TaxMatters@EY - April 2013
CRA warning about phishing and other schemes
Bob Neale, Toronto
While drafting this issue, we read Canada Revenue Agency (CRA) and Internal Revenue Service (IRS) articles reminding taxpayers to protect themselves from fraudulent schemes and to be wary of purported requests from the CRA or the IRS for their personal information.
A section of the CRA website, “Beware of fraudulent communications,” includes the following comments.
CRA: beware of fraudulent communications
Occasionally, taxpayers may receive, either by telephone, mail or email, a communication that claims to be from the CRA but it is NOT. In all these cases, the communication requests personal information, such as a social insurance, credit card, bank account and passport numbers, from the taxpayer. These fraudulent communications are also referred to as scams or phishing.
Invariably, the communication argues that this personal information is needed so that the taxpayer can receive a refund or benefit payment. There are examples of a fraudulent letter, emails, and online refund forms on the CRA’s website.
Another common scam refers the person to a website resembling the CRA’s where the person is asked to verify their identity by entering personal information. Taxpayers should not respond to such fraudulent communications.
To better equip taxpayers to identify those communications that do not come from the CRA, the following general guidelines are provided.
The CRA does not do the following:
- The CRA will not request personal information of any kind from a taxpayer by email.
- The CRA will not divulge taxpayer information to another person unless the taxpayer gives formal authorization.
- The CRA will not leave any personal information on an answering machine.
When in doubt, ask yourself the following:
- Am I expecting additional money from the CRA?
- Does this sound too good to be true?
- Is the requester asking for information I would not include with my tax return?
- Is the requester asking for information I know the CRA already has on file for me?
- How did the requester get my email address?
- Am I confident I know who is asking for the information?
The CRA’s advice is a useful reminder that you should always be very cautious in the information you disseminate based on email requests from any party — particularly when it comes to sensitive or confidential information.