PROJECT: SARS-RELATED CRIME AND ITS IMPACT (PART 2)
- 1 hour ago
- 4 min read
PLEASE SHARE THIS PUBLIC DOCUMENT
EXPANDED THREAT LANDSCAPE
While cybercrime infrastructure enables attacks, the true impact is measured in human and institutional damage.
SARS-related fraud not only results in financial loss—it creates prolonged identity compromise,
administrative breakdown, and legal exposure for victims.
A significant proportion of South Africans are exposed to digital fraud attempts annually, with login credentials
and identity access points identified as primary compromise vectors. Once access is obtained,
criminals are able to redirect refunds, alter banking details, and manipulate taxpayer profiles without immediate detection.
eFiling hijacking cases demonstrate a particularly concerning pattern: victims often only discover the breach after refunds
have already been redirected or assessments altered. Recovery is complex, time-consuming, and in many cases incomplete.
UNDERREPORTING AND TRUE SCALE:
A critical issue is underreporting.
Many victims do not report incidents due to:
Lack of awareness that a crime occurred.
Perception that recovery is unlikely.
Administrative complexity.
Delayed detection.
This means the documented figures likely represent only a portion of actual incidents, with real-world exposure significantly higher.
SECONDARY IMPACT ON BUSINESSES:
Beyond individuals, businesses face increasing exposure through:
Payroll system infiltration.
Invoice manipulation.
Supplier banking detail fraud.
Internal credential compromise.
Accountant impersonation attacks.
A single successful intrusion can compromise entire financial ecosystems, affecting employees, clients, and suppliers simultaneously.
SYSTEMIC EXPOSURE:
SARS-related fraud is no longer isolated to opportunistic scams.
It reflects a structured and adaptive criminal economy that evolves alongside digital tax systems.
HOW SARS-RELATED FRAUD SYNDICATE NETWORKS ACTUALLY FUNCTION:
Modern tax-season fraud is typically not executed by isolated individuals. It is operated through layered syndicate structures with defined roles and technical workflows.
1. RECONNAISSANCE & DATA HARVESTING LAYER:
Criminals first gather data through:
Data leaks (ID numbers, emails, phone numbers).
Social media profiling.
Public business directories.
Previous phishing campaigns.
Dark web data purchases.
The criminal's objective is to build targeted victim lists (high-income taxpayers, businesses, elderly individuals).
2. IMPERSONATION & BRAND CLONING LAYER:
Syndicates then replicate official SARS identity markers:
Fake SARS email domains.
Cloned websites mimicking eFiling portals.
Forged SMS templates.
Stolen SARS branding assets.
Their objective is to establish credibility and bypass user suspicion.
3. PHISHING & SOCIAL ENGINEERING EXECUTION:
This is the primary attack phase:
“Refund due” messages.
“Outstanding tax payment” threats.
“Account verification required” prompts.
Fake audit notifications.
Victims are directed to:
Fake login pages.
Credential capture portals.
Malicious payment gateways.
The objective is to harvest login credentials and banking data.
4. ACCOUNT TAKEOVER (ATO):
Once credentials are obtained:
eFiling profiles are accessed.
Banking details are changed.
Refund allocations are redirected.
Contact information is modified to block alerts.
This allows the criminals full control of the taxpayer profile.
5. MONETISATION LAYER:
Stolen funds are extracted through:
Mule bank accounts.
Rapid fund transfers between accounts.
Cash withdrawals via intermediaries.
Cryptocurrency laundering in some cases.
This allows the criminals rapid conversion before detection.
6. DISRUPTION & COVERAGE:
After extraction:
Accounts are locked or abandoned.
Victims are delayed through fake “support” communication.
Traces are obscured through layered transfers.
This allows for delays in reporting and reduces traceability.
SARS-related fraud is not a single scam type—it is a structured criminal enterprise lifecycle, combining cyber intrusion, psychological manipulation, financial laundering, and identity exploitation.
RELEVANT SSS PROJECTS:
RELEVANT MEDIA ARTICLES:
Specialised Security Services invites the public to the Mike Bolhuis Daily Projects WhatsApp Channel.
This channel is important in delivering insights into the latest crime trends, awareness, warnings and the exposure of criminals.
How to Join the WhatsApp Channel:
1. Make sure you have the latest version of WhatsApp on your device.
2. Click on the link below to join the Mike Bolhuis Daily Projects WhatsApp Channel:
3. Follow the prompts to join the channel.
4. Make sure you click on "Follow", then click on the "bell"-icon (🔔)
CONTACT MR MIKE BOLHUIS FOR SAFETY AND SECURITY MEASURES, PROTECTION, OR AN INVESTIGATION IF NEEDED.
ALL INFORMATION RECEIVED WILL BE TREATED IN THE STRICTEST CONFIDENTIALITY AND EVERY IDENTITY WILL BE PROTECTED.
Regards,
Mike Bolhuis
Specialist Investigators into
Serious Violent, Serious Economic Crimes & Serious Cybercrimes
PSIRA Reg. 1590364/421949
Mobile: +27 82 447 6116
E-mail: mike@mikebolhuis.co.za
Fax: 086 585 4924
Follow us on Facebook to view our projects -
EXTREMELY IMPORTANT: All potential clients need to be aware that owing to the nature of our work as specialist investigators there are people who have been caught on the wrong side of the law - who are trying to discredit me - Mike Bolhuis and my organisation Specialised Security Services - to get themselves off the hook. This retaliation happens on social media and creates doubt about our integrity and ability. Doubt created on social media platforms is both unwarranted and untrue. We strongly recommend that you make up your minds concerning me and our organisation only after considering all the factual information - to the exclusion of hearsay and assumptions. Furthermore, you are welcome to address your concerns directly with me should you still be unsatisfied with your conclusions. While the internet provides a lot of valuable information, it is also a platform that distributes a lot of false information. The distribution of false information, fake news, slander and hate speech constitutes a crime that can be prosecuted by law. Your own research discretion and discernment are imperative when choosing what and what not to believe.
STANDARD RULES APPLY: Upon appointment, we require a formal mandate with detailed instructions. Please take note that should you not make use of our services – you may not under any circumstance use my name or the name of my organisation as a means to achieve whatever end.
POPI ACT 4 of 2013 South Africa: Mike Bolhuis' "Specialised Security Services" falls under Section 6 of the act. Read more here: https://mikebh.link/fntdpv
SSS TASK TEAM:

Copyright © 2015- PRESENT | Mike Bolhuis Specialised Security Services | All rights reserved.
Our mailing address is:
Mike Bolhuis Specialised Security Services
PO Box 15075 Lynn East
Pretoria, Gauteng 0039
South Africa
Add us to your address book
THIS PUBLIC DOCUMENT WAS INTENDED TO BE SHARED, PLEASE DO SO.

