PREVIOUS ARTICLENEXT ARTICLE
FEATURE ARTICLES
By 6 July 2026 | Categories: feature articles

0

By Lucas Molefe, Cybersecurity Expert at ESET Southern Africa

The South African tax season is in everybody’s calendar, including cybercriminals. Every year, from July to October, millions of South Africans log into SARS eFiling and submit sensitive personal and financial information. In 2025, more than 10 million unique users used the tax authority’s digital channels, both eFiling and the SARS Mobi App, to access and share their information. For cybercriminals, tax season is hunting season, a predictable, high-value campaign period that’s reflected in SARS’ own warnings about phishing, eFiling profile jacking and growing attempts to defraud taxpayers. 

In 2025, SARS, Standard Bank, Capitec and Nedbank issued warnings to customers about the rise in scams throughout this period and SARS Commissioner, Edward Kieswetter, alerted taxpayers to the scams, emphasising that SARS will not ask for personal information over email or via SMS. While there are no official numbers on how many people fell victim to tax-season scams in 2025, the scale of alerts and guidance from professional bodies confirms that there was a significant spike during the filing window, with spoofed emails, fake refund notices and impersonation attacks specifically designed to harvest eFiling credentials and banking details. 

The South African Fraud Prevention Service has described how fraudsters leverage the auto-assessment process, specifically, exploiting the same digital convenience that SARS introduced to improve the taxpayer experience to launch sophisticated campaigns. The Office of the Tax Ombud investigation into hijacked eFiling profiles found that weaknesses in SARS’ authentication, profile management and fraud detection processes created exploitable gaps, which allowed fraudsters to change banking details and redirect funds before victims or the authorities realised what had happened. 

Case reports on eFiling profile hijacking have shown how attackers are combining data breach information, social engineering and fraudulent SIM swaps to take over a taxpayer’s mobile number, intercept the SARS one-time PINs, reset eFiling credentials and then alter bank account details so refunds are paid into accounts controlled by criminal syndicates. In short, if an attacker can swap your SIM, they own your OTP and this is often the last line of defence for banking and SARS transactions.

For banks and fintechs, tax season has become a stress test. Transaction volumes increase, and customer anxiety follows suit, and the pressure on authentication and fraud detection infrastructure increases exponentially. And this is where AI telemetry is becoming invaluable. It is impossible to have human analysts reviewing every transaction during filing season as the volumes are too high, and AI brings the ability to maintain detection at the speed and scale of digital. 

The distinction between rule-based detection and AI-driven telemetry is important here, because legacy systems apply static thresholds – if X happens, flag Y – but with AI-driven telemetry, there is a continuous, personalised baseline built for every user. Their device, location, login patterns and typical transaction behaviours are all analysed and monitored by the AI to create a living baseline. The moment that baseline deviates, the system flags it in real time before the transaction is completed. In addition, AI-powered identity authentication now uses behavioural biometrics such as typing cadence, swipe pressure and even the angle at which a device is held to create a security layer that operates without adding friction to the customer experience. It is the invisible layer of protection that institutions can control, but that doesn’t impede how customers engage with systems and services. 

It also takes the conversation outside of just compliance because that just tells you what you have to protect, not what threats are actively targeting the business or how to defend against them. Threat intelligence and AI-driven telemetry fill this gap and move the primary burden of detection to the intelligence layer that can operate at the speed and scale that the eFiling window requires. 

Consumers have the reasonable expectation that the platforms they use to file their taxes, manage their banking details and receive their refunds are doing the work of protecting them, without making that protection their problem to manage. AI-driven telemetry gives organisations the tools they need to make this expectation a reality, providing insights and threat detection capabilities that don’t add another layer of verification but instead create a level of precision that compliance frameworks and rule-based detection simply cannot replicate. 

USER COMMENTS

Read
Magazine Online
TechSmart.co.za is South Africa's leading magazine for tech product reviews, tech news, videos, tech specs and gadgets.
Start reading now >
Download latest issue

Have Your Say


What new tech or developments are you most anticipating this year?
New smartphone announcements (46 votes)
Technological breakthroughs (29 votes)
Launch of new consoles, or notebooks (14 votes)
Innovative Artificial Intelligence solutions (29 votes)
Biotechnology or medical advancements (24 votes)
Better business applications (160 votes)