JOHANNESBURG, Gauteng — As the South African tax season officially opens on July 1, cybersecurity professionals are raising the alarm over a sophisticated surge in SARS phishing scams driven by artificial intelligence. ESET cybersecurity expert Lucas Molefe warns that taxpayers must be hyper-vigilant as criminals deploy AI-generated messages and fake fraud notifications to hijack financial accounts.
According to Molefe, the start of the new financial year’s filing period acts as a “hunting season” for cybercriminals. Attackers are deploying a mix of phishing emails, fraudulent SMS text messages, and deceptive communications to harvest login credentials. The ultimate objective for these syndicates is full account hijacking, which provides them with the direct access needed to siphon funds.
The mechanics of these attacks have evolved significantly. In the past, taxpayers could easily identify fraudulent messages due to glaring spelling mistakes and poor grammar. However, Molefe explains that artificial intelligence has revolutionized the scamming playbook. AI tools now allow criminals to generate highly convincing, grammatically flawless messages that instill a false sense of urgency. This psychological pressure is designed to force users into hastily clicking malicious links.
To counter these highly polished threats, Molefe advocates for a strict “stop and verify” protocol. When an unexpected message arrives—especially one promising a tax refund—recipients should resist the urge to click immediately. Instead, users should hover their cursor over embedded hyperlinks to reveal the true destination URL. Even if the visible text claims to be from the South African Revenue Service, the underlying link may lead to a malicious site. Molefe advises bypassing email links entirely by navigating directly to the official SARS website to verify any information requests.
For those who prefer mobile access, Molefe highlights the official SARS mobile application as a highly secure alternative, noting that the revenue service has invested heavily in protecting the platform. Furthermore, he stresses the importance of continuous self-education. Financial institutions and SARS regularly broadcast warnings about emerging threats. Molefe shared a personal anecdote, noting that he received a security alert on his own banking app just the previous day detailing the latest SARS-specific scams. He urges the public to read these notifications, emphasizing that phishing campaigns target everyone, regardless of their workplace or environment.
Beyond user vigilance, implementing robust technical barriers is non-negotiable. Molefe strongly recommends enabling two-factor authentication (2FA) or multi-factor authentication on all SARS profiles, linking the secondary verification to a personal cell phone. This ensures that even if a scammer successfully steals a username and password via a phishing link, they cannot access the account without the secondary code.
Illustrating the necessity of this layered defense, Molefe compares digital security to physical home protection.
“If someone has a house and a yard, they’ll have a dog, a camera, and also have a service to protect them,” he explained. “Why are they putting all those layers? Because one layer can never be enough.”
By combining multi-factor authentication with cautious online habits, taxpayers can effectively shield their finances and personal data during this year’s filing window.


