Expert: SARS eFiling hijackings linked to public Wi-Fi
A cybersecurity expert says the recent spike in SARS eFiling account hijackings may linked to taxpayers using public Wi-Fi or shared devices when logging in.
The Office of the Tax Ombud last week revealed that fraudsters are gaining unauthorised access to accounts, changing banking details and redirecting tax refunds into their own pockets.
While most fraudulent claims amount to less than R10,000, some have reportedly reached up to R100,000.
The Tax Ombud has attributed the surge in cases to weak authentication measures, poor communication, and delays in detecting fraud at SARS.
Anthony Boucher, the head of the Mike Bolhuis Cybercrime Unit, says strong passwords and two-factor authentication offer the best protection.
" For practitioners managing multiple client accounts, what you can do is use as a key password manager instead of reusing or storing passwords in unsecured ways. You can keep your client's account separated. Never store all of the information in one place."
READ: Hawks warn of new wave of identity theft, corporate fraud
He says you should contact SARS immediately if you suspect your profile has been hijacked.
"What you can do is have the accounts frozen or on hold until the situation is resolved. You can reset your passwords immediately and verify that recovery email and phone details haven't been changed.
"Notify your bank to flag suspicious or fraudulent transactions linked to your profile document, or changes and correspondence for a potential investigation."
