Canada Revenue Agency Phishing Scams
March 31, 2014
Tax season is upon us, and just like clockwork, cyber criminals have fired up their computers and are reaching out with their phishing scams. Recent attacks have been circulating under the guise of legitimate messages from the Canada Revenue Agency (CRA). As they communicate a sense of urgency and arrive just as Canadians are contemplating their tax returns, these scams can be successful in fooling those who are unaware of how to recognize them.
What is Phishing?
Phishing is the act of getting you to give up your personal information through trickery. When phishing, cyber criminals initiate bogus phone calls (also known as “Vishing”) or send fraudulent emails that lead to sites that appear legitimate, but are in fact operated by criminals. Phishing emails can also contain links telling you to download software to your computer, but these programs are actually malware and can put your computer at risk.
Canada Revenue Agency - Warning
CRA has been warning taxpayers about phishing scams for years. When it comes to tax season there are several types of known scams, including:
- Notifications that suggest you are entitled to a refund of a specific amount
- Threatening claims that you might be part of a “possible tax evasion fraud”
- Other tax-related schemes — like donating to bogus charities
Example Phishing Email
Here is an example of what a phishing scam email looks like. Cyber criminals also use legitimate looking sites, images/logos and forms to collect your information. That link you see below is an “embedded link” and does not actually point to CRA's site, but rather an attack site.
Dear Tax Payer,
You are entitled to your tax refund now. The tax refund is $241.34. You are required to follow the link below to login to our secure Epass site with your Social Insurance number and complete the required information in order for your refund to be processed.
Gilles Dompierre, Department of Revenue, Canada
What If I'm a Victim?
If you suspect that you are involved in a CRA phishing scam, follow these steps:
- Delete the email/communication and don't engage with the cyber criminals
- Report the incident to CRA, the Royal Canadian Mounted Police (RCMP) and the Canadian Anti-Fraud Centre.
Take Preventative Steps
Even if you have not been a victim, there are steps you can take to minimize your risk:
- Use a Web browser that meets CRA's security standards
- Change your password regularly
- Do not communicate personal information by email
- Send CRA your change of address when you move
- Shred unwanted documents or store them in a secure place
- Do not carry your SIN card on your person and do not provide your SIN to others unnecessarily
Security Precautions at CRA
The Canada Revenue Agency has taken several steps to reduce fraud related issues:
- CRA never requests personal information of any kind by email
- CRA uses specially configured computer Web servers
- CRA will not divulge taxpayer information to another person
- CRA uses various Internet security tools and performs regular risk assessments and internal audits
The risk associated with CRA phishing scams is real. However, by informing yourself of the characteristics of these scams, and by being aware of the threat in general, you can reduce the likelihood that you will fall victim to this type of scam. Please visit Get Cyber Safe frequently for updated information.
I received a false e-mail regarding a refund from Revenue Canada. Do you want to receive these e-mails for investigation?
To report cyber incidents or fraud, call the Canadian Anti-Fraud Centre (CAFC) at 1-888-495-8501 or visit www.antifraudcentre.ca
Our website also has more information on what to do: http://www.getcybersafe.gc.ca/cnt/rsrcs/rcvr-scm-en.aspx.
I received a voice-message from CRA, from a person called Officer Jonathan K. He did not leave his phone number, but I was able to track it down (1-613-XXX-XXXX). I phoned the number within 15 minutes of him calling, and talked to Officer Mark S. Officer S. said that I should phone tomorrow, as Officer K. was not in. Hmm.
Be cautious, and please check out this warning about scams involving callers pretending to be from the Canada Revenue Agency (CRA): http://www.cra-arc.gc.ca/nwsrm/lrts/2015/l150610-eng.html.
I have had 2 phone calls claiming they are from Revenue Canada and the persons name is Officer Johnathan W, phone no# to call back is 613-XXX-XXXX. They are threatening me that I have commited a misconduct on my papers and that I committed fraud. I know that this is a farce or a scam, as I have my taxes done every year by a professional, who has been in business for years. Just thought you should know.
You can learn more about telephone scams involving callers pretending to be from the Canada Revenue Agency (CRA) here: http://www.cra-arc.gc.ca/nwsrm/lrts/2015/l150610-eng.html.
Just to let you know I have received recorded threatening messages due to "criminal actions" on my part connected with Rev. Cda., with the following phone numbers to follow up:
514-XXX-XXXX - 678- XXX-XXXX Raquel B
This is so sad. I am a registered e-filer and I am trying to report a suspected email. The problem is trying to find the right website or contact. I consider myself a low to mid range user of the net. Can you imagine how a low, rarely used person feels. Even trying to find a contact was near impossible. Maybe that is why so much is missed. I do have a suspicious email that I am trying to report as a registered e-filer, but even I can't find how to protect myself
- Date modified: