The tax scam to watch out for in South Africa this year

 ·21 Jun 2022

As people get ready to file their taxes in South Africa, cybercriminals are getting ready too, says Aamir Lakhani, global security strategist and researcher at Fortinet.

“Tax-return time is open season for cybercrime, and it’s likely to be worse this year because so many people are still working from home on various devices connected to unsecured networks,” he said.

“Although cybercriminals use other sophisticated tactics to steal information, social engineering scams are low-hanging fruit, especially during tax season. Fortunately, everybody can take steps to avoid falling victim to a social engineering scam.”

Lakhani added that cybercriminals use a ‘spray and pray’ model for phishing campaigns. They send thousands of emails, hoping that at least one person will fall victim to the attack.

Spear-phishing attacks are a targeted form of phishing that can be more difficult to detect because the emails are personalized to appear as if they were sent by someone the recipient knows.

“In the past, spear-phishing was challenging to implement, but now some advanced cybercriminals use machine learning and artificial intelligence to execute these attacks more efficiently.”

Lakhani detailed a few tips for effectively defending against social engineering attacks:

  • Look for grammatical issues and typos: Often, phishing emails contain errors that are easy to spot. If a message includes several spelling or grammar errors, odds are good that it is not legitimate.
  • Be sceptical: Always consider any unexpected emails or phone calls claiming to be from the IRS or other governmental agencies to be suspect. If you are concerned about the legitimacy of a sender or caller, don’t give the person any information. Instead, contact the IRS or governmental agency directly to verify the caller’s identity.
  • Don’t share personal information: Don’t give out your Social Security number or credit card information over the phone or via email. Scammers may pressure you to do so and try to convince you that something terrible will happen if you don’t act immediately. Hang up or delete the email.
  • Warn family and friends who may be vulnerable to attacks: Share cybersecurity information with others and encourage them to get educated.
  • Use technology to help prevent attacks: Secure email gateway (SEG) solutions such as FortiMail can protect all inbound and outbound email traffic.

Read: South Africa’s economy is doing better than many expected

Show comments
Subscribe to our daily newsletter