SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

sars

[:en]Phishing attempt: “SARS eFiling Letter notification”[:]

Thursday, January 31st, 2019

[:en]

An email with the subject “SARS eFiling Letter Notification” was sent from a staff email to staff and students on campus. The email asks you to click on a link to download your SARS documents (See example below)

This is not a legitimate SARS email, but a phishing attempt from a compromised sun email account.

SARS will never ask you to provide any personal information by means of email. By clicking on links and providing your information, you give criminals access to your personal information and your accounts.

If you clicked on the link in this phishing email, immediately change your password on www.sun.ac.za/password. For enquiries contact the IT Service Desk by logging a request or calling 808 4367. More information on phishing is available on our blog and Twitter.

Click for a larger version.

[:]

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on [:en]Phishing attempt: “SARS eFiling Letter notification”[:]

[:en]SARS phishing e-mail[:]

Monday, June 12th, 2017

[:en]

Take note that a phishing e-mail promising a SARS payback is circulating on campus. Below is an example of the e-mail sent from a legitimate looking @sars.gov e-mail address with a web page attached which the receiver should click on and complete. 

Please do not click on the html file or enter any personal information. SARS would contact you via SMS if (in the unlikely event) they want to pay you money.  

Also look out for the telltale signs of a phishing e-mail below:

  1. Addressed to a generic name – “Dear Taxpayer”. SARS would at least include your full name and tax reference number.
  2. Grammar, spelling or punctuation errors. 
  3. SARS won’t ask you to complete any forms. They already have your information.

Dear Taxpayer,

 

After calculations of last year annual fiscal activities,we realised that you are eligible to receive a Tax refund of R9,250.75. please download the attached Tax refund form REFUNDSARS.html and complete the process of your Tax refund. Note:the refund will take 48hours to reflect in your account.

 

Thank you,

 

South Africa Revenue Services (SARS)

Tom Moyane Commissioner

[:]

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on [:en]SARS phishing e-mail[:]

Tax season = cyber scamsBelastingseisoen = kubermisdaad

Friday, July 24th, 2015

Only people with an unusual desire for pain and discomfort look forward to a trip to the dentist. The same goes for tax.

Criminals know this and prey on our vulnerability. Every year at this time, e-mails like the one below end up in SU staff inboxes. It informs you that the taxman owes you money and all you have to do to receive it, is to click on a link.

This is a scam, and you should never respond or go to the site or open up the attached file, as this could compromise your banking security.

  1. SARS has your banking details on record and keeps it in secure and encrypted form. They do not need you to confirm or enter your banking details.
  2. SARS will always either SMS or send you a registered letter in the post to inform you of tax returns. They will never contact you by unsecured e-mail.
  3. They also have enough data to address the mail to you PERSONALLY and not via some vague “Dear Taxpayer” or “Good Day” salutation.
  4. There is no EFiling@sars.gov.za address.
  5. The attached file is usually a html (webpage) file and will connect you to a server controlled by the criminals. This server downloads a Trojan virus to your computer that will install software, malware and do all sorts of nasty things to your computer and data. Another tactic is to present you with a “login page” where you enter your banking account details, your PIN code etc.
  6. Unless you have added your university e-mail address as the primary contact address on the SARS system, you should never receive mail on your university account.

This phishing scam will allow the criminals to log into and take control of your bank account via the internet.

They can create themselves as beneficiaries, transfer your money to their account, and then delete the evidence pointing to their account.

These scam e-mails will never stop. It is always difficult to block them too because scammers change their addresses, details and methods on a daily basis. So it is always best to dump these mails in the junk mail folder, blacklist the sending domain and delete the mail immediately.

Why do these criminals continue to send their mail? Because they catch people regularly. In 2012 R14+ million was stolen from South Africans alone using phishing tactics such as this one.

Also read more on this on the mybroadband website.

EXAMPLE OF E-MAIL:

From: SARS eFiling [mailto:eFiling@sars.gov.za]
Sent: Saturday, 27 June 2015 10:14
Subject: Your account has been credited with R3,167.14
efiling

Your account has been credited with R3,167.14

Please click below to accept and verify payment.

Accept Payment

During this process, there will be verifications. If you don’t receive codes on time, come back to finish verification when received

SARS eFiling

[ARTICLE BY DAVID WILES]

Net iemand met `n ongewone voorliefde vir pyn en ongemak sien uit na `n uitstappie na die tandarts. Dieselfde geld vir belasting.

Kuberkriminele buit ons SARS-vrese uit en misbruik belastingseisoen om e-posgebruikers uit te vang.  

Elke jaar rondom Julie maak e-posse (soos die een heel onder) hul opwagting in US-personeel se posbusse. Op die oog af lyk dit soos `n SARS e-pos wat jou in kennis stel dat Jan Taks geld aan jou wil betaal. Om dit te kry, moet jy net op `n skakel te kliek.

Natuurlik is dit `n slenter. Moet nooit hierop reageer, op die skakel kliek, na die webwerf gaan, of die aangehegte dokument oopmaak nie. Jy sal bloot jou bankrekening in gevaar stel. 

  1. SARS het reeds jou bankbesonderhede en dit word veilig gestoor in enkripteerde formaat. Hulle het nie nodig om te vra dat jy dit weer bevestig nie. 
  2. SARS sal jou SMS of `n geregistreerde brief per pos stuur om jou in kennis te stel van belastinguitbetalings. Hulle sal jou nie met onsekure e-pos kontak nie.
  3. SARS het jou inligting en sal jou persoonlik aanspreek –  nie as “Dear Taxpayer” of met `n vae “Good Day” nie.
  4. Daar bestaan nie `n EFiling@sars.gov.za adres nie.
  5. Die aangehegte leêr is gewoonlik `n html (webblad) leêr en sal jou verbind aan `n bediener wat deur kriminele beheer word.  Hierdie bediener laai `n Trojan-virus wat sagteware en malware installeer op jou rekenaar en verskeie onreëlmatighede met jou data wil uitvoer. `n Alternatiewe metode herlei jou na `n aantekenblad waar jy jou bankrekeningdetails, PIN-kode, ens. invul.
  6. Behalwe as jy jou universiteit e-posadres as die hoofkontakadres op die SARS-stelsel ingevul het, sal jy nooit kommunikasie van SARS op jou sun e-pos kry nie.

Bogenoemde phishing-poging sal kuberkrakers toelaat om aan te teken en beheer te kry  oor jou bankrekening via die internet. Hulle kan hulself as begunstigdes byvoeg, geld oorplaas na hul rekeninge en daarna bewyse van die transaksies verwyder.

Dit bly moeilik om hierdie e-posse te blok aangesien adresse, details en metodes op `n daaglikse basis verander word. Die enigste oplossing is om dit dadelik in die gemorspos (junk mail) vouer te gooi, die domein waarvandaan dit gestuur word te swartlys, en die e-pos onmiddellik uit te vee.

Hoekom word hierdie e-posse steeds gestuur? Omdat dit suksesvol is. In 2012 is meer as R14 miljoen rand van Suid-Afrikaners gesteel alleenlik met phishing pogings.

Lees ook meer hieroor op mybroadband se webwerf. 

VOORBEELD VAN E-POS: 

From: SARS eFiling [mailto:eFiling@sars.gov.za]
Sent: Saturday, 27 June 2015 10:14
Subject: Your account has been credited with R3,167.14
efiling

Your account has been credited with R3,167.14

Please click below to accept and verify payment.

Accept Payment

During this process, there will be verifications. If you don’t receive codes on time, come back to finish verification when received

SARS eFiling

[ARTIKEL DEUR DAVID WILES]

Email

Tags: , , ,
Posted in Security | Comments Off on Tax season = cyber scamsBelastingseisoen = kubermisdaad

SARS wants to give you money?SARS wil vir JOU geld gee?

Friday, August 2nd, 2013

 It’s that time of the year when our mailboxes are infiltrated by messages from SARS and we start making sums and filling out forms. Unfortunately elusive cyber criminals also know that this is the perfect time to prey on our gullibility.

So it’s most likely that you will be receiving (if you haven’t already) a so-called e-mail from SARS asking you either to verify your information or to let you know that a much-welcomed amount has been paid into your account. (see example below) Don’t get excited – it’s not really SARS.

