Tax Season email scams

Tax Season Email Scams to Watch For

Over the next couple of months, the pressure rises to file your tax return accurately and on-time. In doing so, you’re handling and giving out vast amounts of sensitive personal information. As such, it is increasingly important to be wary of phishing emails. Cybercriminals tend to increase their efforts to steal your money or data during tax season.

Here are four (4) variations of email scams that have used in the past to steal personal data and money during tax season. Since these scams were previously successful, cybercriminals will likely attempt to use them again.

  1. Emails Asking for Copies of Tax Forms or Tax Related Personal Information

Scammers may pose as an executive or a person of authority at a business, and send an email to financial staff, requesting copies of employees’ tax forms or personal information.

These emails can be very effective as cybercriminals will often take the time to study their marks and prepare. They may spoof or hack the executive’s email account, as well as personalize the request so it sounds plausible. This way the email’s legitimacy is less likely to be questioned. 

  1. Emails Notifying of a Big Refund OR a Threat Due to Non-Payment of Taxes

Criminals design these emails to prey on your emotions, either your elation at a big windfall of money, or the opposite, your fear of being arrested or worse. While your emotions are peaked, there is a request to act within a very short time limit. These cybercriminals are counting on your inability to think clearly, thus making it more likely that you’ll click on their malicious links, and potentially divulge confidential information.

  1. “Reminder” Emails with Links

There are many different types of impersonation email scams. For example, there are phishing emails pretending to be from the Canadian Revenue Agency (CRA), containing subject lines like “Automatic Income Tax Reminder” or “Electronic Tax Return Reminder”. These unsolicited emails can contain links directed to spoofed websites, malicious attachments, or request your personal information and passwords.

  1. Phishing Emails Targeting Tax Professionals

Tax accountants and other financial professionals are increasingly targeted during tax season. Hackers often use phishing tactics to trick tax professionals into providing their tax filing passwords, and other sensitive data.

What’s at stake?

Income tax information contains addresses, social insurance numbers, information about family members and employment details, and could possibly linked to bank accounts.  In other words, everything a criminal needs to steal your identity and money.

The password you use for your tax software is, therefore, one of the most important passwords you’ll use. Where possible, create a very strong, unique password and activate multi-factor authentication for your tax software.

Don’t Become the Next Victim

While email scams are common during tax season, there are some simple measures to avoid becoming the next victim. Most important is knowing how the CRA does and does not contact taxpayers. The CRA provides the following advice, stating they will:

  • Never make contact via text or social media messaging
  • Never send an email with a link that asks you to divulge personal or financial information, unless you have called the CRA to ask for a form or a link for information. In these cases, a CRA agent would send you an email during the call with that information.
  • Never use aggressive language or threaten to arrest or deport you.
  • Never ask for payment via pre-paid credit cards or gift cards.
  • Never collect or distribute payment through e-transfers or bitcoins.

If you receive an email (call or text message) from someone claiming to be from the CRA, head to the CRA website and login or sign-up for My Account or  My Business Account to verify your tax status, or call the CRA directly at 1-800-959-8281.  When in doubt, always go to the original source to confirm the details and information.


Recruit your employees as a defence against cybercrime. Develop a ‘human firewall’ to protect your business against malicious emails and poor security practices. Talk to us about employee security training available through our IT Managed Services programs.

Contact us at  We make I.T. easy.



Image by William Iven from Pixabay


Small Business