From refund to robbery: The rise of eFiling profile hijacking
From refund to robbery: The rise of eFiling profile hijacking
By Jacqueline Viljoen, Assistant Manager
eFiling profile hijacking has become a significant concern for South African taxpayers and tax practitioners, revealing vulnerabilities in the SARS system and highlighting slow, inadequate responses to these incidents.
This form of fraud involves unauthorized access to taxpayer profiles on SARS’s eFiling portal, often resulting in fraudulent refunds. Criminals use identity theft tactics — such as document theft and phishing — to obtain credentials, then alter personal and banking details to redirect funds. Personal income tax and VAT are most affected, with both individual taxpayers and tax practitioners frequently targeted.
Following numerous complaints, the Office of the Tax Ombud (OTO) initiated an investigation in August 2024, focusing on SARS’s authentication methods and service delivery and on 1 October 2025 issued a draft report on its investigation.
According to the draft report, eFiling profile hijacking is most prevalent among tax practitioners (48.3%) and individual taxpayers (32.7%). Personal Income Tax profiles account for 65% of reported hijacking cases. SARS receives, on average, 387 new hijacking cases per month, with a total of 15,968 cases reported as of October 2025.
The estimated value of fraud in most cases is below R10,000, but a considerable number fall within the R10,000 to R100,000 range. SARS refunded R21,169,678.91 to victims over the past two years. Lower-income taxpayers are disproportionately affected, while only 25% of victims reported incidents to SAPS.
Although 94% of finalized cases in 2024 were resolved in favour of taxpayers, 89% of respondents expressed dissatisfaction with SARS’s response, citing poor communication and delayed resolution.
The OTO’s draft report identifies numerous systemic issues and recommends improvements.
Victims face ineffective communication channels, slow response times and limited support from SARS. Investigations lack transparency and affected individuals are often denied access to their profiles, potentially leading to further non-compliance. Delays in resolving cases and alleged internal fraud exacerbate the problem, while SAPS struggles to categorize and escalate such incidents.
In its draft report, the OTO recommends that SARS should strengthen authentication processes, internal controls and fraud detection systems, and implement enhanced refund verification to flag suspicious activity.
Nationwide campaigns should be conducted to raise awareness about digital security and reporting procedures.
Tax practitioners should also collaborate with SARS to improve third-party access controls, use unique credentials and ensure additional verification when updating sensitive information.
Taxpayers can also contribute to curb profile hijackings as much as possible. This includes always using strong and unique passwords and being very cautious with sharing personal information. eFiling profile activity should be monitored closely to ensure no unusual activity or unauthorised changes. In the event of the aforementioned situations, taxpayers should immediately contact SARS to secure their accounts and prevent further fraud.
Corporate tax profiles are less affected, accounting for only 5% of reported cases, but companies should remain vigilant. All entities should ensure that eFiling profiles are accurate and up to date, especially regarding public officers, directors, and banking details.
Sensitive information should always be shared with caution and the same recommendations for individual taxpayers and practitioners should be followed by companies. It is important to ensure that a company’s eFiling profile contains the most recent and up to date details when it comes to the company’s Public Officer, directors and banking details.
Profile hijacking can have serious implications for the target’s tax affairs and business operations. This can be prevented by taking proactive steps to ensure the safeguard of the digital tax identity and to ensure compliance. Proactive steps include conducting a regular and thorough eFiling Health check.
BDO offers a free eFiling compliance check focussed on companies, to help them to assess the adequacy of the security around their eFiling profile. This diagnostic review is a proactive step towards ensuring full compliance and minimising potential risks — allowing companies to focus on their core business with confidence.
We encourage you to reach out to our BDO Corporate Tax Compliance team today to secure peace of mind and restore control over your company’s eFiling profile.
eFiling profile hijacking has become a significant concern for South African taxpayers and tax practitioners, revealing vulnerabilities in the SARS system and highlighting slow, inadequate responses to these incidents.
This form of fraud involves unauthorized access to taxpayer profiles on SARS’s eFiling portal, often resulting in fraudulent refunds. Criminals use identity theft tactics — such as document theft and phishing — to obtain credentials, then alter personal and banking details to redirect funds. Personal income tax and VAT are most affected, with both individual taxpayers and tax practitioners frequently targeted.
Following numerous complaints, the Office of the Tax Ombud (OTO) initiated an investigation in August 2024, focusing on SARS’s authentication methods and service delivery and on 1 October 2025 issued a draft report on its investigation.
According to the draft report, eFiling profile hijacking is most prevalent among tax practitioners (48.3%) and individual taxpayers (32.7%). Personal Income Tax profiles account for 65% of reported hijacking cases. SARS receives, on average, 387 new hijacking cases per month, with a total of 15,968 cases reported as of October 2025.
The estimated value of fraud in most cases is below R10,000, but a considerable number fall within the R10,000 to R100,000 range. SARS refunded R21,169,678.91 to victims over the past two years. Lower-income taxpayers are disproportionately affected, while only 25% of victims reported incidents to SAPS.
Although 94% of finalized cases in 2024 were resolved in favour of taxpayers, 89% of respondents expressed dissatisfaction with SARS’s response, citing poor communication and delayed resolution.
The OTO’s draft report identifies numerous systemic issues and recommends improvements.
Victims face ineffective communication channels, slow response times and limited support from SARS. Investigations lack transparency and affected individuals are often denied access to their profiles, potentially leading to further non-compliance. Delays in resolving cases and alleged internal fraud exacerbate the problem, while SAPS struggles to categorize and escalate such incidents.
In its draft report, the OTO recommends that SARS should strengthen authentication processes, internal controls and fraud detection systems, and implement enhanced refund verification to flag suspicious activity.
Nationwide campaigns should be conducted to raise awareness about digital security and reporting procedures.
Tax practitioners should also collaborate with SARS to improve third-party access controls, use unique credentials and ensure additional verification when updating sensitive information.
Taxpayers can also contribute to curb profile hijackings as much as possible. This includes always using strong and unique passwords and being very cautious with sharing personal information. eFiling profile activity should be monitored closely to ensure no unusual activity or unauthorised changes. In the event of the aforementioned situations, taxpayers should immediately contact SARS to secure their accounts and prevent further fraud.
Corporate tax profiles are less affected, accounting for only 5% of reported cases, but companies should remain vigilant. All entities should ensure that eFiling profiles are accurate and up to date, especially regarding public officers, directors, and banking details.
Sensitive information should always be shared with caution and the same recommendations for individual taxpayers and practitioners should be followed by companies. It is important to ensure that a company’s eFiling profile contains the most recent and up to date details when it comes to the company’s Public Officer, directors and banking details.
Profile hijacking can have serious implications for the target’s tax affairs and business operations. This can be prevented by taking proactive steps to ensure the safeguard of the digital tax identity and to ensure compliance. Proactive steps include conducting a regular and thorough eFiling Health check.
BDO offers a free eFiling compliance check focussed on companies, to help them to assess the adequacy of the security around their eFiling profile. This diagnostic review is a proactive step towards ensuring full compliance and minimising potential risks — allowing companies to focus on their core business with confidence.
We encourage you to reach out to our BDO Corporate Tax Compliance team today to secure peace of mind and restore control over your company’s eFiling profile.