South Africa's tax season brings a sharp rise in phishing scams, eFiling account hijacking and fraud targeting SARS taxpayers. Lucas Molefe, Cybersecurity Expert at ESET Southern Africa, explains how AI-driven telemetry and behavioural analytics are helping banks and organisations detect threats in real time and protect taxpayers during the high-risk filing period.
The South African tax season is on everybody’s calendar, including cybercriminals. Every year, from July to October, millions of South Africans log into Sars eFiling and submit sensitive personal and financial information. In 2025, more than 10 million unique users accessed and shared their information via the tax authority’s digital channels, including eFiling and the Sars Mobi App. For cybercriminals, tax season is hunting season, a predictable, high-value campaign period that’s reflected in Sars' own warnings about phishing, eFiling profile jacking and growing attempts to defraud taxpayers.
In 2025, Sars, Standard Bank, Capitec and Nedbank issued warnings to customers about the rise in scams throughout this period, and Sars former commissioner Edward Kieswetter alerted taxpayers to the scams, emphasising that Sars will not ask for personal information over email or via SMS. While there are no official numbers on how many people fell victim to tax-season scams in 2025, the volume of alerts and guidance from professional bodies confirms a significant spike during the filing window, with spoofed emails, fake refund notices, and impersonation attacks specifically designed to harvest eFiling credentials and banking details.







