Important cyber tips for tax season

Before you get started

Enable multi-factor authentication (MFA): Use multi-factor authentication (MFA) wherever possible. MFA will fortify your online accounts by creating an extra layer of security, such as a unique one-time code sent to your phone. Most major email and online tax preparation services have this tool available.

Install a password manager: Remembering unique passwords for accounts is difficult. Store your login credentials in a password manager. Password managers will automatically populate your username and password upon login, and even recommend strong new passwords for each account.

Update software: Before filing your taxes at home or work, be sure that all internet-connected devices ‒including PCs, smartphones and tablets ‒ are running the most current versions of software to improve the performance and security of your devices.

Watch out for scams

1. What do real CRA communications look like?

2. Make sure the caller is a CRA employee and not a scammer

Legitimate CRA employees who contact Canadians will identify themselves as CRA agents and provide their name and a telephone number. You should make sure the caller is a CRA employee before providing any information on the phone. This will protect you from giving money or personal information to a scammer.

This is how you can make sure the caller is from the CRA: Tell the caller you would like to first verify their identity.

Ask for, and make a note of their:

• name

• phone number

• office location

Check that the call you received was legitimate by contacting the CRA at the number that you look up yourself on the CRA website before you provide any information to the caller.

Call the CRA employee back to discuss the reason for the call.

3. Other things to watch:

Requests for data: Be wary of any communications that ask you to provide personal information such as bank account information, Social Security numbers, login credentials or mailing addresses.

Urgency: The sender uses an abnormal sense of urgency, or other scare tactics, to obtain information.

Attachments: The message includes an attachment, such as a PDF. Never open attachments from a suspicious or unknown email address. It may download malware or viruses onto your device.

There is also a host of great information from the CRA about tax return related scams which is worth familiarizing yourself with.

Did you spot a scam? Report it.

Reporting phishing helps prevent future phishing attempts and protect others. To report a scam, visit antifraudcentre.ca or call 1-888-495-8501. If you think you may be the victim of fraud or you unknowingly provided personal or financial information, contact your local police service, financial institution, and credit reporting agencies.

Anyone who suspects they have been the victim of fraud or have been tricked into providing personal or financial information should report it by following the CRA’s directive on the Government of Canada website at canada.ca/taxes-fraud-prevention.