PSA: Beware of "Get Your Annual Tax Refund" CRA Phishing Scam
A warning about a phishing email impersonating Canada Revenue Agency (CRA) that claims you are owed a tax refund, and how to spot the red flags.
I got an email Friday night, supposedly from Canada Revenue Agency (CRA), telling me that I got a refund -- great news right? Well, not so fast.
Here are the red flags I noticed:
-
The numbers don't make sense. I owed (and already paid) CRA money that year, so receiving a refund notice was immediately suspicious.
-
The CRA doesn't ever send me email. CRA does not typically send unsolicited emails about tax refunds.
-
The CRA and any other reputable bank or financial institution would never send my "Client number" in open text. Legitimate organizations never include sensitive identification numbers in plain text emails.
-
The hyperlink URL did not match CRA's actual domain. Hovering over the link revealed a URL that had nothing to do with the official CRA website.
So what would happen if you clicked on the link? You would likely be taken to a fake website designed to look like the CRA portal, where you would be asked for your personal information -- name, address, Social Insurance Number and telephone numbers. With that information, fraudsters can open unauthorized credit accounts and loans in your name.
Save yourself the trouble! Hopefully this helps you to avoid this scam and gives you some ammunition to keep yourself away from the baddies out there.