SARS warning over eFiling fraud in South Africa

 ·30 Aug 2024

The South African Revenue Service (SARS) has warned that cybercrime is becoming more sophisticated and is constantly evolving—and investigations into cases of eFiling profile hijacking have pointed to perpetrators tied to syndicates with ‘global links’.

Responding to reports this past week of cases of eFiling profile hijacking costing companies millions, SARS commissioner Edward Kieswetter said that the revenue service investigated the matters, looking for any alleged complicity by SARS staff that may have compromised the organisation’s systems, and found no evidence to this effect.

“SARS has investigated this matter, and we have found that no negligence or liability can be imputed to SARS, meaning that SARS can, therefore, not be held liable for the criminal action reported,” he said.

The commissioner said that SARS has built internationally recognised systems that include built-in oversight of each transaction to safeguard taxpayer information and ensure internal accountability.

“SARS will assist the company and all law enforcement agencies in any investigations that must follow to uncover the source of this tax crime,” Kieswetter said.

He added that profile hijacking was a crime that pointed to “pervasive cybercrime with global links,” and SARS, like all other financial institutions, is constantly threatened by international cybercrime syndicates.

“SARS has invested significantly in its technological infrastructure to combat this phenomenon,” he said.

The Office of the Tax Ombud (OTO) announced earlier this month that it will launch a review of possible “systemic and emerging issues” at SARS related to eFiling profile hijacking.

SARS reported a rise in eFiling profile hijacking earlier in 2024, which involves criminals gaining access to taxpayers’ profiles through various methods.

Details are usually gained through vishing and other social engineering attacks, and the hijackers then gain control of profiles, changing banking details, creating other profiles and redirecting tax refunds.

The hijackers’ objectives are to redirect tax refunds to fraudulent bank accounts, which they set up specifically for this purpose.

The OTO said that SARS is an institution that should garner a high degree of trust, but the fact that its security protocols can be bypassed with such speed and ease raises serious questions.

SARS has previously refuted any indications that its staff could be involved with these activities—a denial it has now repeated.

The Revenue Service said it is continuously working to enhance its processes to authorise taxpayers when bank details are changed.

Some of the enhancements that have been implemented include Multi-factor Authentication, strengthening password rules and biometric authentication.

“Apart from this, SARS is constantly assessing its own systems to identify system weaknesses to ensure that we mitigate any form of risk. This will mean working more intensively with other parties such as banks,” it said.

Despite denying any liability on SARS’ part, Kieswetter said that one of the organisation’s key strategic objectives is to build public trust—and he does not want to lose ground in this area due to criminal activity, “whether it’s done from inside or outside the organisation.”

As such, SARS is supporting the OTO enquiry and investigation into profile hijacking.

“SARS is cooperating with OTO and looks forward to the recommendations that will be made on how best to combat the scourge of profile hijacking,” Kieswetter said.


Read: Trouble for SARS over eFiling fraud

Show comments
Subscribe to our daily newsletter