SMALL business owners, new taxpayers under the age of 25 and older taxpayers over 60 are urged to become wary of cybercriminals as they become the prime targets for tax-refund scams during tax season.
The tax-return season officially opened on July 1.
Also read: Tax season is open – have you filed your tax return?
According to Aamir Lakhani, senior security strategist at Fortinet, cybercriminals assume these people may be less informed about tax policies and what to expect, so they may be more vulnerable to emotional manipulation.
He said that tax-return time is open season for cybercrime, and it’s likely to be worse this year because so many people continue to work from home on various devices that are connected to unsecured networks.
“Although cybercriminals use other sophisticated tactics to steal information, social-engineering scams are low-hanging fruit, especially during tax season. Fortunately, everybody can take steps to avoid falling victim to a social-engineering tax scam.”
Types of Social Engineering Attacks to Watch Out for
He said cybercriminals are out in full force, eager to prey on the stress and uncertainty surrounding tax season.
“Attacks may take the form of phishing email campaigns or phone calls from people claiming to be from the South African Revenue Service (SARS). To appear legitimate, scammers may use stolen data with personal information, such as identity numbers.
Lakhani said cybercriminals use a ‘spray and pray’ model for phishing campaigns.
“They send thousands of emails, hoping that at least one person will fall victim to the attack. On the other hand, spear-phishing attacks are a targeted form of phishing that can be more difficult to detect because the emails are personalised to appear as if they were sent by someone the recipient knows. In the past, spear phishing was challenging to implement, but now, some advanced cybercriminals use machine learning and artificial intelligence to execute these attacks more efficiently,” he said.
How to protect yourself against tax scams
If you know what to look for and how to handle suspect emails or phone calls, you can avoid becoming a victim of tax-season social-engineering attacks. Here are a few tips for effectively defending against social-engineering attacks:
Also read: 6 crucial medical aid factors to know
– Look for grammatical issues and typos. Often, phishing emails contain errors that are easy to spot. If a message includes several spelling or grammar errors, the odds are good that it is not legitimate.
– Be sceptical. Always consider any unexpected emails or phone calls claiming to be from SARS or other governmental agencies to be suspect. If you are concerned about the legitimacy of a sender or caller, don’t give the person any information. Instead, contact SARS directly to verify the caller’s identity.
– Don’t share personal information. Don’t give out your identity number or credit card information over the phone or via email. Scammers may pressure you to do so and try to convince you that something terrible will happen if you don’t act immediately. Hang up or delete the email.
If you do encounter a SARS-related phone or email scam, you can report it by sending an email to [email protected] or call the Fraud and Anti-Corruption Hotline on 0800 00 2870.
For more from the Highway Mail, follow us on Facebook, Twitter and Instagram. You can also check out our videos on our YouTube channel or follow us on TikTok.