Clicking on the hyperlink in the email takes you to a fake “e-filing” site that has hyperlinks for the four big South African banks and instructions to log on to your Internet banking site for “confirmation of your details”.  When you follow the Nedbank link (as an example), you are taken to a copy of the Nedbank internet banking site that asks for profile, pin and password.  Supplying these takes you to a second page that asks you for your mobile number.  Submitting information on this page takes you to a page that requests the reference number sent to your cellphone.

Do not authorise any cellphone message that comes through if you end up in the above situation.  Furthermore, do not click on any hyperlinks in emails or divulge your account or mobile number details to anyone over the phone or via email.  Banks will never ask you to access internet banking through a link in an email, neither will banks ever ask for your mobile number when you access internet banking.

Look out for the following tell-tale signs:

–  when you move with your pc’s mouse over the link, it won’t be the official, correct web address
–  the e-mail isn’t addressed to you personally – your name isn’t mentioned anywhere
–  the address it was sent from is a generic one that doesn’t exist
–  there is no reference or account number
–  no contact person is mentioned

If you’re unsure, rather go directly to the SARS e-filing web site (type in http://www.sarsefiling.co.za/) and see if there were any payments made to your account.

———————————————————————————————–

From: Sars Efiling <message@sars.co.za>
Date: 30 July 2013 19:37:38 EDT
To: <fakeaddress@sun.ac.za>
Subject: You have a new transaction message

We have filed your return and made a deposit of R3,650.80 into your account.

Confirm your filing

This is an automated email, replies sent to this address will not be received.

Sars eFiling

 

Dis weer die gevreedse tyd van die jaar wanneer ons posbusse geinfiltreer word deur boodskappe van SARS en ons paniekerig begin sommetjies maak en vorms invul. Ongelukkig besef die bedrieglike kuberkriminele ook dat dit die perfekte tyd is om misbruik te maak van mense se goedgelowigheid.

Die kans is dus goed dat jy binnekort (indien jy nie reeds het nie) `n sogenaamde e-pos van SARS sal ontvang wat jou vra om jou inligting te verifieer of om jou te laat weet dat daar vir jou `n gawe bedraggie in jou rekening inbetaal is. (sien voorbeeld onder) Moenie opgewonde raak nie – dis nie SARS nie. 

As jy kliek op die skakel, neem die e-pos jou waarskynlik na `n vals “e-filing” webwerf wat skakels het na vier groot Suid-Afrikaanse banke en instruksies om aan te teken op deur middel van internet bankdienste om jou details te “bevestig”.

As jy (byvoorbeeld) die Nedbank-skakel volg, word jy geneem na `n kopie van nie Nedbank internetdienste webwerf wat vra vir jou profiel, pin en wagwoord.  As jy hierdie inligting verskaf, word jy geneem na `n tweede blad waar daar vir jou selnommer gevra word. Deur die inligting te verskaf, word jy weereens na `n volgende blad geneem wat versoek dat die verwysingsnommer na jou selfoon gestuur word.   

Moet onder geen omstandighede enige magtiging gee per selfoonboodskap as jy in bogenoemde situasie beland nie. Moet ook nie kliek op enige skakels in e-posse of rekeningbesonderhede of selfoonnommer-details aan enigiemand verskaf per e-pos of telefonies nie.

Kyk uit vir die volgende:

–  as jy met jou rekenaar se muis oor die skakel beweeg en dis nie die amptelike adres nie.
– die e-pos is nie aan jou geaddresseer nie – maw jou naam word nerens in die e-pos genoem nie.
– die adres waarvan dit gestuur het, is `n generiese adres wat nie bestaan nie.
– daar is geen verwysings- of rekeningnommer nie.
–  geen kontakpersoon word genoem nie.

Indien jy twyfel, gaan eerder na SARS se eie e-filing webwerf (tik http://www.sarsefiling.co.za/ in) en gaan kyk of daar inderdaad vir jou ‘n inbetaling is. 

———————————————————————————————–

From: Sars Efiling < message@sars.co.za>
Date: 30 July 2013 19:37:38 EDT
To: @sun.ac.za>
Subject: You have a new transaction message

We have filed your return and made a deposit of R3,650.80 into your account.

Confirm your filing

This is an automated email, replies sent to this address will not be received.

Sars eFiling

 

Email

Tags: ,
Posted in E-mail, Security | Comments Off on SARS wants to give you money?SARS wil vir JOU geld gee?