Last year I made several presentations on the topic of identity theft and fraud. With the constant increase in this type of activity, it came as no surprise to me when I started hearing reports earlier this year of email and telephone fraudsters purporting to be representatives of the Canada Revenue Agency (CRA). Although the CRA has had some issues with fraudulent communications to taxpayers in the past, 2015 appears to have been a banner year for this type of activity.
The best way to protect yourself against these frauds is to be aware of how the CRA will (and will not) communicate with you:
- The CRA will only communicate with you by email if you have signed up to receive online mail. You must also be registered for “My Account” on the CRA’s website in order to receive this service.
- The emails the CRA sends are simply notifications that there is a communication waiting for you on “My Account” which you then have to log in to view.
- The CRA will never send unsolicited emails with links to their website – you must always proactively sign in to “My Account” when you receive an email.
- Emails from the CRA will never contain any personal information of any kind (they won’t even have your name other than as part of your email address).
- Emails from the CRA will never request any kind of personal information.
Basically, the CRA’s assumption is that email is not a secure private method of communication, so they will only send you generic messages asking you to sign on to “My Account” The one exception to this is if you have called the CRA yourself (and positively identified yourself through a series of security questions) they may send you an email with information you have requested while you are on the phone with them.
The CRA will not communicate with you by text message. You could of course receive a voice-to-text message, but if you can’t recognize these from the real thing your service has a much better voice recognition than mine! (see also below regarding phone messages left by the CRA)
- The CRA will never use threatening or forceful language to try to scare you into paying a (fictitious) debt. This would be cause for immediate dismissal.
- The CRA will never leave personal information on voicemail
- The CRA will never request (or even suggest) that you pay a debt by credit card or any other form of cash transfer service. You can pay the CRA only in the following ways:
- In person at your financial institution
- Online through CRA’s “My Account” or your financial institution’s website
- Mail (always verify address to your notice of assessment or CRA’s website)
The CRA offers the following suggestions to help protect you from fraud on your CRA tax accounts:
- Never provide personal information through the Internet or by email. The CRA does not ask you to provide personal information by email.
- Keep your access codes, user ID, passwords, and PINs secret.
- Keep your address current with all government departments and agencies.
- Choose your tax preparer carefully! Make sure you choose someone you trust and check their references. Always review your return, agree with the content before filing, and follow up to make sure you receive your notice of assessment, since it contains important financial and personal information that belongs to you.
- Be careful before you click on links in any email you receive. Some criminals may be using a technique known as phishing to steal your personal information when you click on the link.
- Protect your social insurance number. Don’t use it as a piece of ID and never reveal it to anyone unless you are certain the person asking for it is legally entitled to that information. If an organization asks for your social insurance number, ask if it is legally required to collect it, and if not, offer other forms of ID.
- Shred unwanted documents or store them in a secure place. Make sure that documents with your name and SIN are secure.