Over the next couple of months, the pressure rises to file your tax return accurately and on-time. In doing so, you’re handling and giving out vast amounts of sensitive personal information. As such, it is increasingly important to be wary of phishing emails. Cybercriminals tend to increase their efforts to steal your money or data during tax season.
Here are four (4) variations of email scams that have used in the past to steal personal data and money during tax season. Since these scams were previously successful, cybercriminals will likely attempt to use them again.
Scammers may pose as an executive or a person of authority at a business, and send an email to financial staff, requesting copies of employees’ tax forms or personal information.
These emails can be very effective as cybercriminals will often take the time to study their marks and prepare. They may spoof or hack the executive’s email account, as well as personalize the request so it sounds plausible. This way the email’s legitimacy is less likely to be questioned.
Criminals design these emails to prey on your emotions, either your elation at a big windfall of money, or the opposite, your fear of being arrested or worse. While your emotions are peaked, there is a request to act within a very short time limit. These cybercriminals are counting on your inability to think clearly, thus making it more likely that you’ll click on their malicious links, and potentially divulge confidential information.
There are many different types of impersonation email scams. For example, there are phishing emails pretending to be from the Canadian Revenue Agency (CRA), containing subject lines like “Automatic Income Tax Reminder” or “Electronic Tax Return Reminder”. These unsolicited emails can contain links directed to spoofed websites, malicious attachments, or request your personal information and passwords.
Tax accountants and other financial professionals are increasingly targeted during tax season. Hackers often use phishing tactics to trick tax professionals into providing their tax filing passwords, and other sensitive data.
Income tax information contains addresses, social insurance numbers, information about family members and employment details, and could possibly linked to bank accounts. In other words, everything a criminal needs to steal your identity and money.
The password you use for your tax software is, therefore, one of the most important passwords you’ll use. Where possible, create a very strong, unique password and activate multi-factor authentication for your tax software.
While email scams are common during tax season, there are some simple measures to avoid becoming the next victim. Most important is knowing how the CRA does and does not contact taxpayers. The CRA provides the following advice, stating they will:
If you receive an email (call or text message) from someone claiming to be from the CRA, head to the CRA website and login or sign-up for My Account or My Business Account to verify your tax status, or call the CRA directly at 1-800-959-8281. When in doubt, always go to the original source to confirm the details and information.
Recruit your employees as a defence against cybercrime. Develop a ‘human firewall’ to protect your business against malicious emails and poor security practices. Talk to us about employee security training available through our IT Managed Services programs.
Contact us at firstname.lastname@example.org. We make I.T. easy.