%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250623083955+00'00') /ModDate (D:20250623083955+00'00') /Title (Report 06-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R 20 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 5559 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 131.324 521.469 615.410 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 131.699 520.719 614.660 re S 0.773 0.773 0.773 rg 61.016 147.074 m 550.984 147.074 l 550.984 147.824 l 61.016 147.824 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(SARS WANTS TO GIVE YOU MONEY?)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(February 08,2013)] TJ ET BT 177.584 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 192.092 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [( It's that time of the year when our mailboxes are infiltrated by messages from SARS and we start making sums and filling )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(out forms. Unfortunately elusive cyber criminals also know that this is the perfect time to prey on our gullibility.)] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(So it's most likely that you will be receiving \(if you haven't already\) a so-called e-mail from SARS asking you either to )] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(verify your information or to let you know that a much-welcomed amount has been paid into your account. \(see example )] TJ ET BT 61.016 584.464 Td /F4 9.0 Tf [(below\) Don't get excited - it's not really SARS.)] TJ ET BT 61.016 564.475 Td /F4 9.0 Tf [(Clicking on the hyperlink in the email takes you to a fake “e-filing” site that has hyperlinks for the four big South African )] TJ ET BT 61.016 553.486 Td /F4 9.0 Tf [(banks and instructions to log on to your Internet banking site for “confirmation of your details”.  When you follow the )] TJ ET BT 61.016 542.497 Td /F4 9.0 Tf [(Nedbank link \(as an example\), you are taken to a copy of the Nedbank internet banking site that asks for profile, pin and )] TJ ET BT 61.016 531.508 Td /F4 9.0 Tf [(password.  Supplying these takes you to a second page that asks you for your mobile number.  Submitting information on )] TJ ET BT 61.016 520.519 Td /F4 9.0 Tf [(this page takes you to a page that requests the reference number sent to your cellphone.)] TJ ET BT 61.016 500.530 Td /F4 9.0 Tf [(Do not authorise any cellphone message that comes through if you end up in the above situation.  Furthermore, do not )] TJ ET BT 61.016 489.541 Td /F4 9.0 Tf [(click on any hyperlinks in emails or divulge your account or mobile number details to anyone over the phone or via email.  )] TJ ET BT 61.016 478.552 Td /F4 9.0 Tf [(Banks will never ask you to access internet banking through a link in an email, neither will banks ever ask for your mobile )] TJ ET BT 61.016 467.563 Td /F4 9.0 Tf [(number when you access internet banking.)] TJ ET BT 61.016 447.574 Td /F4 9.0 Tf [(Look out for the following tell-tale signs:)] TJ ET BT 61.016 427.585 Td /F4 9.0 Tf [(-  when you move with your pc's mouse over the link, it won't be the official, correct web address)] TJ ET BT 61.016 416.596 Td /F4 9.0 Tf [(-  the e-mail isn't addressed to you personally - your name isn't mentioned anywhere)] TJ ET BT 61.016 405.607 Td /F4 9.0 Tf [(-  the address it was sent from is a generic one that doesn't exist)] TJ ET BT 61.016 394.618 Td /F4 9.0 Tf [(-  there is no reference or account number)] TJ ET BT 61.016 383.629 Td /F4 9.0 Tf [(-  no contact person is mentioned)] TJ ET BT 61.016 363.640 Td /F4 9.0 Tf [(If you're unsure, rather go directly to the SARS e-filing web site \(type in )] TJ ET 0.373 0.169 0.255 rg BT 345.857 363.640 Td /F4 9.0 Tf [(http://www.sarsefiling.co.za/)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 345.857 362.489 m 457.394 362.489 l S 0.153 0.153 0.153 rg BT 457.394 363.640 Td /F4 9.0 Tf [(\) and see if there were )] TJ ET BT 61.016 352.651 Td /F4 9.0 Tf [(any payments made to your account.)] TJ ET BT 61.016 332.662 Td /F4 9.0 Tf [(-----------------------------------------------------------------------------------------------)] TJ ET BT 61.016 312.673 Td /F1 9.0 Tf [(From:)] TJ ET BT 86.513 312.673 Td /F4 9.0 Tf [( Sars Efiling <)] TJ ET 0.373 0.169 0.255 rg BT 142.286 312.673 Td /F4 9.0 Tf [(message@sars.co.za)] TJ ET 0.18 w 0 J [ ] 0 d 142.286 311.522 m 228.947 311.522 l S 0.153 0.153 0.153 rg BT 228.947 312.673 Td /F4 9.0 Tf [(>)] TJ ET BT 61.016 301.684 Td /F1 9.0 Tf [(Date:)] TJ ET BT 83.516 301.684 Td /F4 9.0 Tf [( 30 July 2013 19:37:38 EDT)] TJ ET BT 61.016 290.695 Td /F1 9.0 Tf [(To:)] TJ ET BT 75.011 290.695 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 279.706 Td /F1 9.0 Tf [(Subject:)] TJ ET BT 96.521 279.706 Td /F4 9.0 Tf [( )] TJ ET BT 99.023 279.706 Td /F1 9.0 Tf [(You have a new transaction message)] TJ ET BT 61.016 259.717 Td /F4 9.0 Tf [(We have filed your return and made a deposit of R3,650.80 into your account.)] TJ ET 0.373 0.169 0.255 rg BT 61.016 239.728 Td /F1 9.0 Tf [(Confirm your filing)] TJ ET 0.18 w 0 J [ ] 0 d 61.016 238.298 m 141.521 238.298 l S 0.153 0.153 0.153 rg BT 61.016 219.739 Td /F4 9.0 Tf [(This is an automated email, replies sent to this address will not be received.)] TJ ET BT 61.016 199.750 Td /F1 9.0 Tf [(Sars eFiling)] TJ ET BT 61.016 179.761 Td /F4 9.0 Tf [( )] TJ ET 0.400 0.400 0.400 rg BT 61.016 161.272 Td /F2 9.0 Tf [(Posted in:E-mail,Security | Tagged:Phishing,Sars | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 345.8567 362.8072 457.3937 371.9647 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://www.sarsefiling.co.za/) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 142.2857 311.8402 228.9467 320.9977 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (mailto:message@sars.co.za) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 131.7917 289.8622 179.4467 299.0197 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (mailto:munnik@sun.ac.za) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 248.5189 61.0157 248.5189 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (http://www.fakeaddress.com) >> endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 238.8952 141.5207 248.0527 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (http://www.fakeaddress.com) >> endobj xref 0 22 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000472 00000 n 0000000582 00000 n 0000006193 00000 n 0000006305 00000 n 0000006420 00000 n 0000006540 00000 n 0000006648 00000 n 0000006776 00000 n 0000006857 00000 n 0000006985 00000 n 0000007062 00000 n 0000007190 00000 n 0000007265 00000 n 0000007391 00000 n 0000007469 00000 n 0000007596 00000 n trailer << /Size 22 /Root 1 0 R /Info 5 0 R >> startxref 7674 %%EOF sars « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

