Cyber Security Newsletter - March 2023: It's Tax Time!

Tax season is here once again – whether you're hoping to get a hefty refund, or you just want to get it over with, you may be feeling eager to submit your tax return. 

In hopes of making more money from tax scam victims, cyber criminals unfortunately also look forward to this time of year. To help you avoid becoming a target of tax scams, we've put together some info and tips.

COMMON TAX SCAMS

Tax-related phishing emails often impersonate the Canada Revenue Agency (CRA)'s branding. These emails may include your personal information (e.g., your name, date of birth, SIN number, etc.) in an attempt to make the email seem legitimate. 

These scams can appear in the following forms:

Promises of refunds – The scammer may use urgent language (e.g., claiming that you need to take action by a certain date to get your refund). They may also request additional financial information from you.

Notice of assessment/messages from CRA – although the CRA will sometimes use email to contact people, legitimate emails from the CRA do not include your personal information in the email message. Emails from the CRA will usually ask you to log in to the CRA website to view the message content. Make sure you hover over any CRA login links to see the actual URL before you click – scammers may link you to fake CRA look-a-like sites. 

Tax filing service impersonation – Not all tax scams will appear to come from the CRA. Cyber criminals may also impersonate tax filing services such as TurboTax and H&R Block.

Payment extortion – Cyber criminals may demand that you pay them for alleged outstanding taxes. They may also use threatening language and attempt to impersonate authorities such as the RCMP or CRA.

PHISHING, VISHING, AND SMISHING

As a member of the Laurier community, you may be familiar with the process of forwarding email phishing scams to reportspam@wlu.ca to report them. However, tax scams are not limited to only email. You may also receive them via phone call (vishing) or text message (smishing). 

Vishing – automated scam calls may prompt you to press "1" to speak to a CRA employee, but doing so would actually connect you to a scammer impersonating someone from the CRA. The scammer will ask for your SIN, credit number, banking info, etc. By pressing "1", you may also be added to the scammer's list of people to contact again since you responded to their call.

Smishing – these messages look similar to email phishing attempts but are delivered via text. Scammers use smishing in hopes that a short message delivered directly to your phone will catch you off-guard and prompt you to take action immediately. Fraudulent text messages can be reported to 7726 (SPAM) to help your mobile service provider block similar messages in the future.

LEARN TO SPOT A TAX SCAM

Here are some things you should keep in mind and look out for:

• The CRA does not ask for your personal information or financial details via email or text message. 
• Treat any links in tax-related e-mail or text messages with extreme caution and visit the CRA's website directly (instead of clicking a link) whenever possible.
• Payments for tax refunds like GST/HST are automatically mailed or deposited to eligible recipients – there should be no additional need for you to manually claim these payments.
• Requests for payment of outstanding balances via Bitcoin or gift cards are a sure sign of a scam. The CRA does not accept these payment methods – they are used by scammers because they're difficult to trace or reverse once payment has been made.
• If you receive a suspicious phone call, it is a good idea to hang up and call the CRA through their official toll-free number (1-800-959-8281) to verify whether the call is legitimate. Attempted fraud can also be reported to the Canadian Anti-Fraud Centre at 1-888-495-8501.

Following the tips above and being informed about potential scams will keep your personal and financial info out of the hands of cyber criminals and ensure your tax return is filed safely! For more helpful resources, visit canada.ca/be-scam-smart.