Fighting Fraud

Local Journalism Initiative
·3 min read

Fighting cyber fraudsters takes more than international intelligence networks, it also requires individuals to become aware and wary of the many different ways individuals can be swindled. As tax season is in full swing, Canadians are being reminded to be vigilant.

For a cybercriminal, the incentive of getting an address, phone number, or even a social insurance number (SIN) from someone filing their taxes is huge and they will put in extra effort to trick people and attempt to steal their information. Cyber criminals can rake in a large payday during tax season and phishing is one of the most common methods used. Phishing involves sending an email that appears to be from a financial institution, online retailer, or even the CRA. The message might say there is an issue with the filed T1 or that there has been a reassessment, and the individual will receive a larger return than expected. The victim is then instructed to click on a link or open an attachment which ultimately gives the fraudster access to all sorts of confidential information. Frauds can also use negative scenarios to trick individuals into acting and may threaten that if the victim does not respond immediately, they will be arrested, fined, or even deported. Some ‘scams’ claim Social Insurance numbers have been compromised, back taxes are owing, or unpaid balances exist, or that the CRA has an outstanding case against the victim.

Spear phishing is similar to regular phishing, but it is hyper-targeted. When it comes to taxes, spear phishing could be used to make a tax-related phishing attack even trickier to spot. In this scenario, the fraudster will have found some personal information online that they will use to make their message specific to you. They may know your full name, employer, date of birth, address, or another piece of data to make their message seem more real and increase the likelihood that the victim will believe them.

Spoofing is another way that cybercriminals try to steal personal data. They do this by duplicating a legitimate source, like a website or email address. The fraudster may include a fake website link in an earlier phishing email, and when opened the link will lead to a lookalike version of the website one thinks they are going to.

A good rule of thumb is the “Rule of 10 & 2”: Do not act immediately, wait for ten minutes, and think carefully about the conversation or information that was presented and reach out to two people to discuss it before acting. The Canada Revenue Agency does not need to have a bank account number to send a refund, if there is no direct deposit information registered, they will issue a cheque and send it through Canada Post. Likewise, they will never ask for a payment via a text message. The CRA reports that as of February 26, 2024, they were receiving reports of text messages claiming to be from the CRA. The message includes the victim’s full name and SIN and asks that payment be sent to a phone number. The CRA does not accept payments by credit card, PayPal, or Interac e-Transfer. As of December 31, 2023, 62,365 reports of fraud were processed, and 41,111 victims of fraud were identified resulting in $554 million lost to fraud.

The CRA will not give or ask for personal or financial information by email, nor provide a link to open that demands an online form be filled with this information. They will also not send an email including a link for your refund. The CRA will not send an email or phone demanding immediate on-the-spot payment, nor will they threaten arrest or imprisonment.

“The only way we’re going to get in contact with you is either by mail or by email, where we’ll send you an email telling you to check your online account for something, and in very rare instances, we will reach out to you by phone,” CRA Spokesman Adam Finley says.

Carol Baldwin, Local Journalism Initiative Reporter, Wakaw Recorder

  • Up next
  • Up next
  • Up next
  • Up next

Latest Stories