Words by Daniel Martins
Do you ever receive an unexpected e-mail or phone call from someone purporting to be from the Canada Revenue Agency? Perhaps an e-mail offering a COVID-related refund, or a phone call threatening some sort of legal action. Scams pretending to be the CRA are more prevalent now than ever. And although many feel confident in their ability to detect these scams, the methods and tactics used by scammers are only getting more sophisticated and personalized. Worse still, the issue spans far beyond just the CRA.
We are sure by now that just about everyone has received a phishing scam pretending to be a common service provider like Amazon, Apple, or Microsoft. Quite commonly, scammers also attempt to impersonate government bodies such as Service Canada or the Department of Justice. We’ve even seen phishing attempts pretending to be one’s co-worker, employer, voicemail provider, e-mail server (cleverly disguised as a bounce-back or “return to sender” notification), or one’s own office equipment (pretending to be a scanned document coming from a wireless printer). On a busy day, these clever tactics can fool even the most alert of individuals. So in order to combat these threats, here are some simple tips and tricks to ensure that you don’t fall victim to one of these scams.
Corresponding with the Canada Revenue Agency
Forms of Communication
- The CRA will never contact you about your taxes or benefits via text message or instant messaging.
- The CRA will only use e-mail for standard notifications (such as notifying you of an address change, a marital status change, or alerting you to new mail within CRA’s “My Account” service).
- The CRA’s notification e-mails will never contain links, ask for personal or financial information, request payment, or use aggressive or threatening language.
- Generally speaking, letter communications should only come to you by way of physical mail, unless you have set your correspondence preference to “electronic”.
Forms of Payment
- The CRA does not accept e-transfers, prepaid credit cards, gift cards, or cryptocurrencies as forms of payment.
- Likewise, the CRA does not issue refunds in these unconventional forms of payment. Generally speaking, credits and refunds are only provided via cheque or direct deposit.
Best Practices
- If you receive a phone call from someone purporting to be a CRA agent, always ask for the individual’s name and “rep ID” (sometimes referred to as a badge number).
- If the CRA called you (and not the other way around), they will not ask you to provide or confirm sensitive personal or financial information.
Other Tips and Tricks for All Types of Correspondence
- When reviewing a suspicious e-mail, always pay close attention to the e-mail domain. An e-mail purporting to come from Facebook, for example, should have a matching “@facebook.com” domain, as opposed to a Gmail address or other arbitrary domain with irregular letters or numbers. Be especially cautious not to click suspicious links within the e-mail.
- Likewise, if you’re browsing a suspicious website, always check the domain name carefully (for example, “paypal.com” and not “xyz-paypal1.com”). Furthermore, look for the padlock symbol typically seen on the left-hand side of the address bar (to confirm that the website has a valid security certificate). Finally, poor spelling and website design issues can also be indicative of a potential scam.
- When sending sensitive documents (such as those containing your SIN) to Farnham, we strongly encourage you to submit them using our secure portal. If you have not yet registered for a portal account, feel free to contact chato@farnhamco.ca for assistance.
- If you choose to send sensitive documents via e-mail instead, ensure that the documents being attached are password protected.
While simple, these effective tips and tricks go a long way to ensuring that you don’t fall victim to a potential scam. Stay alert. Stay safe.