Does the government really owe you money?

You open an email in your inbox that appears to be a money transfer from the Canada Revenue Agency (CRA).

The email states that the CRA wants to do a direct deposit into your bank account (you think it’s a tax refund!) and all you need to do is follow the email instructions and provide your banking and personal information.

Good news! Or is it?

Don’t react immediately

This is most likely the work of Cyber Thief Sam, who crafted a fake INTERAC e-transfer message containing a link that directs victims to an official looking website. While on this site, victims are prompted to complete the transfer by submitting credit card, bank account, and social insurance information.

Impersonating the government—especially during tax season—is a popular way that fraudsters try to steal information for financial gain.

Instead of immediately providing your information, PAUSE and TAKE A SECOND to ask yourself “Am I owed money? If so, does the amount match what’s stated in the email? Is this email really from the Canada Revenue Agency?”

IMITS Information Security says

  • The CRA’s main method of communication is via registered mail. This is according to the official Government of Canada website. They will never send you an email with a link asking you to divulge personal or financial information.
  • Does the amount make sense? Even if you expect a tax refund this year, chances are extremely low that the dollar amount in the fake email matches the number you calculated on your tax return.
  • Verify. Verify. Verify. Even after scrutinizing this email, if you’re still unsure about it call CRA at 1 (800) 959-8281.
The moral of the story? Check the source of your emails. If they look a bit fishy, ask yourself if you’re sure you know where they are coming from.

Don’t let Cyber Thief Sam fool you!

Stay tuned for our next article where we see Cyber Thief Sam use a trusted person’s email account to request money transfers from family and friends.