source, such as a bank or a government organisation, with the aim of tricking employees or individuals to share data, pay money to criminals or download malware.
• Malware – including viruses, worms, trojans, spyware, rootkits – typically used to breach a network when a user clicks a link or an email attachment from an apparently trusted source that then installs risky software.
• Ransomware attacks – ransomware infects networks and encrypts or locks data, allowing attackers to demand a ransom for unlocking or releasing the data.
• Hacking – including distributed denial-of-service attacks (DDoS) and keylogging.
• Man-in-the-middle (MitM) or eavesdropping attacks in which attackers insert themselves between a user’s device and a network to filter and steal data, commonly through unsecure public Wi-Fi and compromised devices.

SARS: a favourite cyberattack ruse

SARS says that there is a steady increase in scams and attacks in which the SARS brand is abused, via the Internet, emails, spoofed websites, SMSes, unsolicited telephone calls and even social networking sites such as Facebook, Twitter and others.

A firm criminal favourite are phishing scams involving false “spoofed” emails made to look as if they were sent by SARS. These fraudulent emails contain links to fake forms and malicious websites purporting to be authentic and lure unsuspecting taxpayers to disclose private and confidential information such as bank account details. Examples include emails that appear to be from “returns@sars.co.za” or “refunds@sars.co.za” indicating that taxpayers are eligible to receive tax refunds.

The latest scams involve smishing, which is phishing via SMSs, and vishing which most recently involves taxpayers being called by a person purporting to be a SARS employee to inform them that SARS owes them money.

Another common cyberattack approach involves refund scams in which identity thieves use a legitimate taxpayer’s identity to file a tax return and claim a refund fraudulently. Yet another threat involves cybercriminals using personal or company information to change the banking details on the taxpayers’ SARS profiles.

A further version involves criminals purporting to be SARS auditors or employees contacting businesses using all the means described above to inform taxpayers that they are under investigation and that an audit will be conducted.

SARS Tips for Improved Cybersecurity

• Do not open or respond to emails from unknown sources and beware of false SMSes.
• Be suspicious of emails and/or SMSes that request personal, tax, banking and eFiling details.
• SARS will not request your banking details, login credentials, passwords, pins, credit/debit card information, or other confidential information by phone, SMS, email or websites.
• SARS will never notify you about refunds by telephone, SMS or email.
• Immediately report a notice or letter from SARS that states:
  • More than one tax return has been filed in your name
  • You have a balance due; refund offset or have had collection actions taken against you for a year in which you did not file a tax return  
  • SARS records indicate you received a salary from an employer that you don’t work for
  • there has been a payment error or incorrect refund requiring you to deposit the “overpayment” into a bank account.

Speak to your accountant first!

It is easy for criminals to dupe unsuspecting taxpayers, and yet, at the same time, taxpayers should never simply dismiss or ignore a notice or demand from SARS as a scam.

The best line of defence against cyberattacks that misuse the SARS brand is to get advice before taking any action. If you suspect the legality of a particular communication or believe you have been contacted by a fake SARS representative, immediately contact your accountant, who will be able to verify the communication or report suspicious activity for you.

This will ensure that you never fail to respond timeously and correctly to legitimate SARS communications, while also safeguarding you from becoming a victim of a cyberattack, especially during the upcoming festive season which promises to be a busy one for cybercriminals.

We offer a wide range of specialist services, including Tax Compliance. Should you need our advice or assistance, contact our experienced Tax Department or your contact Partner at MGI Bass Gordon. Send an email to info@bassgordon.co.za or call us on 021 405 8500. 

The article is a general information sheet and should not be used or relied upon as professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your financial adviser for specific and detailed advice.