Tax season scams: How institutions can stay one step ahead
South Africans continue to meet their tax filing deadlines, cybercriminals have unleashed a wave of sophisticated scams
Image: Supplied
As South Africans continue to meet their tax filing deadlines, cybercriminals have unleashed a wave of sophisticated scams designed to exploit both individuals and institutions.
"The latest scam is a SMS indicating that SARS is conducting an audit on a Tax refund. The link leads you to a phishing website, aimed at stealing your information. See the scam prototype here," the revenue service warned taxpayers earlier this year.
According to cybersecurity firm Kaspersky, phishing "accounted for 67% of cyber incidents among South African organisations over the past year, with a 29% year-on-year increase in such scams recorded as tax season opened".
Sameer Kumandan, Managing Director of data firm SearchWorks, says scammers are mimicking SARS communications with “unprecedented” accuracy
"Scammers are mimicking real SARS communication down to the last detail - and unless organisations strengthen their verification processes, they risk being caught off guard,” Kumandan said.
Kumandan further warned institutions that failure to upgrade identity verification and monitoring systems could expose them to serious financial and reputational risks during this high-pressure period.
"For businesses, especially accountable institutions handling large data volumes and transactions, the risks are twofold: they may be targeted directly or indirectly impacted through compromised clients,".
To stay ahead of fraudsters, Kumandan has recommended four key focus areas for accountable institutions:
Strengthen identity verification processes
Tax-season scams often involve impersonation - making robust identity verification a frontline defence. Accountable institutions should ensure their Know Your Customer (KYC) protocols include multi-factor authentication (MFA), biometric ID verification, and real-time document validation against trusted data sources. Dormant, inactive, or high-risk accounts should be reverified before any transactional activity is permitted.
Keep customer records and risk profiles current
Fraud often exploits outdated or incomplete records. Institutions should continuously refresh customer data and risk scores, synchronise records across departments, and use machine learning tools to flag anomalies. Data hygiene is more than a compliance requirement - it’s a strategic shield against social engineering.
Leverage technology for real-time monitoring
Transaction monitoring shouldn’t be reactive. Use real-time analytics to flag unexpected login behaviour (such as geolocation shifts or device changes), unusually high transaction volumes, or rapid movement in new accounts. Institutions should also monitor for red flags around SARS refund timelines, when fraudulent withdrawals are most likely to spike.
Prioritise education and fraud awareness
Internal teams and clients are often the weakest security link - but also the most scalable defence. SARS regularly publishes updated scam alerts on its website, which institutions should actively circulate. In-house phishing simulations, seasonal fraud briefings, and client education campaigns can significantly reduce vulnerability.
Ultimately, tax season is a pressure test - not only for compliance teams, but for the systems and habits that underpin them. Institutions that invest in proactive monitoring, smarter verification, and continuous education are far better positioned to protect their clients and their reputations long after the filing deadline has passed.
IOL Business
mthobisi.nozulela@iol.co.za