Digital tax platforms like SARS eFiling have made compliance faster and more convenient. But with convenience comes risk. In recent years, incidents of eFiling profile hijacking have surged, with fraudsters exploiting authentication weaknesses to redirect refunds or submit fraudulent returns. For taxpayers, the consequences can be devastating, including financial loss, administrative headaches, and reputational damage.
How Hijacking Happens
Fraudsters typically gain access through weak passwords, phishing emails, or compromised devices. Once inside, they change contact details, intercept communication from SARS, and redirect refunds. The Tax Ombud’s 2025 report highlighted a worrying rise in these cases, underscoring the need for stronger digital security practices.
Practical Steps to Secure Your Profile
1. Enable Two-Factor Authentication
Always activate two-factor authentication (2FA) on your SARS eFiling account. This adds an extra layer of protection, requiring a one-time PIN in addition to your password.
2. Practice Password Hygiene
- Use strong, unique passwords with a mix of letters, numbers, and symbols.
- Avoid reusing passwords across different accounts.
- Change your password regularly, especially after suspicious activity.
3. Stay Alert to Phishing
Fraudsters often send emails or SMS messages pretending to be SARS. Watch for:
- Poor grammar or spelling.
- Suspicious links or attachments.
- Requests for personal information.
Always verify communication directly on the official SARS website.
4. Secure Your Devices
Keep your computer and mobile devices updated with the latest security patches. Install reputable antivirus software and avoid using public Wi-Fi when accessing sensitive accounts.
What To Do If Compromised
If you suspect your profile has been hijacked:
- Report immediately to SARS via their call centre or branch.
- Change your login credentials and enable 2FA.
- Notify your tax practitioner to ensure fraudulent submissions are flagged.
- Document all communication for potential investigation.
SARS’s Ongoing Improvements
SARS has been strengthening its authentication protocols, including enhanced 2FA measures and improved monitoring of suspicious activity. While these steps help, individual vigilance remains the most effective defence.
Protecting your SARS eFiling profile is not optional, it’s essential. By practicing good password hygiene, enabling two-factor authentication, staying alert to phishing attempts, and securing your devices, you can significantly reduce the risk of hijacking. And if the worst happens, knowing how to respond quickly can limit damage.
At CTFSA, we believe that digital safety is part of financial wellness. By staying informed and proactive, you safeguard not only your tax refunds but also your peace of mind.
