As if tax season wasn't bad enough already, you have another reason to sweat – phishers.
In North America, tax season has become a favourite time of year for scammers and malware attacks. Online criminals seize on the opportunity to create convincing looking spear-phishing campaigns, preying on users by posing as federal agencies. People anxious enough already about their tax returns are liable to click on a scary looking note from the Canadian Revenue Agency in a panic without thinking about it, making them prime targets.
These attacks are becoming more sophisticated as well. In the US, the IRS has reported that criminals are becoming better at masking their intentions and impersonating agencies, and accordingly have set their sights higher. They're now actively targeting tax professionals including human resources departments, schools, and payroll staff. Now it isn't just a matter of broad phishing to snag individual customers, criminals are going after entire businesses and institutions.
Combined with other types of CEO fraud and quick confidence scams, tax season is becoming increasingly hazardous. A few of the most popular scams of the season include -
- Fraudulent emails urging accounting offices to "update” their accounts on a false website.
- High-pressure voicemails posing as the CRA demanding an immediate response to address "pending legal action.”
- Malware infested "free” tax software.
- "New” payments due on gift cards, phone cards, and iTunes currency.
- A slew of non-existent taxes and payments.
- "Confirmation” calls in relation to a non-existent data-breech asking for your social insurance details to "verify” if your identity has been compromised.
Don't allow yourself to be taken in by these frauds. Always exercise caution and stay calm when you receive an email or call from the "CRA.” Don't allow yourself to be flustered by claims of legal action or sudden additional fees, the CRA never uses that kind of language in messages and it's a sure sign that something isn't right. Never click anything on an email that directs you to a page or asks for any kind of sensitive information. If you're not sure something is a scam, contact the CRA directly through a standard line (not one that has been provided in the message) and ask for clarification.
Make sure you have recently updated your passwords and are using strong password practices. Wherever possible, activate two-factor authentication for an extra line of defense against attempts on your privacy. Practice safe browsing standards, avoid downloading executable programs from shady sites and keep your browser and anti-virus software up-to-date.