Before you get started
Enable multi-factor authentication (MFA): Use multi-factor authentication (MFA) wherever possible. MFA will fortify your online accounts by creating an extra layer of security, such as a unique one-time code sent to your phone. Most major email and online tax preparation services have this tool available.
Install a password manager: Remembering unique passwords for accounts is difficult. Store your login credentials in a password manager. Password managers will automatically populate your username and password upon login, and even recommend strong new passwords for each account.
Update software: Before filing your taxes at home or work, be sure that all internet-connected devices ‒including PCs, smartphones and tablets ‒ are running the most current versions of software to improve the performance and security of your devices.
Watch out for scams
Unsolicited emails, calls, texts, or direct messages that prompt you to click on a link or share valuable personal and financial information are very likely scams. With your personal data, online thieves can swindle funds and/or commit identity theft.
Learn how to recognize a scam with the following tips:
1. What do real CRA communications look like?
Contact from the CRA is typically initiated via the Canada Post. Be skeptical of any phone calls, emails, social media messages or texts claiming to be from the CRA, or other government agencies. They will only call once they have established a line of communication with you via physical mail first.
Unscrupulous callers claiming to be federal employees can be very convincing by using fake names or phony numbers. If you are unsure if the caller is legitimate, hang up, look up the direct number for the agency online, and call that source to verify.
2. Make sure the caller is a CRA employee and not a scammer
Legitimate CRA employees who contact Canadians will identify themselves as CRA agents and provide their name and a telephone number. You should make sure the caller is a CRA employee before providing any information on the phone. This will protect you from giving money or personal information to a scammer.
This is how you can make sure the caller is from the CRA: Tell the caller you would like to first verify their identity.
Ask for, and make a note of their:
• phone number
• office location
Check that the call you received was legitimate by contacting the CRA at the number that you look up yourself on the CRA website before you provide any information to the caller.
Call the CRA employee back to discuss the reason for the call.
3. Other things to watch:
Requests for data: Be wary of any communications that ask you to provide personal information such as bank account information, Social Security numbers, login credentials or mailing addresses.
Urgency: The sender uses an abnormal sense of urgency, or other scare tactics, to obtain information.
Attachments: The message includes an attachment, such as a PDF. Never open attachments from a suspicious or unknown email address. It may download malware or viruses onto your device.
There is also a host of great information from the CRA about tax return related scams which is worth familiarizing yourself with.
Did you spot a scam? Report it.
Reporting phishing helps prevent future phishing attempts and protect others. To report a scam, visit antifraudcentre.ca or call 1-888-495-8501. If you think you may be the victim of fraud or you unknowingly provided personal or financial information, contact your local police service, financial institution, and credit reporting agencies.
Anyone who suspects they have been the victim of fraud or have been tricked into providing personal or financial information should report it by following the CRA’s directive on the Government of Canada website at canada.ca/taxes-fraud-prevention.