Of all the organizations we deal with at least once a year, the Canada Revenue Agency (CRA) would seem to be a hard target for cyber-crime. The federal department takes pains to make its portal and taxpayer information secure with multi-factor authentication. But taxpayers themselves may unwittingly give criminals the keys to their CRA accounts.
“Even with the best systems in place, if consumers aren’t wary about what identification data they have, they could get compromised,” warns Carl Davies, Head of Fraud and Identity at Equifax Canada. Fraud artists aren’t just trying to get their hands on your tax refund; they see the CRA as a repository of personal data they can sell or use to steal your identity—for example, by taking out credit or applying for government benefits in your name. “Criminals are trying to get into your CRA account in order to collect personal information to leverage that information to commit fraud, either at the CRA or other institutions,” Davies says.
sponsored
Equifax Complete Protection
Equifax Complete Protection is a credit and cybersecurity protection service designed to help Canadians spot the signs of identity fraud faster.
- Provides daily credit monitoring and alerts
- Scans for your personal data on the dark web
- Social media monitoring by industry leader ZeroFox
Subscription price: $34.95 per month
How scammers get your personal information
Think it would be hard for someone to hack into your data? Davies recalls a family member once passing along a seemingly innocuous chain message on Facebook. The holiday-themed message asked users to combine their pet’s name with their mother’s maiden name to come up with their “elf name.” It had hundreds of replies.
“It’s a scam,” Davies says. The message was a way for criminals to obtain two of the most common pieces of information used by the CRA, as well as financial institutions, for people to recover access to their accounts.
But you don’t have to fall for a scam like this to make yourself vulnerable to identity theft.
“If I’m on social media and I’m putting out my full name, my date of birth, pictures of my home, where I live, that’s really a problem,” Davies says. “Now a fraudster has everything they need in order to indicate to the CRA that yes, this is actually me.” They can answer security questions, reset passwords and more. Once scammers get into your CRA account, they can obtain still more personal information, including financial information. For example, they can extrapolate your income, which gives them a sense of how much money they can borrow in your name without raising red flags.
How to protect your CRA account from identity theft
Minimizing the risk of fraud through your CRA account starts with being cautious about the personal information you share online. Here are some other steps Davies recommends:
- Use a complex password for your CRA My Account. “Make it hard to guess,” he says. Better yet, use a password manager to come up with and keep track of passwords for different accounts.
- Check your credit report regularly. Take a look every month. It will reveal any attempts to apply for credit using your identity, valid or not.
- Never log into your CRA account using public Wi-Fi. Criminals using the same unsecured network can hack your device and steal your info. Never log into apps and accounts using public internet services, either. Your home network will generally be secure.
- Watch out for phishing scams. Don’t respond to unexpected calls, text messages or emails purportedly from the CRA. Change your phone settings so that only calls from your contact list come through. (Everyone else can leave a message.) And before you call, confirm the correct phone number online. If the agency is genuinely trying to reach you, a tax agent would have no problem with your contacting the CRA directly.
What to do if your CRA account has been hacked
If you suspect your CRA account has been breached, here’s what to do:
- Notify the CRA immediately by phone or online.
- Contact all the financial institutions you have accounts with, as well as any where a third party has attempted to set up an account in your name (this will be on your credit report).
- Change the passwords on your CRA, bank and other financial accounts.
Davies has spoken to many victims of fraud, including Canadians who received calls, emails and text messages supposedly from the CRA. Many victims admitted to sensing something was amiss, even before the fraud took place, but followed through with the scammers’ requests.
“Trust your instincts,” Davies advises. “If something doesn’t feel right, just stop what you’re doing. If you don’t trust it, hang up, and call or email the CRA directly.”
How to contact the CRA
- If you’re calling from Canada or the United States: 1-800-959-8281
- If you’re calling from another country: 1-613-940-8495
- If you use a teletypewriter: 1-800-665-0354
- If you use the Canada Video Relay Service: 1-800-561-6393
Prevent digital fraud with credit monitoring
A great tool to deter fraud, along with other forms of cybercrime, is Equifax CompleteTM Protection. This subscription service helps to keep your personal data and devices safe online, and helps you monitor your credit and identity.
If your identity is stolen, an Equifax identity restoration specialist will help you recover it—plus you can get up to $1 million in identity theft insurance to cover out-of-pocket expenses (not available in Quebec).
Features of Equifax Complete Protection include:
- Daily credit monitoring and alerts to notify you of key changes to your Equifax credit report, such as a new credit card or loan application.
- Dark web monitoring, which monitors hidden websites where criminals like to hang out and trade data to see if your personal information appears there.
- Social media monitoring provided by industry leader ZeroFox, to alert you to suspicious activity on your social media accounts.
- Online data encryption by NordVPN and online password generation and storage by NordPass
- Parental controls from Bitdefender to restrict which websites and apps your kids can access
- Device protection from Bitdefender to help stop phishing attempts and protect devices from viruses and malware.
Equifax Complete Protection costs $34.95 per month. To learn more, visit the Equifax website.
This article is sponsored.
This is a paid post that is informative but also may feature a client’s product or service. These posts are written, edited and produced by MoneySense with assigned freelancers.
Read more about fraud and scams:
Get free MoneySense financial tips, news & advice in your inbox.
