Some cybersecurity experts are warning the public about several sophisticated Canada Revenue Agency (CRA) scams already circulating well ahead of tax season.
“This year’s crop to me is even more concerning in that they seem to be more accurate, no spelling mistakes, no grammatical errors. They look very legitimate and have government of Canada logos and Interac logos – things that we are used to seeing all the time,” Sophos cybersecurity expert Chester Wisniewski told Consumer Matters.
Wisniewski said there are few if any, obvious signs the recent scams are fake aside from the link contained within the phishing email, which Wisniewski said leads unsuspecting victims to a web page designed to steal your passwords, personal information, even your social insurance number.
“In this case, the criminals seem to be trying to retrieve CRA log-ins and passwords and Interac log-in and passwords which means they’ll likely have accomplices in Canada,” he added.
“It’s a very difficult problem and it’s not going to be something that we’re likely to see come to an end any time soon.”
The Canadian Anti-Fraud Centre said reported phishing email scams claiming to be from the CRA almost doubled between 2021 and 2022. In 2021 there were 731 reported cases compared to 1360 the following year.
On its website, the Canada Revenue Agency states the CRA will not give or ask for personal or financial information by email and ask you to click on a link.
The agency will also never email you a link that demands you to fill out an online form with personal or financial details, nor will it send you an email with a link to a refund.
More information can be found here.
Still, despite the warnings from the CRA about these scams, Wisniewski worries it’s not enough.
“The quality (of these scams) are so high the average person might not spot them. They are incredibly sophisticated and we’re relying more and more on the technology to protect us as opposed to being able to spot a scam when it’s coming in,” said Wisniewski.