Cyber Tips

Important cyber tips for tax season

Tax season can be a stressful time for many Canadians and while scams are prevalent year-round, there is often a greater proliferation during tax time. Hackers are waiting for you to slip up so they can steal your personal information, money and identity.

Here are a few tips to help you stay safe online while filing your taxes with these best practices, tips, and resources.

Also please note the content provided is for general information purposes only and does not constitute legal or other professional advice or an opinion of any kind.

Before you get started

Enable multi-factor authentication (MFA): Use multi-factor authentication (MFA) wherever possible. MFA will fortify your online accounts by creating an extra layer of security, such as a unique one-time code sent to your phone. Most major email and online tax preparation services have this tool available.

Install a password manager: Remembering unique passwords for accounts is difficult. Store your login credentials in a password manager. Password managers will automatically populate your username and password upon login, and even recommend strong new passwords for each account.

Update software: Before filing your taxes at home or work, be sure that all internet-connected devices ‒including PCs, smartphones and tablets ‒ are running the most current versions of software to improve the performance and security of your devices.

Watch out for scams

Unsolicited emails, calls, texts, or direct messages that prompt you to click on a link or share valuable personal and financial information are very likely scams. With your personal data, online thieves can swindle funds and/or commit identity theft.

Learn how to recognize a scam with the following tips:

1. What do real CRA communications look like?

Contact from the CRA is typically initiated via the Canada Post. Be skeptical of any phone calls, emails, social media messages or texts claiming to be from the CRA, or other government agencies. They will only call once they have established a line of communication with you via physical mail first.

Unscrupulous callers claiming to be federal employees can be very convincing by using fake names or phony numbers. If you are unsure if the caller is legitimate, hang up, look up the direct number for the agency online, and call that source to verify.

2. Make sure the caller is a CRA employee and not a scammer

Legitimate CRA employees who contact Canadians will identify themselves as CRA agents and provide their name and a telephone number. You should make sure the caller is a CRA employee before providing any information on the phone. This will protect you from giving money or personal information to a scammer.

This is how you can make sure the caller is from the CRA: Tell the caller you would like to first verify their identity.

Ask for, and make a note of their:

• name

• phone number

• office location

Check that the call you received was legitimate by contacting the CRA at the number that you look up yourself on the CRA website before you provide any information to the caller.

Call the CRA employee back to discuss the reason for the call.

3. Other things to watch:

Requests for data: Be wary of any communications that ask you to provide personal information such as bank account information, Social Security numbers, login credentials or mailing addresses.

Urgency: The sender uses an abnormal sense of urgency, or other scare tactics, to obtain information.

Attachments: The message includes an attachment, such as a PDF. Never open attachments from a suspicious or unknown email address. It may download malware or viruses onto your device.

There is also a host of great information from the CRA about tax return related scams which is worth familiarizing yourself with.

Did you spot a scam? Report it.

Reporting phishing helps prevent future phishing attempts and protect others. To report a scam, visit or call 1-888-495-8501. If you think you may be the victim of fraud or you unknowingly provided personal or financial information, contact your local police service, financial institution, and credit reporting agencies.

Anyone who suspects they have been the victim of fraud or have been tricked into providing personal or financial information should report it by following the CRA’s directive on the Government of Canada website at

Related Posts

Insurance 101 What is personal cyber insurance?

What is personal cyber insurance?

Personal cyber insurance attacks are on the rise, and new cyber insurance entrants are filling a gap left open by main-stream insurers.

Cyber Tips Are we facing ‘digital overload’?

Are we facing ‘digital overload’?

More than a year into the pandemic, many of us and our colleagues are ‘plugged to our screens’ everyday. Is this leading to a ‘digital overload’ in our industry?


Sign up for the BOXX Insurance Newsletter

Get the latest updates about Cyber Insurance and Protection with our newsletter.