At the end of 2021 the South African Revenue Service (SARS) issued a media release stating that SARS were aware of several incidents where fraudulent or unauthorized changes of tax practitioners and /or individuals’ eFile profiles have been made with the sole intention to defraud SARS and affected taxpayers.
With the end of 2022 nearing fast it seems as if the fraudsters are at it again, even though SARS implemented numerous changes to ensure the integrity of the SARS systems. As we all know when a door is closed for a criminal, they will search until they get the next open one. Just think of how many conversations you have had with colleagues, friends and family regarding funds taken out of a bank account of somebody you know or heard off. Cyber hacking is part of our lives just as high inflation, high petrol prices and high unemployment figures.
Protect your tax profile:
In April this year SARS assured taxpayers again that they have robust security systems protecting taxpayer’s information. Your information held by SARS can only be accessed using proven authentication methods, such as using unique usernames and passwords and access confirmation using one-time passwords (OTPs). According to SARS fraudsters are using a range of deceptive methods to get taxpayers to unknowingly provide them with personal information which are used to defraud the taxpayer and SARS.
This article is to reiterate the importance that all tax practitioners and taxpayers must always be vigilant regarding all information (personal or otherwise) relating to eFile profiles.
Depending on the amount of information the fraudsters manage to obtain, they may use the information for, amongst other things:
- To access your eFile profile and change banking details and mobile phone numbers to divert refunds to other accounts and to ensure the OTPs are received on the mobile phones only they have access to.
- The fraudsters can also, after changing the contact and bank details, inflate figures on your tax return to generate refunds in your name, that will be paid out into the “new” bank account.
- The fraudsters can use the information to register you as a taxpayer with SARS through which false returns are submitted to generate refunds from SARS which will impact, often to your determent, your tax status.
The following are suggestions of what you need to do to protect yourself and your personal and business information:
- Always use common sense – if you are uneasy about communication received, treat it as suspicious and do not respond to it.
- SARS officials will not ask you for information, such as ID numbers, tax numbers, etc, which are already in SARS’s possession. Neither will SARS ask you for your banking details and bank account access details such as PIN numbers or for your eFile password. Such information should not be provided to anyone over the phone or via email.
- If a person contacts you claiming to be from SARS, ask them for their contact details – email address (which must be in this format – email@example.com) and office telephone numbers. Ask the caller to send you an email using their SARS email address. Contact SARS using contact numbers provided on the SARS website (www.sars.gov.za) and ask to speak to the person who called you.
- If you receive an email which claims to be from SARS, check the email address – it must end with ….@sars.gov.za
- Do not contact persons offering their services on any social media platform where they ask you to contact them via WhatsApp direct message (DM) or phone only. Should you have any tax related enquires contact SARS directly or make use of a registered tax practitioner.
- Do not open any email, SMS or messaging links which you cannot confirm originated from SARS.
- Ensure that the phone and computer which you use to contact SARS and to access your eFile profile has suitable anti-virus software.
- Ensure you have a strong eFile password (alpha-numeric with a minimum of eight characters) which is safeguarded. It should not be shared and must be changed regularly.
- Activate the One-Time-Pin (OTP) security feature on your eFile profile.
- Do not use the same passwords on different platforms (e.g., Facebook, Banking, etc).
- Do not share your password and username.
- Do not save your username and password in the browser used to access your efile profile.
- Access your eFile profile regularly to check if access to it has not been disrupted in any way.
- Avoid accessing your eFile profile on public wifi hotspots.
- You must log-off completely after accessing your eFile profile
It is your responsibility to safeguard your personal information.
Should you receive a suspicious email, and not open any links in it and forward it to firstname.lastname@example.org.
If you receive the following e-mail from SARS and you, nor your tax practitioner, are aware of any changes that needs to be made, you need to contact SARS immediately.
“The Registered Particulars of (your detail) have been updated. Your updated Registered Particulars can be viewed on eFiling. If you did not request these changes, please contact the SARS Contact Centre 080 000 7277 or visit any of the SARS branches.”
To report any suspicious activities related to your SARS profile, or if you are aware of anyone offering services to obtain illegal tax refunds or to use bank accounts to receive tax refunds, you should report that to the SARS Fraud and Anti-Corruption Hotline — 0800-00-2870
You can contact Adri Britz (Tax Compliance Manager) at email@example.com if you have any queries.
SARS small pocket guide – Protect-Your-Tax-Profile.pdf