Recent posts
Alarming
Tax Scams Targeting South Africans
05 July 2026
nichemarket Advice
How Corporate Gifting Can Improve Customer Retention
03 July 2026
Press Releases
South Africa's SME Credit Wall Is Driving Business Owners to Secured Asset Loans
01 July 2026
Geek Chic
Where Wonder Man Fits Into The Marvel TV Universe
27 June 2026
Popular posts
Extravaganza
Trending Music Hashtags To Get Your Posts Noticed
24 August 2018
Geek Chic
How To Fix iPhone/iPad Only Charging In Certain Positions
05 July 2020
Extravaganza
Trending Wedding Hashtags To Get Your Posts Noticed
18 September 2018
Money Talks
How To Find Coupons & Vouchers Online In South Africa
28 March 2019
Tax Scams Targeting South Africans
05 July 2026 | 0 comments | Posted by Che Kohler in Alarming
Tax season has become open season for scammers in South Africa, and business is booming, despite warnings.
Every year, as the South African Revenue Service (SARS) ramps up communication with taxpayers, fraudsters ramp up right alongside it — hijacking that flurry of legitimate SMSes and emails to slip their own convincing fakes into your inbox.
According to Thalia Pillay, co-founder and CEO of anti-fraud startup Orca Fraud, tax season is a peak period for scam activity because criminals exploit the increased communication between SARS and taxpayers to make their messages appear more convincing.
In her words, most South Africans with smartphones will receive at least one scam message purporting to be from SARS this year.
Making matters worse, SARS moved entirely to digital correspondence in May 2025, discontinuing physical mail for all system-generated letters — meaning more legitimate SARS communications are now landing in inboxes and SMS threads, giving scammers more plausible cover. When you're already expecting to hear from SARS digitally, a convincing fake is much easier to act on without a second thought.
Many South African's don't question the legitimacy of these SMS's, and scammers know they can leverage the authority of SARS and a promise of a windfall to convince people to act against their best interests.
These operations come in a few different flavours, and below is a full breakdown of the scams doing the rounds, how they work, the warning signs to watch for, and exactly what to do if you're targeted — or if you've already been caught out.
The Four Main Scam Types
1. The Fake Settlement Notification
This is the fear-based approach. You receive an SMS or email claiming you owe a specific tax amount, urgently due by a set date, often including payment instructions and a bank account number. The urgency is deliberate — it's designed to make you pay before you stop to think.
The giveaway: SARS will never request banking details by post, email, or SMS, and it will never provide a bank account number for payment. If a message gives you an account number to pay into, it's fraudulent, full stop.
2. The Fake Refund SMS
This is the greed-based approach, and it's remarkably effective — even fraud experts aren't immune. Pillay herself received one claiming SARS owed her R37,000, and admitted she "got so excited, thinking it was a lucrative amount."These messages claim a refund has been issued and instruct you to click a link to verify your details or link a credit card to receive it.
The giveaway: SARS will never ask for credit card details, and refunds are paid only into the bank account already linked to your eFiling profile. Any message with an external link or non-official domain asking you to "claim" a refund is a scam.
3. The Fake Letter of Demand
This is the more aggressive, threat-based version. It warns that SARS has issued a letter of demand, that a court summons is imminent, or that blacklisting may follow — with a link or attachment leading to a phishing site designed to harvest your information.
The giveaway: SARS will not send hyperlinks to other websites, including banks or legal notices, and any genuine legal action from SARS will be visible in your eFiling profile — not delivered via a link in an unsolicited message.
4. The Fake Auto-Assessment or Compliance Notice
This one exploits the annual auto-assessment process. You're prompted to confirm your compliance status, update your banking details, or complete your auto-assessment via a link, which leads to a proxy website mimicking the eFiling interface
The giveaway: SARS does not send links to external websites for compliance purposes — if you need to complete an auto-assessment or update your banking details, you should go directly to sars.gov.za and log in yourself, never via a link from a message.
The Card-Cloning Layer Behind the Scenes
What happens once you actually click?
According to Pillay, criminals spin up fake websites designed to look like they're processing a tax return or refund, but when you enter your card details at "checkout," they simply clone that card information.
The eFiling-style scam and the refund-style scam are, in her telling, the two main forms of fraudulent activity Orca has detected around this year's tax season— and Orca isn't a small outfit making guesses.
