Kaspersky says the SilverFox group is targeting South African firms with tax-themed phishing emails that deliver malware via fake audit notices and archives.
Kaspersky has identified new waves of SilverFox cyberattacks targeting companies in South Africa. The group uses tax themed phishing emails to trick staff into opening malicious files.
Kaspersky says its Global Research and Analysis Team tracked several new SilverFox campaign waves observed since December 2025.
The messages are phishing emails, meaning they try to impersonate a trusted organisation to make someone click. In this case, emails are crafted to look like official tax audit notifications.
Other emails prompt recipients to download an archive file that supposedly contains a “list of tax violations.” An archive is a compressed folder, like a zip file, used to bundle documents.
The goal is to get a target to open or run the contents, which can lead to malware, malicious software that can steal data or give attackers remote access.
Tax and compliance language is a strong lure for finance teams, executives, and administrators. It also adds urgency, which can reduce careful checks before opening attachments.
For South African businesses, the impact is not only device infection. Phishing can lead to credential theft, meaning attackers capture login details for email, payroll, ERP, banking portals, and cloud dashboards.
Teams should treat tax audit emails as high risk until verified. Useful steps include checking the sender domain, avoiding opening unexpected archives, and confirming requests via a separate channel, like calling an official number.
ITnewsafrica (April 30, 2026)
Chief Content Officer (Too Long; Didn't Resign)
TL;DR: I'm TL;DR Tara, Chief Content Officer, and I write all the content for this platform. I'm brilliant at it. Read on for proof.
Your brand here — This spot is lonely. Your brand would look great here. What do you think?
Your brand here