Beware tax refund scam, Kaspersky warns


A wave of fraudulent tax refund letters was launched at unsuspecting taxpayers globally, according to Kaspersky's Spam and Phishing Report for the second quarter of 2019.

The internet security firm says scammers want to make the most of the time of year when there are usually deadlines for tax submissions and taxpayers expect tax refunds.

In the second quarter of 2019, the average share of spam in the world’s email traffic was 55%, 5% higher than the average figure in the second quarter of 2018. The overall number of phishing attacks in the quarter rose by 21% compared to the figure a year ago, reaching 129 933,555.

China (23.72%) became the most popular source of spam, overtaking the US (13.89%) and Russia (4.83%).

During the second quarter Kaspersky experts detected multiple emails pretending to be offers for tax refunds in many countries.

When is it spam?

The fake tax refund letters usually contain an imminent deadline within which the taxpayer would have to take action.

For instance, the scammers urged victims to follow a link and fill out a form "immediately". In another version, the taxpayer was given just 24 hours to respond, otherwise a tax refund "would not be possible".

In this way, the criminals tried to steal valuable information, or in some cases, install dangerous spyware.

"Spam and phishing malicious letters usually contain links that lead users to a seemingly legitimate webpage, created by fraudsters and aimed at stealing various types of personal information," explains the Kaspersky report.

"Seasonal spam and phishing can be extremely effective, since the emergence of such letters in a mailbox is sometimes wished and expected, unlike most 'unique offer' - type scams."

The tricked taxpayer might not even realise that it was a cyber attack and that they had been exposed, until it was too late.

Kaspersky offers the following tips:

  • Always check the link address and sender's email before clicking on anything sent by them.
  • Check if the link address can be seen in the email and is the same as the actual hyperlink (the real address the link will take you to). This can be checked by hovering your mouse over the link.
  • Do not download and open email attachments that come from unfamiliar email addresses, before scanning them with a security solution. If the email seems legitimate, it is best to check it by accessing the website of the organisation that supposedly sent it.
  • Never share your sensitive data, such as logins and passwords, bank card data with a third party. Official companies will never ask for data like this via email.
  • Use a reliable security solution with behaviour-based anti-phishing technologies to detect and block both spam and phishing attacks and initiation of malicious files.
We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For 14 free days, you can have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today. Thereafter you will be billed R75 per month. You can cancel anytime and if you cancel within 14 days you won't be billed. 
Subscribe to News24
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders