OTO Draft Report: SARS eFiling Profile Hijacking Investigation

Posted 04 November 2025 Written by Acts Online
Category Tax

Brought to you by SA Accounting Academy: The Office of the Tax Ombud (OTO) has released its draft report regarding systemic investigations into eFiling profile hijacking and associated fraudulent activities.

In terms of the Tax Administration Act, No. 28 of 2011, the Office of the Tax Ombud (OTO) has published its draft report on the investigation into alleged eFiling profile hijacking within the South African Revenue Service (SARS) system. The report addresses numerous complaints from taxpayers and tax practitioners regarding compromised profiles that have facilitated fraudulent transactions, primarily in the domains of Personal Income Tax and Value-Added Tax (VAT).

The OTO’s investigation identified that fraudulent transactions typically range from under R10,000 to R100,000. The draft report highlights several systemic vulnerabilities, including:

  • Inadequate authentication mechanisms and a lack of robust multi-factor verification;
  • Significant delays in SARS’s response to reported fraud cases;
  • Potential insider threats and unauthorized access within the revenue service; and
  • Insufficient digital security awareness among taxpayers and practitioners.

Recommendations and Legislative Proposals

The OTO recommends that SARS implement enhanced authentication measures, such as biometric re-verification, and improve fraud detection systems through inter-agency collaboration with the Companies and Intellectual Property Commission (CIPC), the South African Police Service (SAPS), and the banking sector. Additionally, the report advises the National Treasury to consider legislative changes, including the potential creation of an Inspector-General of Tax Administration to oversee such systemic issues.

The draft report is currently open for public comment, with a submission deadline of 31 October 2025. The final report will be released following the consideration of stakeholder input.

Click here to download the OTO Draft Report on the Investigation into Alleged eFiling Profile Hijacking.

What this means for you, your business, or your clients

  • For yourself: You should immediately verify your personal eFiling security settings and ensure that two-factor authentication is active to mitigate the risk of unauthorized profile access.
  • For your business: Tax practices must conduct a security audit of all practitioner profiles and implement internal protocols to monitor for unauthorized changes to client bank details or profile permissions.
  • For your clients: Advise clients of the heightened risk of VAT and Personal Income Tax fraud, and establish a process for regular verification of their registered details on the SARS system.

Originally published at https://accountingacademy.co.za/news/read/oto-draft-report-2025-re-sars-efiling-profile-highjacking

The views expressed herein are those of the author and do not necessarily reflect those of Acts Online. Acts Online accepts no responsibility for the accuracy, completeness or fairness of the article, nor does the information contained herein constitute advice, legal or otherwise.