The South African tax season for non-provisional individuals kicks off next month. With the South African Revenue Service (SARS) pushing for the use of its online eFiling service, we are cautioning people to be on the look out for an increase in tax scams.
While local statistics are difficult to come by, the US Federal Trade Commission collects more than 1.4 million fraud reports annually totalling more than $1.48 billion of personal financial losses for individuals. It cites imposter scams, debt collection, and identity theft as the top three most prevalent causes for online fraud in 2018.
In South Africa, these are not the only threats to be aware of, we have seen a significant increase in ransomware, spyware, and even banking trojans that are compromising not only individuals, but organisations as well. And while it is absolutely critical to have some form of cyber security protection in place, social engineering still plays a massive role in tax fraud.
This is especially the case when it comes to spoofing or phishing emails, and even official-sounding text or WhatsApp messages. People need to be wary of providing any personal details, downloading any files, or clicking on any links without properly checking the authenticity of the source.
For its part, SARS provides consumers with a link to some of the latest scams and what to look for when it comes to phishing attacks. Yet, despite this, cyber crime will always be one of the most significant threats when it comes to any financial transactions online.
More recently, we have noticed an increase in unsolicited telephone calls that ask people to verify their personal details such as tax numbers and identity numbers. However, it is always best to get a reference number and phone SARS directly to mitigate any potential risks. And because it has become so easy to save documents in the cloud, people can be lulled into a false sense of security when it comes to submitting data using an online site.
This is where it becomes important to apply the basics of good cyber security practice. Hovering over the ‘from’ field in the email is one of the easiest ways to see if something comes from an official source. Also, check whether a Web site is authentic by either typing in the official name yourself or looking to see a secure padlock next to the address in the browser window. Other easy ways to spot a suspected scam is spelling mistakes in the documentation and a lack of contact details to confirm authenticity.
Being vigilant is vital as is ensuring the user’s device (whether it is a laptop, smartphone, or tablet) has good quality cyber security software installed and it is up to date with all the latest security patches. The increasingly connected world requires being more cautious than ever. To do any less, would be to risk losing significant amounts of money that will be difficult to recover.