eFiling hijacking continued despite Sars' best control efforts, says Tax Ombud

The Office of the Tax Ombud (OTO) has raised alarm over growing cases of eFiling profile hijacking, warning that the scam poses a serious threat to taxpayer confidence in the South African Revenue Service (Sars) and the long-term credibility of the country’s digital tax system.

In its long-awaited draft report on eFiling profile hijacking, released for public comment after repeated postponements at Sars’ request, the OTO said the practice exposes both systemic weaknesses and service delivery failures in how Sars assists victims.

eFiling profile hijacking typically involves fraudsters using stolen personal details to access taxpayer profiles, submit false returns and claim refunds.

The OTO said the scam is most common among personal income tax and VAT cases, with fraudulent claims usually under R10 000 but sometimes reaching up to R100 000.

The report cited weak authentication processes, insider threats, delayed Sars response times, and low taxpayer awareness as key vulnerabilities.

It noted that while Sars has introduced security features such as two-factor authentication and SMS notifications, these measures have not stopped criminals from exploiting gaps.

"Despite Sars implementing these enhancements to its eFiling system after the OTO started its investigation, eFiling profile hijacking has not stopped," said the OTO report.

"This indicates that the measures taken so far are insufficient to fully prevent or detect eFiling profile hijacking and fraudsters continue to exploit gaps faster than improvements are being implemented. A more integrated, proactive and taxpayer focused approach is needed beyond technical upgrades."  

The OTO said while Sars has taken notable steps, such as establishing a dedicated fraud investigation unit and engaging in interagency and industry partnerships, several critical challenges remain that undermine the overall effectiveness and responsiveness of its fraud mitigation efforts. 

"Internally, Sars continues to face capacity constraints, including limited investigative personnel, slow turnaround times, and growing backlogs," it said.  

"The absence of access to a formal standard operating procedure (SOP), coupled with the lack of independent audits or external reviews, raises concerns about transparency, consistency, and accountability in handling these cases."

It said while Sars reports regular internal oversight, the governance framework faces challenges due to the lack of independent assurance mechanisms, especially in relation to the operations of the Digital Fraud Team. 

"The growing incidence of eFiling profile hijacking demands an urgent and coordinated response," said the OTO report.

"To address these vulnerabilities and build a more secure, resilient digital tax environment, Sars should prioritise improvements in strengthening personnel capacity and technical expertise within the fraud investigation unit, implementing a differentiated case management model and enabling faster resolution of simpler cases and targeted attention to complex ones."

Part of the recommendations include introducing regular, risk-based internal and external audits to enhance governance, oversight, and public confidence, disclosure (at least at a high level) of formal SOPs to support transparency and consistent application of procedures.

"Addressing these systemic issues will not only improve Sars' current fraud response capacity but also enhance its ability to safeguard taxpayer data, maintain public trust, and uphold the integrity of the digital tax system into the future."

Meanwhile, the Sars said it will be making inputs into the draft report like all other interested parties as it believes its constructive contribution will help to continue to deepen confidence to all taxpayers that its electronic platforms are secure and safe for engagement with the organisation.

"Sars acknowledges that cybercrime is an evolving and growing risk, requiring significant and ongoing investment into modernisation of its tax administration platform as included in its current 5-year strategic plan," it said.

"Many of the recommendations in the OTO report have already begun and will be continually reviewed and enhanced as the goal posts shift. These are intended to strengthen our security layer, and this was occasioned by our concerns about the evolving nature of cybercrime."

Sars said that as an organisation that is operating in a rapidly changing technologically environment, it continuously reviews strategic risks, so that it can react to these changes and stay ahead of the curve.

"Sars will be sharing these insights with the OTO. Sars believes that any compromised profile is one too many. All role players must play their part to prevent criminals from accessing taxpayers’ information."

BUSINESS REPORT