With tax season around the corner, it comes as no surprise that online tax scams are on the rise. Not only are incidents up, but so too is the sophistication of the scams. Many of the scams work on the pretence that communication is coming from the Canada Revenue Agency (CRA).
Researchers from Sophos have highlighted scams that work by claiming a person is entitled to receive a tax refund or benefit payment. They are then provided with a link and asked to use it to create a CRA account. The link does not lead to the CRA site, but rather a fake or phishing site that is used to collect personal information on the targeted person.
The scammers adeptly use the temptation of money from a refund to convince people to click through and fill out their personal information. They may also be asked to sign up for an Interac e-transfer of funds. The fake sites being used have become increasingly well-designed, with copies of government logos incorporated.
To be more convincing, they have also improved on spelling, using Canadian English to make their emails and websites more believable. Chester Wisniewski, a cybersecurity expert, has said that with these improvements it is becoming increasingly difficult to detect phishing scams. He also said that the scammers have evolved from operating as small groups of criminals to now operating as entire criminal networks.
Spelling mistakes and grammatical errors have been among the warning signs that taxpayers have previously been advised to be on the lookout for. However, with new phishing sites and emails now appearing more legitimate and incorporating government and Interac logos, people are being asked to be more careful. The linked sites that provide fields that taxpayers fill with their credentials are believed to provide a means for scammers to collect log-ins and passwords.
The Canadian Anti-Fraud Centre has reported that phishing email scams doubled between 2021 and 2022. 9,000 phishing scams were recorded by the authority in 2021, resulting in an estimated $54 million in financial losses to victims.
Wisniewski has also expressed concern over online scams that pretend to be from banks or targeted businesses. Cyberattacks on business websites and electronic payment systems may likely provide scammers with access to clients’ personal data that may be used to make email scams more believable.
The CRA is advising taxpayers that they do not ask for or give personal or financial information to taxpayers via email. Nor do they provide links for taxpayers to click on and log into their CRA accounts. The CRA is asking people to be cautious of any communication claiming to be from them and asking for personal data like social insurance numbers (SIN), credit card details, bank account details, and passport numbers.
Contact Accountancy Insurance
We would love to hear from you.
About Accountancy Insurance
Thousands of accounting firms offer our tax audit insurance solution, Audit Shield to their clients. Find out why.