%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20240924210853+00'00') /ModDate (D:20240924210853+00'00') /Title (Report 09-2024) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Length 3515 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 269.942 521.469 476.792 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 270.317 520.719 476.042 re S 0.773 0.773 0.773 rg 61.016 285.692 m 550.984 285.692 l 550.984 286.442 l 61.016 286.442 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(SARS PHISHING E-MAIL)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(December 06,2017)] TJ ET BT 182.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 197.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(Take note that a phishing e-mail promising a SARS payback is circulating on campus. Below is an example of the e-mail )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(sent from a legitimate looking @sars.gov e-mail address with a web page attached which the receiver should click on and )] TJ ET BT 61.016 615.442 Td /F4 9.0 Tf [(complete. )] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(Please )] TJ ET BT 91.031 595.453 Td /F1 9.0 Tf [(do not click on the )] TJ ET BT 173.048 595.453 Td /F4 9.0 Tf [(html)] TJ ET BT 190.049 595.453 Td /F1 9.0 Tf [( file or enter any personal information.)] TJ ET BT 354.092 595.453 Td /F4 9.0 Tf [( SARS would contact you via SMS if \(in the )] TJ ET BT 61.016 584.464 Td /F4 9.0 Tf [(unlikely event\) they want to pay you money.  )] TJ ET BT 61.016 564.475 Td /F4 9.0 Tf [(Also look out for the telltale signs of a phishing e-mail below:)] TJ ET BT 78.360 544.502 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 544.486 Td /F4 9.0 Tf [(Addressed to a generic name - "Dear Taxpayer". SARS would at least include your full name and tax reference )] TJ ET BT 91.016 533.497 Td /F4 9.0 Tf [(number.)] TJ ET BT 78.360 522.524 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 522.508 Td /F4 9.0 Tf [(Grammar, spelling or punctuation errors. )] TJ ET BT 78.360 511.535 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 511.519 Td /F4 9.0 Tf [(SARS won't ask you to complete any forms. They already have your information.)] TJ ET 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 500.321 m 306.516 500.321 l 305.766 499.571 l 305.766 499.571 l f 1.000 1.000 1.000 rg 1.000 1.000 1.000 RG 305.016 498.071 m 306.516 498.071 l 305.766 498.821 l 305.766 498.821 l f 306.516 500.321 m 306.516 498.071 l 305.766 498.821 l 305.766 499.571 l f 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 500.321 m 305.016 498.071 l 305.766 498.821 l 305.766 499.571 l f 0.153 0.153 0.153 rg BT 61.016 480.280 Td /F2 9.0 Tf [(Dear Taxpayer,)] TJ ET BT 61.016 460.291 Td /F2 9.0 Tf [( )] TJ ET BT 61.016 440.302 Td /F2 9.0 Tf [(After calculations of last year annual fiscal activities,we realised that you are eligible to receive a Tax refund of R9,250.75. )] TJ ET BT 61.016 429.313 Td /F2 9.0 Tf [(please download the attached Tax refund form REFUNDSARS.html and complete the process of your Tax refund. )] TJ ET BT 61.016 418.324 Td /F2 9.0 Tf [(Note:the refund will take 48hours to reflect in your account.)] TJ ET BT 61.016 398.335 Td /F2 9.0 Tf [( )] TJ ET BT 61.016 378.346 Td /F2 9.0 Tf [(Thank you,)] TJ ET BT 61.016 358.357 Td /F2 9.0 Tf [( )] TJ ET BT 61.016 338.368 Td /F2 9.0 Tf [(South Africa Revenue Services \(SARS\))] TJ ET BT 61.016 318.379 Td /F2 9.0 Tf [(Tom Moyane Commissioner)] TJ ET 0.400 0.400 0.400 rg BT 61.016 299.890 Td /F2 9.0 Tf [(Posted in:E-mail,Security | Tagged:Phishing,Sars,SARS E-mail | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj xref 0 12 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000472 00000 n 0000000535 00000 n 0000004102 00000 n 0000004214 00000 n 0000004329 00000 n 0000004449 00000 n trailer << /Size 12 /Root 1 0 R /Info 5 0 R >> startxref 4557 %%EOF SARS e-mail « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

SARS e-mail

Phishing attempt: “SARS eFiling Letter notification”

Thursday, January 31st, 2019

An email with the subject “SARS eFiling Letter Notification” was sent from a staff email to staff and students on campus. The email asks you to click on a link to download your SARS documents (See example below)

This is not a legitimate SARS email, but a phishing attempt from a compromised sun email account.

SARS will never ask you to provide any personal information by means of email. By clicking on links and providing your information, you give criminals access to your personal information and your accounts.

If you clicked on the link in this phishing email, immediately change your password on www.sun.ac.za/password. For enquiries contact the IT Service Desk by logging a request or calling 808 4367. More information on phishing is available on our blog and Twitter.

Click for a larger version.
Email

Tags: , ,
Posted in E-mail, phishing, Security | Comments Off on Phishing attempt: “SARS eFiling Letter notification”

SARS phishing e-mail

Monday, June 12th, 2017

Take note that a phishing e-mail promising a SARS payback is circulating on campus. Below is an example of the e-mail sent from a legitimate looking @sars.gov e-mail address with a web page attached which the receiver should click on and complete. 

