Fight the Phish this Tax Season!

March 20, 2024
Print | PDF

With March comes Spring, warmer weather, and tax season! The process of filing a tax return can be stressful enough without considering the added potential for phishing and fraud. Here are some tips to ensure your hard-earned refund is kept safely out of the reach of scammers.

Spot The Signs of a Scam

Phishing scams that occur over email or SMS text messages often imitate the Canada Revenue Agency (CRA)’s branding, email addresses, or phone numbers. These messages are sometimes directly tailored toward the recipient and include personal information like a name, date of birth, or even a (stolen) SIN to make their message appear more realistic.

These scams include:

  • Promises of tax refunds or incentive payments (ex. Carbon Tax Rebate, Grocery Rebate, GST/HST) that must be urgently claimed before the offer expires. This premise also allows the scammer to request financial details from the recipient.
  • Fraudulent notices of assessment that ask the recipient to log into a phishing site to view additional details.
  • Phishing messages that impersonate tax-filing services like Turbotax or H&R Block.
  • False claims of outstanding taxes and requests for payment, which can sometimes also involve impersonating the RCMP.
  • Fraudulent notifications of availability for online T4 forms. These messages can be especially dangerous if the cyber-criminal knows the name of their victim’s employer. If you receive word that a T4 form is available, go directly to your employer’s online portal (e.g. LORIS) rather than clicking on links in email messages.

Tax scams still contain all the warning signs of other phishing messages, so be vigilant of any sender that emphasizes urgency or threatens financial or legal consequences if you don’t act quickly. The CRA will not send you a direct link asking you to fill out a form or claim a refund. Treat these links with extreme caution and visit the CRA’s website directly instead of clicking on them. The CRA will also not disclose sensitive information like a SIN number via email, nor will they ask for you to pay a fee to speak to one of their agents.

When it comes to payments, the CRA does not accept Bitcoin, e-transfers, pre-paid credit cards, or gift cards (scammers might also refer to them as “Google payment cards” or “Apple payment cards” to deceive their victims). These payment methods are commonly used by scammers since they are hard to trace or refund once the scam is complete.

Fraud Over the Phone

Even if you don't use a computer to file your tax return or communicate with the CRA, this doesn’t mean you'll automatically be safe from fraud attempts. Scammers are using technology like AI voice synthesis, caller ID “spoofing”, and stolen customer information to make their vishing (voice phishing) calls increasingly convincing and effective.

A scammer using vishing techniques over the phone may impersonate a CRA employee and ask for personal information like your SIN or attempt to gather financial details like credit card and banking info. Some automated calls (also known as “robocalls”) may instruct you to call back to a toll number, resulting in excessive phone bill charges.

Here's an example of a fraud call from the CRA’s website:
“The reason behind this call is to notify you that we have registered a criminal case against your name concerning a tax evasion and tax fraud in the federal court house. So if you want any further information about this case, please make sure you give us a call back as quick as possible to our direct hotline number to the Canada Revenue Agency Headquarters. That is 613-927-9919, I will please repeat the number, it is 613-927-9919. If we don’t receive a call from your side, please be prepared to face the legal consequences, as the issue of tax is extremely serious and time-sensitive. So have a blessed time.”

How Do I Report a Scam?

Email phishing should be reported to reportspam@wlu.ca, while SMS text messages can be reported to your mobile phone provider by forwarding to 7726 (SPAM) or using the spam-reporting features in iOS and Android.

If you receive a suspicious tax-related call, hang up and call the CRA back through their official toll-free number to verify whether the call is legitimate. Some mobile phones also support the ability to report calls to the cell provider as spam, which can help identify and prevent further calls involving other customers. Attempted fraud can also be reported to the Canadian Anti-Fraud Centre at 1-888-495-8501.

Staying informed is the best way to protect yourself against fraud. Learn more about scam prevention on the CRA's website.