As tax day approaches, now is a crucial time to educate yourself and your team members on tax scams they may see in the upcoming weeks. During tax season, emotions are high. People are stressed about completing their tax returns on time, worried about missing payments, and feeling the pressure of doing things correctly.

Photo by Ahmet Kurt via UnSplash+

Cybersecurity Awareness Training for ALL

Take proactive steps to invest in your business’s cyber resilience now to protect your organization from costly data breaches and disruptions. Start easily with our Quickstart Training Bundles. To learn more CLICK HERE.

However, a government organization would never offer you money through a text message. Most likely, benefits will be given directly to your bank or CRA/IRS account. 

The enticing factor to victims is that the text messages commonly include personal information, which gives a sense of legitimacy. However, it is extremely easy for attackers to acquire personal information, whether through previous breaches or social media. It’s important to know that even if a text message includes your address, the last digits of your SIN, or your financial institution, it doesn’t mean that it is a verified source. Additionally, it is extremely unlikely for the CRA to demand payments via text message. Be wary of anything that comes to you through SMS during tax season. 

What to do

If you receive an SMS message from the CRA, IRS, or other tax organizations, do not open the text message or click on any links in the message. Instead, set up an account directly with the CRA or IRS. When you receive a notification of assessment, manually log into your account to see if the notification is legitimate and take action from the website. 

This guarantees that you are going directly to the source, rather than clicking on a link coming from a random phone number. 

Extortion phone calls

What happens

During tax season, victims will receive phone calls using scare tactics, demanding immediate payment. The IRS reported the increasing number of extortion phone calls last year. The cyber criminals verify themselves as a government organization using the personal information of the victim, then demand payment be made or a consequence will follow. Usually, the consequence is something that would strike fear in any individual, including jail time or larger fees. 

Due to the pressure and confusion of tax season, people are likely to act urgently and do anything to make the problem go away. However, the CRA or IRS would never demand payment over the phone or use scare tactics to force payment. Look out for these two red flags during this month. 

What to do

If you ever receive a call from the CRA or IRS asking for personal or financial information, hang-up, and call back the identified number you locate on their website. 

Government phone numbers can be spoofed, so even if the call you receive is the CRA number, it’s possible it’s not a CRA personnel speaking with you. If the employee pressures you to stay on the line and asks you not to hang up, that is another red flag. An actual CRA employee will understand your concern and allow you to call back the number. No matter what you do, always take the extra steps of precaution before continuing the conversation with the employee. 

Phishing emails

What happens

During tax season, cyber criminals use similar tactics as SMS scams through email. Scammers can easily imitate government organizations through spoofed or slightly altered email domains. With AI and new design tools, scam emails are getting harder and harder to differentiate from legitimate ones. 

A common scam is for criminals to pose as the CRA or IRS and notify a victim of missing information on their tax return. They then ask the user to click a link and fill out financial information. The website the link leads to will look the same as a government website, leading the victim to fall into their trap. 

What to do

Check previous emails for the correct email domain and compare it to the email used in your notification. Even if it is the same or if you are still unsure if the email is legitimate, go directly to the source of your tax filing. It’s best to have a CRA or IRS account so you can verify notifications or needed information there. It’s better to be careful than take a chance on clicking a malicious link. 

Online third-party help

What happens

The IRS also reported that third parties are offering help to set up individuals’ IRS accounts. They seem helpful, but in reality, they are only using people for their personal tax information. Once they have this information, they can reroute your account and receive your tax return themselves. In reality, the IRS states that there is no need for help for the set-up process of an account. 

What to do

As the IRS stated, the setup process is pretty simple. Give it a go yourself before asking someone for help. If you are having difficulties, try contacting someone directly at the CRA or IRS for support. Additionally, you can ask a trusted family or friend to help you with any technical difficulties. It’s better to dedicate more time to this process rather than put your data into the hands of a scammer. 

Tax season can be a stressful time for many. Know that cyber criminals prey on these emotions and stay on high alert during the next month. Most importantly, share these tips with any friends or family members who you think could be vulnerable to these attacks. Stay safe everyone!