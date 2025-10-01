Last week, Sowetan reported that the Tax Ombud was probing a staggering 16,000 cases of hijacking of Sars’ e-filing profiles that have seen taxpayers lose their tax return refunds to cyberfraud criminals.
The increase in the number of hijacked profiles raised concerns about the security of taxpayers’ information with Sars. The Tax Ombud started its investigation in August last year after approval from finance minister Enoch Godongwana.
It then conducted the e-filing profile hijacking survey to capture taxpayers’ experiences and the challenges related to the hijacking of e-filing profiles.
In another case, in August 2021, a taxpayer received an email notification from the tax body that said that their registered particulars had been updated. This was despite them not having initiated any changes.
Sars then processed a refund of R21,662.38, which was paid into a fraudulent bank account controlled by the perpetrator. However, after a fraud investigation, Sars issued a refund of R71,154.73 to the taxpayer’s registered bank account.
The amount included R21,662.38 from the 2021 tax period, which was paid along with other outstanding refunds from different periods.
The ombud said analysis of multiple case studies highlighted systemic challenges in Sars’s fraud prevention, detection, and response mechanisms.
“These cases expose vulnerabilities in authentication protocols, inadequate fraud prevention measures, delayed investigative processes, and weak security controls for taxpayer profile modifications,” it said.
The ombud said the absence of a structured fraud case management system worsens the inefficiencies, leaving affected taxpayers financially vulnerable.
It found that taxpayers and tax practitioners encounter ineffective communication channels and limited support from Sars when trying to resolve cases involving the hijacking of e-filing profiles.
The ombud also found that vulnerabilities included inadequate authentication processes, challenges in fraud detection, delayed response times from Sars, insider threats, and low awareness of digital security among taxpayers.
The report recommended that tax practitioners implement stricter controls on third-party access and uphold high professional conduct standards.
“Taxpayers [need to] use strong passwords, activate two-factor authentication, and regularly monitor e-filing profile activities. [The] National Treasury [should] amend certain provisions in the Tax Administration Act and establish an Inspector-General as recommended by the Nugent commission of inquiry.”
It said the Reserve Bank should also investigate banking irregularities linked to the hijacking of e-filing profiles.
Tax law expert Christo Van Wyk said the Tax Ombud’s findings could redefine the standard of care expected from Sars, influence litigation, and drive systemic reforms.
“Profile hijacking of Sars e-filing accounts is a growing form of identity theft,” he said. “Fraudsters change contact or bank details, divert refunds, and leave victims battling through lengthy investigations. Immediate reporting to Sars, the bank, and the police is essential to contain the damage.”
Report reveals how cyberfraudsters hijacked thousands of taxpayers' e-filing profiles
Case studies highlight systemic challenges in Sars's fraud prevention, detection, and response mechanisms
Fraudsters pocketed more than R460,000 in a single hijacking case of a tax e-filing profile, the biggest amount flagged in the Tax Ombud’s draft report on e-filing heists that affected about 16,000 taxpayers.
The stolen money was reimbursed after lengthy delays and the ombud’s intervention.
The ombud’s office released a draft report on Wednesday, inviting written comments on its e-filing profile hijacking investigation. The closing date is October 31.
According to the report, fraudulent transactions typically involve amounts under R10,000 but can reach up to R100,000. The hijacking incidents were most common with personal income tax accounts, followed by VAT accounts.
In one of the cases that was part of the probe, the sole director of a company was fraudulently changed at the Companies and Intellectual Properties Commission in April 2023.
Two months later, criminals gained access to the taxpayer’s e-filing profile after it was illegitimately updated at the SA Revenue Service (Sars).
The report said this unauthorised access allowed the perpetrator to alter the registered taxpayer’s details, including banking information and submit fraudulent tax returns, resulting in the misappropriation of VAT refunds.
The ombud said despite the fraud being formally reported, the revenue service processed fraudulent VAT refunds before corrective action was taken, which resulted in R43,742.76 being paid on June 28 2023 into the perpetrator’s bank account.
On July 6 2023, Sars paid a further R416,639.89 into the perpetrator’s bank account.
“The failure by Sars to place a stopper on the fraudulent transactions resulted in the taxpayer suffering significant financial losses,” the report said. “This resulted in Sars paying a total amount of R460,389.65 to a fraudulent bank account.
“Sars delayed in blocking fraudulent transactions despite early reports of fraud, causing significant undue hardship to the taxpayer. The taxpayer’s tax compliance status was adversely affected pending the finalisation of the investigation, and in addition, Sars initiated debt recovery proceedings.”
