Scamsters taking advantage of the new auto-assessment process introduced by the South African Revenue Service.
BEWARE of any e-mails informing you of a tax refund – they are likely to be fraudulent.
The tax filing season has brought with it a host of scamsters who will try anything to gain access to the money in your bank account. The new auto-assessment process introduced by the South African Revenue Service (Sars) may have exacerbated the problem, because taxpayers may think any e-mails or SMSes they receive are part of the new process.
The scam e-mail will tell you that you have received a tax refund from Sars – in many of these e-mails, the amount is around R8000. It will include a link, which will take you to a website that looks like an authentic Sars webpage, with links to the various banks.
If you click on a bank link, it will take you to a webpage that looks very similar to your authentic online banking site. You will be required to enter your log-in details, as you would when doing your online banking.
If you enter these details, you can expect unwelcome withdrawals from your bank account – the scamsters will have achieved what they set out to achieve.
This technique is known as phishing, and if you provide your log-in details and money is stolen from your account, your bank is unlikely to reimburse you.
So how do you know whether an e-mail is fraudulent or not?
First, Sars has your bank details as a taxpayer and will deposit any refund straight into your account. It may inform you via e-mail or SMS that such a refund has been made, but it will not require you to log in to your bank’s online banking site.
Second, you need to check the e-mail address of the sender. While the “name” of the sender may be an authentic-looking “Sars eFiling”, if you click on the name to ascertain the sender’s e-mail address, it will bear no relation to a Sars address.
Never log in to online banking unless you are 100% sure that you are on your authentic online banking site. These sites are secure, and will have a lock icon and/or the word “secure” in the webpage address (URL).
Always check with Sars or your bank if there is any doubt.