SARS Email Scam

Beware of SARS Email Scams: How to Protect Yourself from Fraudsters

In today’s digital world, cybercriminals are becoming more cunning, often impersonating trusted institutions to gain access to sensitive personal and financial information. One of the most common and dangerous tactics used is phishing—fraudulent emails disguised to look like official correspondence. A recent scam targeting South African taxpayers serves as a stark reminder of just how sophisticated these attacks can be.

The SARS Email Scam Explained

A new wave of phishing emails is circulating, appearing to come from the South African Revenue Service (SARS). These emails are crafted to resemble legitimate messages from email addresses like returns@sars.co.za or refunds@sars.co.za, claiming that the recipient is eligible for a tax refund. The real motive, however, is far more sinister.

The emails typically contain links to fake websites or forms designed to mimic official SARS platforms. These counterfeit sites are almost indistinguishable from the real thing, but their true purpose is to deceive users into entering sensitive information, including bank account details, passwords, and eFiling credentials. Once entered, this information is extracted by the criminals and used to commit fraud.

What to Watch Out For

These phishing scams are highly deceptive and can fool even cautious individuals. It’s important to remember that SARS will never request your banking or personal information via email, SMS, or hyperlinks. If you receive such a message, it is almost certainly a scam.

In particular, SARS does not send emails or messages with .htm or .html attachments and does not use embedded links to external websites—even those that appear to belong to banks or other institutions.

Similarly, FNB (First National Bank) will never ask customers to click on a link in an email or SMS to provide personal or financial information. Always be suspicious of any unsolicited messages claiming to be from SARS or your bank.

How to Stay Safe

To protect yourself and your personal information, follow these important guidelines:

• Do not open or respond to emails from unknown sources.

• Never provide personal, tax, banking, or eFiling information through email or suspicious websites.

• Avoid clicking on hyperlinks in emails or SMSs claiming to be from SARS.

• SARS will not ask for card details, login credentials, or pins.

• Report suspicious activity immediately to your bank’s fraud department.

Reporting a Scam

If you suspect that you’ve received a fraudulent message or fallen victim to a phishing scam, it’s critical to act quickly. Contact the FNB Fraud Desk and visit the FNB Security Centre on the FNB App for further assistance, security features, and fraud-prevention tips.

Stay vigilant. Protect your information. When in doubt, don’t click.

Cybercriminals rely on fear and urgency to manipulate their targets. By remaining cautious and informed, you can defend yourself against these increasingly sophisticated scams.