Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Tax season often equals tax scams

Issue 5 2020 Information Security

It’s time to file that tax return at SARS. While many of us cannot wait for our refunds, this is also a time of the year when cybercriminals are waiting to attack. Sadly, with the tax season comes tax scams with cybercriminals seeking to steal your tax refund.

Carey van Vlaanderen, CEO at ESET South Africa, explains: “While we like to think we have become wiser to email spams and scams, cybercriminals are often in the perfect position to ‘fine tune’ their attacks. If one attack doesn’t work, they simply adapt and improve, and then spam it out again.”

ESET offers the following tips to stay safe during the tax return season:

Are you worried you’re being phished? Look at the bait. Always look at who the email is from. It’s possible to fake any email address, but not all phishers are this clever – they may use a random email address that gives the game away. Check the link that you’re supposed to click by hovering your mouse over it to display a pop-up message with the real link in it. Look closely. Does the address make sense? If any alarm bells start to ring, don’t click.

Tax returns, invoices, wedding invitations – cybercriminals use them all. To a cybercriminal, nothing is sacred – wedding invitations, invoices and tax returns are all commonly used tactics. Always think hard before opening any attachment – even ones that seem to come from friends. It’s unlikely that SARS are asking you to refile your tax returns so please do not click.

Be extra careful around short URLs. If there isn’t a cap on the number of letters, why has someone shortened the link? You cannot take it for granted that URL shortening services are redirecting you to trustworthy websites.

Telephone numbers are not a guarantee an email is real. Do not trust professional looking emails where there is a phone contact number – this is often another cybercriminal trick. The number may work, but you will be connected to a scammer who will attempt to fool you into handing over further details.

Don’t auto-load images. Leave your email messages so your images aren’t automatically downloaded – otherwise you could be sending a signal to spammers. Images are often stored on the spammer’s servers and can be unique to your email. By turning on pictures in an email your computer downloads the images from the spammer’s servers, showing that you exist.

Is SARS really calling? It’s doubtful SARS will be calling you and they definitely are not going to offer any sort of gift card for filing early. If you get weird emails or phone calls, ignore them, or hang up. Always follow your gut.

Encryption is the only way to go. If you file online, look for encrypted websites. Make sure the website you’re visiting has HTTPS in front of the URL. Typically, it will have a green or grey lock showing it’s a secure connection. The last thing you want to do is share your extremely private information associated with taxes unless you’re on an encrypted website.

Did someone beat you to filing your tax return? Identity theft is growing. In the USA alone, almost 60 million people have been affected – that is more than 1 in every 6 Americans. Cybercriminals will use any opportunity to monetise the effort they have taken to steal an identity, and at this time of year it’s probably tax identity theft for the purposes of tax refund fraud.

The cybercriminal’s target is not only the individual but also the tax professionals who prepare and file taxes for many clients, potentially providing a single place for a cybercriminal to gain all the necessary data to file returns for many individuals. It’s important that good data security practices and technology are in place for both individuals and tax professionals, and are reviewed for effectiveness on a frequent basis.

“The next time a person or website requests personal data, ask some questions: do they really need it, how long will they store it, will it be protected, do I trust them to secure it?” says van Vlaanderen. “The collection of personal data is, for some, a business that provides great rewards. As consumers, we need to engage in the protection of our identity by being less willing to hand over our data to just about anyone who requests it.”

In a nutshell, to protect yourself, use up-to-date security software as offered by ESET, strong and unique passwords or passphrases, and encryption; and avoid phishing scams by checking links and following your gut. Reporting scams to the relevant authorities allows them to ascertain the scale of the issue and potentially track down the perpetrators and bring them to justice.




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Integrated security key to protecting cloud applications
Infrastructure Information Security
Cloud-native applications have transformed the way businesses operate, enabling faster innovation, greater agility, and enhanced scalability. Yet this evolution brings an equally complex security landscape.

Read more...
Factories, grids, and finance: Critical infrastructure cyber lessons of 2025
Asset Management Information Security Industrial (Industry)
Africa has seen an accelerated, large-scale digitisation of our overall industrial base, and this rapid convergence of IT and OT is happening on a foundation that, in essence, was not designed to be cybersecure.

Read more...
Axis signs CISA Secure by Design pledge
Axis Communications SA News & Events Surveillance Information Security
Axis Communications has signed the United States Cybersecurity & Infrastructure Security Agency’s (CISA) Secure by Design pledge, signalling the company’s commitment to upholding and transparently communicating the cybersecurity posture of its products.

Read more...
Eight African cybersecurity trends for 2026
Information Security
Check Point Software Technologies has released eight critical trends shaping Africa’s digital turning point in 2026, noting that their implementation will require the government, the private sector, and key civic institutions to cooperate.

Read more...
The year of the agent
Information Security AI & Data Analytics
The dominant attack patterns in Q4 2025 included system-prompt extraction attempts, subtle content-safety bypasses, and exploratory probing. Indirect attacks required fewer attempts than direct injections, making untrusted external sources a primary risk vector heading into 2026.

Read more...
AI cybersecurity predictions for 2026
AI & Data Analytics Information Security
The rapid development of AI is reshaping the cybersecurity landscape in 2026, for both individual users and businesses. Large language models (LLMs) are influencing defensive capabilities while simultaneously expanding opportunities for threat actors.

Read more...
SMARTpod Talks to Check Point Technologies about the African Perspectives on Cybersecurity report
SMART Security Solutions News & Events Information Security Videos
SMART Security Solutions spoke with Check Point's Hendrik de Bruin about the report, the risks African organisations face, and some mitigation measures.

Read more...
Securing the smart fleet
Information Security Transport (Industry) Logistics (Industry) IoT & Automation
Contributing around 10 to 12% of South Africa’s GDP, the transport and logistics sector supports almost every part of the country’s economic activity. The stakes for keeping these systems secure are higher than ever before.

Read more...
Who are you?
Access Control & Identity Management Information Security
Who are you? This question may seem strange, but it can only be answered accurately by implementing an Identity and Access Management (IAM) system, a crucial component of any company’s security strategy.

Read more...
Check Point launches African Perspectives on Cybersecurity report
News & Events Information Security
Check Point Software Technologies released its African Perspectives on Cybersecurity Report 2025, revealing a sharp rise in attacks across the continent and a major shift in attacker tactics driven by artificial intelligence

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.