Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

SARS e-mail

Phishing attempt: “SARS eFiling Letter notification”

Thursday, January 31st, 2019

An email with the subject “SARS eFiling Letter Notification” was sent from a staff email to staff and students on campus. The email asks you to click on a link to download your SARS documents (See example below)

This is not a legitimate SARS email, but a phishing attempt from a compromised sun email account.

SARS will never ask you to provide any personal information by means of email. By clicking on links and providing your information, you give criminals access to your personal information and your accounts.

If you clicked on the link in this phishing email, immediately change your password on www.sun.ac.za/password. For enquiries contact the IT Service Desk by logging a request or calling 808 4367. More information on phishing is available on our blog and Twitter.

Click for a larger version.

SARS phishing e-mail

Monday, June 12th, 2017

Take note that a phishing e-mail promising a SARS payback is circulating on campus. Below is an example of the e-mail sent from a legitimate looking @sars.gov e-mail address with a web page attached which the receiver should click on and complete. 

Please do not click on the html file or enter any personal information. SARS would contact you via SMS if (in the unlikely event) they want to pay you money.  

Also look out for the telltale signs of a phishing e-mail below:

  1. Addressed to a generic name – “Dear Taxpayer”. SARS would at least include your full name and tax reference number.
  2. Grammar, spelling or punctuation errors. 
  3. SARS won’t ask you to complete any forms. They already have your information.

Dear Taxpayer,

 

After calculations of last year annual fiscal activities,we realised that you are eligible to receive a Tax refund of R9,250.75. please download the attached Tax refund form REFUNDSARS.html and complete the process of your Tax refund. Note:the refund will take 48hours to reflect in your account.

 

Thank you,

 

South Africa Revenue Services (SARS)

Tom Moyane Commissioner

Tax season = cyber scams

Friday, July 24th, 2015

Only people with an unusual desire for pain and discomfort look forward to a trip to the dentist. The same goes for tax.

Criminals know this and prey on our vulnerability. Every year at this time, e-mails like the one below end up in SU staff inboxes. It informs you that the taxman owes you money and all you have to do to receive it, is to click on a link.

This is a scam, and you should never respond or go to the site or open up the attached file, as this could compromise your banking security.

  1. SARS has your banking details on record and keeps it in secure and encrypted form. They do not need you to confirm or enter your banking details.
  2. SARS will always either SMS or send you a registered letter in the post to inform you of tax returns. They will never contact you by unsecured e-mail.
  3. They also have enough data to address the mail to you PERSONALLY and not via some vague “Dear Taxpayer” or “Good Day” salutation.
  4. There is no EFiling@sars.gov.za address.
  5. The attached file is usually a html (webpage) file and will connect you to a server controlled by the criminals. This server downloads a Trojan virus to your computer that will install software, malware and do all sorts of nasty things to your computer and data. Another tactic is to present you with a “login page” where you enter your banking account details, your PIN code etc.
  6. Unless you have added your university e-mail address as the primary contact address on the SARS system, you should never receive mail on your university account.

This phishing scam will allow the criminals to log into and take control of your bank account via the internet.

They can create themselves as beneficiaries, transfer your money to their account, and then delete the evidence pointing to their account.

These scam e-mails will never stop. It is always difficult to block them too because scammers change their addresses, details and methods on a daily basis. So it is always best to dump these mails in the junk mail folder, blacklist the sending domain and delete the mail immediately.

Why do these criminals continue to send their mail? Because they catch people regularly. In 2012 R14+ million was stolen from South Africans alone using phishing tactics such as this one.

Also read more on this on the mybroadband website.

EXAMPLE OF E-MAIL:

From: SARS eFiling [mailto:eFiling@sars.gov.za]
Sent: Saturday, 27 June 2015 10:14
Subject: Your account has been credited with R3,167.14
efiling

Your account has been credited with R3,167.14

Please click below to accept and verify payment.

Accept Payment

During this process, there will be verifications. If you don’t receive codes on time, come back to finish verification when received

SARS eFiling

[ARTICLE BY DAVID WILES]

SARS e-mail may fool users

Tuesday, October 15th, 2013

For some lucky people, it is time for the tax returns from SARS. The criminals know it too and every year at this time, users will get emails allegedly from SARS promising tax returns and asking you to click on a link, log in and provide your bank account details and password so they can pay you money!

This is a scam, and you should never respond or go to the site or open up the attached file, as this could compromise your banking security.

  1. SARS has your banking details on record and these are stored in secure and encrypted form. They do not need you to confirm or enter your banking details.
  2. SARS would always either SMS or send you a registered letter in the post to inform you of tax returns, etc. They would never contact you via unsecured e-mail, and furthermore they have enough of your data to address the mail to you PERSONALLY and not via some vague “Dear Taxpayer” salutation.
  3. There is no returnfund@sars.co.za address
  4. The attached file is usually a html (webpage) file that gives you a forged webpage sitting on the criminals server somewhere overseas.
  5. The amount that they promise to pay you is always something like R9,250.75
  6. Unless you have added your university e-mail address as the primary contact address on the SARS system you should never get mail on your university account.

If you do go to this site and you do enter in your banking account details, credit card details, passwords etc, this will allow the criminals to log into your bank account via the internet, and take control over your bank account. They will create themselves as beneficiaries and then transfer all your money to their account, and then delete all the evidence pointing to their account.

These scam e-mails will never stop. It is always difficult to block them too because scammers change their addresses, details and methods on a daily basis. So it is always best to dump these mails in the junk mail folder, blacklist the sending domain and delete the mail immediately.

Why do these criminals continue to send their mail? Because they catch people regularly. In 2012 South Africa was the 5th most phished country in the world behind India, Canada, the USA and the UK, with estimated figures of R14 million being stolen from South Africans last year alone.

 

[ARTICLE BY DAVID WILES]

 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.