Every year around this time we see cyber criminals attempting to steal your personal information by sending false correspondence in the name of the Canadian Revenue Agency (CRA). A sample scam was recently sent to the IT Security office from a University client – don’t be fooled by what appears to be a legitimate communication.
The bogus email (find the entire message on the Security website here), tells the recipient their $988.44 tax refund for 2014 has been processed, and to click the link to ensure it gets deposited.
Do you see the red flags?
- Canadian citizens are in the process of filing their 2013 income tax returns – not 2014.
- The email is addressed to “Dear Tax Payer,” so how could the author know what your refund should be?
- How many people file and receive their refund BEFORE the end of February? At least in this particular case.
- If you hover your cursor over the link, it reveals the location it will take you to if you click on it – which is definitely NOT http://www.cra-arc.gc.ca
- It asks for your social insurance number (SIN). First of all, if they know what your tax refund is, they already have your SIN. Secondly, under NO circumstances will any legitimate business or government agency ask you for personal information.
- CRA never operates this way – never has, never will.
It’s all very PHISHY! Be suspicious!
To learn how to protect yourself against cyber criminals, check out the online Security Awareness Course.