Recently we have noticed emails that appear to have been sent from SARS, and that might look like legitimate SARS correspondence, but are not. These are unfortunately emails sent by scammers, who try to trick you into sharing personal information or downloading a virus.

Thankfully there are a few things you can look out for to ensure that you don’t fall victim to malicious intent from online criminals. If you get an email from SARS (or from any financial institution) that fulfils any of the below warning signs – rather click nothing, ignore all attachments, do not reply, just delete the email immediately.

• Does the email contain any bizarre spelling mistakes, or strangely formatted images, like a wrongly sized logo?
• Have you never heard of the person or organisation the email comes from, never dealt with them or acted on their website? Even if the email is from a friend, is the style of their email different from normal e.g. not greeting you, then suddenly using a one-liner with a web link?
• Are they asking for personal details e.g. ID number, banking details, PIN etc?
• Is the email attempting to shock you into acting e.g. telling you your computer security is vulnerable, your antivirus is broken, you have been hacked, or you have won a lot of money from an unknown relative? Never take any risky actions based on a shock email from a stranger. Always verify with an IT professional whether the threat is real before taking any action.
• Is this email from an organisation that should know your name, but doesn’t use it in the email? Scammers who only have your email address will often use a generic template such as “Hi [email address]” to start an email, instead of “Hi [first name]” as you might expect from your bank.
• Is the email asking or telling you to download something e.g. software or a free antivirus? Never download new software unless you have researched it yourself, or a human being you trust has recommended it to you in person.
• Is the sender email address something bizarre and not related to the contents of the email? Have a look at the domain part of the sender email address (the part after the @ sign). Is this domain representing a website that you know and trust, and that matches the email contents? Is the domain spelled exactly the same as what you expect? Sometimes scammers send email from similarly spelled domain names e.g. 5ARS.gov instead of SARS.gov.
• Are there any attachments and are these attachments corrupted or blocked by your antivirus software? Don’t open them. In fact, if there is an attachment on the email which is unexpected or not even mentioned in the email text, ignore it completely.
• Does the email ask you to open external attachments by clicking on a link e.g. One Drive, Google Drive etc? SARS will never use an external cloud provider to send you attachments.
• Does it have any weird outbound links which do not relate to the supposed email sender? If the email came from SARS, all the links in the email should point to the SARS website only and not a different organisation. In some email software packages you can hover over outbound links to see where they lead without clicking on them.

In closing, it is very easy for scammers to incorporate the logos and branding of companies that you trust into their scam emails and send email from company addresses that you know. Please try to apply common sense and a cautious approach when reading any email which is even slightly out of the ordinary. Stay safe!

Photo by Gary Chan on Unsplash