Cybercriminals are taking advantage of tax season, beware!

Tax season is a prime opportunity for cybercriminals to steal identities and money from individuals and businesses. Over time, the stratagems become more refined; it is therefore necessary to be extra careful.

“Cybercriminals can build themselves a phishing campaign and target the entire population because everyone has to file taxes at the same time,” warns cybersecurity expert David Ferland, director of engineering for Eastern Canada at Fortinet.

Now that the tax returns have been sent, tax refund season has begun and this is when fraudulent calls, emails and texts circulate the most. Even on social networks, such as Messenger or WhatsApp, you could see fraudulent messages identified with Revenu Québec or the Canada Revenue Agency (CRA).

“Individuals and businesses are equally at risk. People under 25 and people over 60 are more vulnerable because cybercriminals assume that these people may be less knowledgeable about tax policies and therefore more vulnerable to emotional manipulation,” notes Ferland.

According to the Canadian Anti-Fraud Center (CAFC), the main scam is to make people believe that a benefit or an amount of money is available after a review of the tax return. Other times, criminals play on the sense of urgency to get their victims to take action. For example, they will make believe that a tax deadline has been passed and that serious consequences may ensue. You will be prompted to click on a link or provide information.

Companies also at risk

In companies, the victims are well targeted, because the cybercriminals will have cross-checked information taken on the dark web or social media and the internet. This allows them to write posts that sound very believable. Little by little, they will lead an employee to divulge critical information, such as passwords or access to bank accounts.

“Social engineering is now combined with hacking techniques and the distribution of malicious software, such as ransomware, to carry out increasingly destructive attacks,” warns David Ferland.

How to protect yourself?

“When you receive a communication that appears to be from the Canada Revenue Agency, be careful. Both for individuals and for businesses, the weakest link in cybersecurity is the human,” recalls the Fortinet expert.

Please be aware that the CRA never uses text messages or instant messaging like Messenger to start a conversation about taxes, benefits, or your case, nor will it use these means of communication to ask you for information. . It also does not send emails with a link to a page where you are asked to disclose personal or financial information. The Agency does not require payment by prepaid credit card or gift card. It does not require or disburse bitcoin payments. She doesn’t make threats.

If the CRA needs to call you, they will have written to you beforehand, when you owe tax or money to a government program or have not yet filed your tax return or if they have any questions on documents sent by you. If in doubt, call the Agency before sharing information and if you perceive a suspicious communication, report it to the Canadian Anti-Fraud Centre.

In 2022, more than 1,000 CRA-related reports were reported to the CAFC, but we know that many frauds and attempted frauds are never reported.

Examples of fraudulent messages:

Phone:

A call to let you know that a criminal case has been filed against you in federal court regarding tax evasion. We invite you to call the Revenue Agency urgently to find out more, under penalty of legal consequences, and we give you a callback number.

E-mail:

INTERAC e-Transfer Reminder: “You received money from CRA.” The transfer, which will show some amount, will look believable and you will be prompted to click on a link to deposit your funds. The CRA never sends money by Interac e-Transfer.

Or

A message with the Government of Canada logo tells you that the CRA cannot reimburse you for a certain amount because information does not match. You are prompted to verify information by clicking a button to an “ARC account”.

Text message:

You are informed that you are entitled to a tax refund and you are invited to click on a link.


source site-64

Latest