sars

Phishing attempt: “SARS eFiling Letter notification”

Thursday, January 31st, 2019

An email with the subject “SARS eFiling Letter Notification” was sent from a staff email to staff and students on campus. The email asks you to click on a link to download your SARS documents (See example below)

This is not a legitimate SARS email, but a phishing attempt from a compromised sun email account.

SARS will never ask you to provide any personal information by means of email. By clicking on links and providing your information, you give criminals access to your personal information and your accounts.

If you clicked on the link in this phishing email, immediately change your password on www.sun.ac.za/password. For enquiries contact the IT Service Desk by logging a request or calling 808 4367. More information on phishing is available on our blog and Twitter.

Click for a larger version.
Email

Tags: , ,
Posted in E-mail, phishing, Security | Comments Off on Phishing attempt: “SARS eFiling Letter notification”

SARS phishing e-mail

Monday, June 12th, 2017

Take note that a phishing e-mail promising a SARS payback is circulating on campus. Below is an example of the e-mail sent from a legitimate looking @sars.gov e-mail address with a web page attached which the receiver should click on and complete. 

Please do not click on the html file or enter any personal information. SARS would contact you via SMS if (in the unlikely event) they want to pay you money.  

Also look out for the telltale signs of a phishing e-mail below:

  1. Addressed to a generic name – “Dear Taxpayer”. SARS would at least include your full name and tax reference number.
  2. Grammar, spelling or punctuation errors. 
  3. SARS won’t ask you to complete any forms. They already have your information.

Dear Taxpayer,

 

After calculations of last year annual fiscal activities,we realised that you are eligible to receive a Tax refund of R9,250.75. please download the attached Tax refund form REFUNDSARS.html and complete the process of your Tax refund. Note:the refund will take 48hours to reflect in your account.

 

Thank you,

 

South Africa Revenue Services (SARS)

Tom Moyane Commissioner

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on SARS phishing e-mail

Tax season = cyber scams

Friday, July 24th, 2015

Only people with an unusual desire for pain and discomfort look forward to a trip to the dentist. The same goes for tax.