Once your card and eFiling credentials are compromised, the damage doesn't stop at one transaction. Scammers load stolen credentials onto different platforms to drain victims' bank accounts or set up unauthorised debit orders, and criminals also use eFiling details to build detailed profiles of taxpayers for more targeted future attacks.
There's also an automation angle worth knowing about. With AI tools now widely available, fraudsters run what are called "burst attacks" at scale — using AI to automate large numbers of transaction attempts on stolen cards in order to bypass security measures, sometimes running a hundred different stolen cards through bots or scripts at once.
Insider Info Help Scammers Targeting Card Renewals
Another alarming trend is the spike in fraudulent card transactions in the month just before they're due to expire, suggesting a degree of insider fraud in which criminals know a replacement card is coming and rush to exploit the old one before it's cancelled.
These stolen cards are typically tested and used on e-commerce sites or on-demand grocery deliveries, with the fraudulently purchased goods — often alcohol — which are resold afterwards to generate physical cash with no ties to the original scam.
Warning Signs to Watch For
- Urgency and pressure. Threats of penalties, blacklisting, or imminent legal action can push victims to act "immediately."
- Unexpected windfalls. A refund you didn't apply for, or an amount that feels suspiciously generous.
- Links in SMS or email. SARS doesn't operate this way — legitimate actions happen only when you navigate to sars.gov.za yourself.
- Requests for banking or card details. SARS never asks for this information via message, and never supplies you with an account number to pay into.
- Spelling errors, odd formatting, or unofficial-looking domains in the link itself.
- A message that "coincidentally" arrives right when you're expecting SARS correspondence — this is precisely the cover scammers rely on now that SARS communicates digitally by default.
What to Do If You're Targeted
- Don't click the link. Not even to "check if it's real."
- Don't reply, and don't call any number provided in the message.
- Go directly to sars.gov.za by typing the address yourself, or log into the official SARS eFiling app, to check your actual compliance and refund status.
- Verify independently. If you're unsure, contact SARS through the official contact centre number listed on their real website — never a number from the suspicious message.
- Report and delete the message. You can forward phishing attempts to SARS's official fraud reporting channels, listed on sars.gov.za.
- Warn people around you, especially those less familiar with these tactics — parents, older relatives, or colleagues.
What to Do If You've Already Been Scammed
- Contact your bank immediately to freeze or cancel the card and flag potential fraud on the account. Do this the moment you suspect compromise — don't wait for a strange transaction to appear.
- Change your eFiling password immediately, and update the password anywhere else you've reused it.
- Check your eFiling profile for unauthorised changes, particularly banking details, which scammers may try to alter to redirect any real refund.
- Monitor your bank statements closely in the weeks that follow. Given the burst-attack pattern described above, fraud attempts can come in rapid, automated waves rather than a single incident.
- Report the fraud to your bank's fraud division and request new card details rather than a simple reissue, especially if your card was nearing its expiry date.
- File a report with SARS and the South African Police Service (SAPS), and consider lodging a complaint with the South African Fraud Prevention Service (SAFPS) to flag your details against future misuse.
- Consider a credit bureau alert if your personal information (ID number, address, etc.) was also captured, since scammers use compromised data to build fuller profiles for future targeting.
Don't Get Taxed By Scammers
The uncomfortable truth is that SARS's shift to fully digital communication has made scammers' jobs easier, not harder — a real SARS SMS is now common enough that a fake one blends right in.
The single most reliable rule to remember: SARS will never ask for your banking details, card details, or ask you to click a link to "resolve" anything. If in doubt, log in at sars.gov.za directly, and never through a link someone sent you.
This article draws on reporting from The Star/IOL and MyBroadband, featuring insights from Thalia Pillay, CEO and co-founder of Orca Fraud.
Are you looking to promote your business?
Business owners can create their free business listing on nichemarket. The more information you provide about your business, the easier it will be for your customers to find you online. Registering with nichemarket is easy; all you will need to do is head over to our sign-up form and follow the instructions.
If you require a more detailed guide on how to create your profile or your listing, then we highly recommend you check out the following articles.
Recommended reading
If you enjoyed this post and have a little extra time to dive deeper down the rabbit hole, why not check out the following posts on web security?
You might also like
{{comment.sUserName}}
{{comment.iDayLastEdit}} day ago
{{comment.iDayLastEdit}} days ago
{{blogcategory.sCategoryName}}