Recently, it has become more confusing dealing with the Canada Revenue Agency (CRA) because of the increase in scams and phishing attacks being orchestrated to defraud you. We’re here to help you protect yourself.
Identity theft and cybersecurity scams have become incredibly lucrative. According to the US Department of Justice’s Bureau of Justice Statistics 9% of people have experienced identity theft, with an average cost to victims of roughly $930 in 2018. The bureau also states that 70% of identity theft victims experience financial loss. Here in Canada, according to stastita.com, there were 12.46 incidents of identity theft per 100,000 people, with phishing scams accounting for roughly 91% of cybersecurity crimes. Now that we know the stats and how prevalent these situations are, let’s look at how the CRA interacts with taxpayers, what scams exist, and how to protect yourself and your business.
The CRA and its many departments have a variety of ways to contact taxpayers. Here are the top reasons CRA will contact you:
That’s the why now the how. We know that the CRA will contact taxpayers by mail, but there is a common misconception that the CRA will not contact you by phone or email. In the case of phone calls, this is not true at all. CRA agents will attempt to contact you by phone and for some departments, phoning a taxpayer is the first point of contact. In regards to emails from CRA, you will only get them if you registered for electronic notifications, and the email is simply saying to you have mail in your My Account inbox.
Now that we know how and why CRA will contact you, let’s review what information CRA agents will ask for and what they will not ask for.
As we have discussed earlier, identity theft and cybercrimes are on the rise, but what are the current CRA tax scams, how are they targeting the CRA and taxpayers, and how can we protect ourselves?
According to the Competition Bureau of Canada, criminals are using spyware, viruses, hacking, and phishing to obtain “credit card information, bank account details, full name and signature, date of birth, social insurance numbers, full addresses, mother’s maiden name, online usernames and passwords, driver’s license number, and passport numbers.”
The more commonly known scams are phone calls and emails where the criminal attempts to have the taxpayer believe that they are speaking to the CRA and to have them provide personal or financial information and/or send money or gift cards. Here is a list of the different types of scams and frauds according to the CRA.
In summary, the CRA does not ask for gift cards, provide links to pay debt, threaten jail time, or ask deeply personal questions over the phone.
According to CRA’s own data, over 91% of taxpayers used electronic means to file their 2021 income tax returns, giving bad actors more potential targets to launch attacks against. You need to be extra cautious when handling your information online. Here are some helpful tips for handling your personal and tax information online:
As we have gone over tell-tale signs of a CRA tax scam, the ways CRA will contact you, and what information CRA will ask of you, you can also ask CRA for information to verify themselves as agents or to weed out scams. Anytime CRA contacts you, that agent will have a badge/ID number that can be requested by taxpayers to verify the agent’s identity. If you are worried that a call from CRA is a scam, ask for their badge or ID number and the number to CRA’s general inquiries line where you can verify the identity of the person you are speaking with and then call them back.
If you believe that the contact you received is fraudulent, delete the emails, end the phone calls, and then contact the CRA directly to report the fraudulent activity directly. CRA is always trying to stay ahead of the efforts being made, and part of that is having taxpayers report the issues. To end off, do not feel bad if you become a victim of a CRA tax scam; the CRA itself fell victim to fraudulent activity over the last year. It can happen to anyone, but stay aware, get secure, and be prepared.
The best way to begin securing your business is to educate yourself and your employees on the best practices for cybersecurity. Our platform offers security awareness training so you can learn to recognize pesky phishing scams and develop a robust security program to make your company safer and more productive. You can learn more about how our information security management platform can help you meet security requirements on our Product page.