Criminals know this and prey on our vulnerability. Every year at this time, e-mails like the one below end up in SU staff inboxes. It informs you that the taxman owes you money and all you have to do to receive it, is to click on a link.

This is a scam, and you should never respond or go to the site or open up the attached file, as this could compromise your banking security.

  1. SARS has your banking details on record and keeps it in secure and encrypted form. They do not need you to confirm or enter your banking details.
  2. SARS will always either SMS or send you a registered letter in the post to inform you of tax returns. They will never contact you by unsecured e-mail.
  3. They also have enough data to address the mail to you PERSONALLY and not via some vague “Dear Taxpayer” or “Good Day” salutation.
  4. There is no EFiling@sars.gov.za address.
  5. The attached file is usually a html (webpage) file and will connect you to a server controlled by the criminals. This server downloads a Trojan virus to your computer that will install software, malware and do all sorts of nasty things to your computer and data. Another tactic is to present you with a “login page” where you enter your banking account details, your PIN code etc.
  6. Unless you have added your university e-mail address as the primary contact address on the SARS system, you should never receive mail on your university account.

This phishing scam will allow the criminals to log into and take control of your bank account via the internet.

They can create themselves as beneficiaries, transfer your money to their account, and then delete the evidence pointing to their account.

These scam e-mails will never stop. It is always difficult to block them too because scammers change their addresses, details and methods on a daily basis. So it is always best to dump these mails in the junk mail folder, blacklist the sending domain and delete the mail immediately.

Why do these criminals continue to send their mail? Because they catch people regularly. In 2012 R14+ million was stolen from South Africans alone using phishing tactics such as this one.

Also read more on this on the mybroadband website.

EXAMPLE OF E-MAIL:

From: SARS eFiling [mailto:eFiling@sars.gov.za]
Sent: Saturday, 27 June 2015 10:14
Subject: Your account has been credited with R3,167.14
efiling

Your account has been credited with R3,167.14

Please click below to accept and verify payment.

Accept Payment

During this process, there will be verifications. If you don’t receive codes on time, come back to finish verification when received

SARS eFiling

[ARTICLE BY DAVID WILES]

Email

Tags: , , ,
Posted in Security | Comments Off on Tax season = cyber scams

SARS wants to give you money?

Friday, August 2nd, 2013

 It’s that time of the year when our mailboxes are infiltrated by messages from SARS and we start making sums and filling out forms. Unfortunately elusive cyber criminals also know that this is the perfect time to prey on our gullibility.

So it’s most likely that you will be receiving (if you haven’t already) a so-called e-mail from SARS asking you either to verify your information or to let you know that a much-welcomed amount has been paid into your account. (see example below) Don’t get excited – it’s not really SARS.

Clicking on the hyperlink in the email takes you to a fake “e-filing” site that has hyperlinks for the four big South African banks and instructions to log on to your Internet banking site for “confirmation of your details”.  When you follow the Nedbank link (as an example), you are taken to a copy of the Nedbank internet banking site that asks for profile, pin and password.  Supplying these takes you to a second page that asks you for your mobile number.  Submitting information on this page takes you to a page that requests the reference number sent to your cellphone.

Do not authorise any cellphone message that comes through if you end up in the above situation.  Furthermore, do not click on any hyperlinks in emails or divulge your account or mobile number details to anyone over the phone or via email.  Banks will never ask you to access internet banking through a link in an email, neither will banks ever ask for your mobile number when you access internet banking.

Look out for the following tell-tale signs:

–  when you move with your pc’s mouse over the link, it won’t be the official, correct web address
–  the e-mail isn’t addressed to you personally – your name isn’t mentioned anywhere
–  the address it was sent from is a generic one that doesn’t exist
–  there is no reference or account number
–  no contact person is mentioned

If you’re unsure, rather go directly to the SARS e-filing web site (type in http://www.sarsefiling.co.za/) and see if there were any payments made to your account.

———————————————————————————————–

From: Sars Efiling <message@sars.co.za>
Date: 30 July 2013 19:37:38 EDT
To: <fakeaddress@sun.ac.za>
Subject: You have a new transaction message

We have filed your return and made a deposit of R3,650.80 into your account.

Confirm your filing

This is an automated email, replies sent to this address will not be received.

Sars eFiling

 

Email

Tags: ,
Posted in E-mail, Security | Comments Off on SARS wants to give you money?

 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.