Please do not click on the html file or enter any personal information. SARS would contact you via SMS if (in the unlikely event) they want to pay you money.  

Also look out for the telltale signs of a phishing e-mail below:

  1. Addressed to a generic name – “Dear Taxpayer”. SARS would at least include your full name and tax reference number.
  2. Grammar, spelling or punctuation errors. 
  3. SARS won’t ask you to complete any forms. They already have your information.

Dear Taxpayer,

 

After calculations of last year annual fiscal activities,we realised that you are eligible to receive a Tax refund of R9,250.75. please download the attached Tax refund form REFUNDSARS.html and complete the process of your Tax refund. Note:the refund will take 48hours to reflect in your account.

 

Thank you,

 

South Africa Revenue Services (SARS)

Tom Moyane Commissioner

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on SARS phishing e-mail

Tax season = cyber scams

Friday, July 24th, 2015

Only people with an unusual desire for pain and discomfort look forward to a trip to the dentist. The same goes for tax.

Criminals know this and prey on our vulnerability. Every year at this time, e-mails like the one below end up in SU staff inboxes. It informs you that the taxman owes you money and all you have to do to receive it, is to click on a link.

This is a scam, and you should never respond or go to the site or open up the attached file, as this could compromise your banking security.

  1. SARS has your banking details on record and keeps it in secure and encrypted form. They do not need you to confirm or enter your banking details.
  2. SARS will always either SMS or send you a registered letter in the post to inform you of tax returns. They will never contact you by unsecured e-mail.
  3. They also have enough data to address the mail to you PERSONALLY and not via some vague “Dear Taxpayer” or “Good Day” salutation.
  4. There is no EFiling@sars.gov.za address.
  5. The attached file is usually a html (webpage) file and will connect you to a server controlled by the criminals. This server downloads a Trojan virus to your computer that will install software, malware and do all sorts of nasty things to your computer and data. Another tactic is to present you with a “login page” where you enter your banking account details, your PIN code etc.
  6. Unless you have added your university e-mail address as the primary contact address on the SARS system, you should never receive mail on your university account.

This phishing scam will allow the criminals to log into and take control of your bank account via the internet.

They can create themselves as beneficiaries, transfer your money to their account, and then delete the evidence pointing to their account.

These scam e-mails will never stop. It is always difficult to block them too because scammers change their addresses, details and methods on a daily basis. So it is always best to dump these mails in the junk mail folder, blacklist the sending domain and delete the mail immediately.

Why do these criminals continue to send their mail? Because they catch people regularly. In 2012 R14+ million was stolen from South Africans alone using phishing tactics such as this one.

Also read more on this on the mybroadband website.

EXAMPLE OF E-MAIL:

From: SARS eFiling [mailto:eFiling@sars.gov.za]
Sent: Saturday, 27 June 2015 10:14
Subject: Your account has been credited with R3,167.14
efiling

Your account has been credited with R3,167.14

Please click below to accept and verify payment.

Accept Payment

During this process, there will be verifications. If you don’t receive codes on time, come back to finish verification when received

SARS eFiling

[ARTICLE BY DAVID WILES]

Email

Tags: , , ,
Posted in Security | Comments Off on Tax season = cyber scams

SARS e-mail may fool users

Tuesday, October 15th, 2013

For some lucky people, it is time for the tax returns from SARS. The criminals know it too and every year at this time, users will get emails allegedly from SARS promising tax returns and asking you to click on a link, log in and provide your bank account details and password so they can pay you money!

This is a scam, and you should never respond or go to the site or open up the attached file, as this could compromise your banking security.

  1. SARS has your banking details on record and these are stored in secure and encrypted form. They do not need you to confirm or enter your banking details.
  2. SARS would always either SMS or send you a registered letter in the post to inform you of tax returns, etc. They would never contact you via unsecured e-mail, and furthermore they have enough of your data to address the mail to you PERSONALLY and not via some vague “Dear Taxpayer” salutation.
  3. There is no returnfund@sars.co.za address
  4. The attached file is usually a html (webpage) file that gives you a forged webpage sitting on the criminals server somewhere overseas.
  5. The amount that they promise to pay you is always something like R9,250.75
  6. Unless you have added your university e-mail address as the primary contact address on the SARS system you should never get mail on your university account.

If you do go to this site and you do enter in your banking account details, credit card details, passwords etc, this will allow the criminals to log into your bank account via the internet, and take control over your bank account. They will create themselves as beneficiaries and then transfer all your money to their account, and then delete all the evidence pointing to their account.

These scam e-mails will never stop. It is always difficult to block them too because scammers change their addresses, details and methods on a daily basis. So it is always best to dump these mails in the junk mail folder, blacklist the sending domain and delete the mail immediately.

Why do these criminals continue to send their mail? Because they catch people regularly. In 2012 South Africa was the 5th most phished country in the world behind India, Canada, the USA and the UK, with estimated figures of R14 million being stolen from South Africans last year alone.

 

[ARTICLE BY DAVID WILES]

Email

Tags: , , ,
Posted in E-mail, Security | Comments Off on SARS e-mail may fool users

 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.