How to stay cyber secure while filing your taxes

Sure, filing your taxes can be a pain, but falling for a cyber scam while you’re doing them could really hurt. Unfortunately, online fraud is increasing and only gets worse during tax season. With all of your most personal information available in a single place, it’s no wonder that tax season is a cyber criminal’s favourite time of year. Two people sitting on a couch filling out paperwork, with passwords, Wi-Fi symbols and padlocks

Here are some steps that you can take to protect yourself from potential scammers while filing your taxes.

Stay away from public Wi-Fi

Public Wi-Fi connections, like the ones offered at your favourite coffee shop, provide a convenient and easy way to connect to the internet. The issue with these free Wi-Fi connections is that they aren’t secure. Anyone can access these networks, which makes it easy for cyber criminals to access any of the devices that are connected to them. Cyber criminals can also create fake or spoofed public Wi-Fi networks designed to look like the one you’re trying to access.

If you’re going to access sensitive accounts (like your tax or bank accounts) or send sensitive information (like your taxes), you’re better off doing it on a secure network like your home Wi-Fi. If you do need to use public Wi-Fi, you should always use a VPN to keep your data protected.

Create a strong password for your online tax accounts

Your passwords are often your first line of defence when it comes to cyber security. This is why it’s so important to have strong, unique passwords for each of your accounts. It’s extra critical that the passwords you’re using for your tax accounts are unique (in other words, not used on any of your other accounts). Your tax accounts hold your most personal and sensitive information, like your social insurance number (SIN), your birthday and your employment records. Essentially, everything a cyber criminal would need to steal your identity.

We recommend using a passphrase, which is a unique phrase or string of words similar to a password, instead of a password for added security. A passphrase should be at least 15 characters and be made up of 4 or more random words.

You should also enable multi-factor authentication (MFA) on your tax accounts whenever it’s available. MFA adds an extra layer of security to your accounts. If a cyber criminal ever got your password, there would be another defence in place to stop them from hacking into your accounts.

Beware of tax-related phishing scams

Phishing is one of the most common tactics that cyber criminals use to steal personal information. Cyber criminals will often pose as a legitimate organization or individual to trick you into offering up sensitive information. Phishing messages typically take the form of an email or phone call to hide the scammer’s identity.

When it comes to tax season, cyber criminals will often increase their phishing attempts to commit identity theft and steal your most sensitive information. In some circumstances, they may pretend to be your bank or a government organization like the Canada Revenue Agency (CRA). Some common phishing scams use intimidation, where a scammer may threaten you with legal action if you don’t give up your information. Other phishing scams may offer fake rewards like “additional money on your tax return” if you enter your information through a suspicious link.

It’s important to know that the CRA would never threaten you for your personal information or send you an email or text with a link to your refund. To confirm whether the CRA is actually contacting you, you can check out the CRA’s tips to protect yourself against fraud. If you’re ever unsure whether or not you’re looking at a phishing attempt, the best thing to do is contact the organization in question through an official communications channel like their phone number. Never click any suspicious links or open any strange attachments.

All CRA My Account users should enable “Email notifications” as an additional security measure. This service notifies you by email when you have mail from the CRA, if your address or direct deposit information was changed on CRA records, or if paper mail to you from the CRA was returned as undeliverable. These notifications act as an early warning of any potential fraudulent activity on your account.


Cyber criminals think that tax season is the most wonderful time of year – to steal your personal information, that is. You can protect your identity by avoiding filing your taxes on public Wi-Fi, using a strong password and MFA on all of your tax accounts and being wary of tax-related phishing scams. This will help you to stay cyber safe and prevent potential fraud.

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: