With South Africa’s tax season now open, Kaspersky is urging citizens and businesses to remain vigilant against a rise in phishing scams that mimic SARS-related communications. Auto-assessments have started rolling out and cybercriminals are already exploiting this window to trick taxpayers into disclosing personal or financial information.
Kaspersky warns that phishing scams (fraudulent emails or messages designed to steal sensitive data) are becoming harder to detect, especially as cybercriminals develop convincing SARS lookalike messages. Kaspersky has already identified various scams, many of which appear as urgent tax refund notifications or eFiling alerts, complete with official logos, realistic language, and links to fake SARS portals.
An example of a phishing page regarding a ‘false’ tax refund due. Scammers push a sense of urgency in the hopes of ticking users into clicking the link
An example of a phishing letter aimed to steal credentials.
“Phishing remains one of the most common and effective cyber threats in South Africa. Cybercriminals prey on the pressure and complexity of the tax season, sending emails that claim to be from SARS and asking users to open attachments or click on links to confirm personal details. These often lead to malware infections or credential theft,” says Chris Norton, General Manager for Sub-Saharan Africa at Kaspersky.
According to a recent Kaspersky study, phishing accounted for 67% of cyber incidents reported by local companies over the past year, with a 29% year-on-year increase in various cyberattacks overall. Globally, the company blocked nearly 900 million phishing attempts in 2024 alone, a reminder of how widespread and sophisticated these attacks have become.
“Additionally, now AI helps attackers write better emails, empowers them to automate scam websites, while in the short time this can go as far as personalising messages and mimicking SARS voice prompts during call scams. These attacks are no longer riddled with grammar mistakes. They are professional, timely, and dangerous,” adds Chris Norton.
How to stay safe this tax season
To protect against tax-related phishing scams, Kaspersky recommends the following practical steps:
- Think before you click: Always check the sender’s address. SARS will never ask for personal, tax, banking or eFiling details via email or SMS.
- Go directly to source: Access eFiling services by typing www.sars.gov.za into your browser, not by clicking on links in unsolicited emails.
- Avoid downloading attachments: Be cautious of emails that urge you to open PDFs, ZIP files, or invoices claiming to be from SARS.
- Use updated security software: Tools like Kaspersky Next or Kaspersky Premium offer real-time detection of suspicious activity and block known phishing sites.
- Stay informed: SARS regularly posts alerts about known scams at sars.gov.za. Checking these updates can help you spot the latest threats.
- Report phishing attempts: If you suspect a scam, report it to SARS at phishing@sars.gov.za and to your IT administrator if you're part of an organisation.
For those who may already have clicked on a phishing link or provided information, Kaspersky advises immediate action: change your SARS and banking passwords, enable two-factor authentication, and scan your device for malware. Additional guidance is available via Kaspersky’s phishing response resource: What to do if you're a phishing victim.
“Tax season does not have to be risky. With greater awareness, updated software, and a healthy dose of scepticism, South Africans can protect themselves from even the most sophisticated scams,” concludes Chris Norton.
