It appears at first glance to be legitimate, but on closer inspection and scrutiny it will become evident halfway cyber-savvy that the email messages currently floating around the Net purporting to be from the Canadian Revenue Agency are indeed a phishing scam. The messages claim that the recipient is eligible for a tax refund in the amount of x CAD, and then has you click on a link for where to claim it. It then asks you to provide personal and financial information in order to process the alleged refund. The email messages are also currently targeting unwitting recipients in the UK, United States, and other territories.
There are two huge red flags in this scenario that will warn off anyone at all clued into cyber safety: One, the (fake) CRA has you click on a link in an unsolicited email; and two (an even bigger red flag), they ask you to provide your credit card and personal information. Cybersecurity and Web-savvy people in general will most likely discard this email, as they should. But less aware and perhaps more financially desperate types will likely click on the link and give over their personal and financial info to these cybercriminals.
One actual CRA scam email is shown in the image at left. The messages are NOT from the Canada Revenue Agency, so whatever you do, do not click on the provided link. Flag them as a phishing scam (If your email server program has that function) or at least mark them as spam immediately. The website the link points you to is a phony site set up to mimic the CRA website. Cybercriminals are getting craftier and cleverer in their scareware, malware, and phishing attempts to get you to hand them your private information so they can commit ID theft and rob you of untold amounts of money and credibility. The CRA will never send you an unsolicited email asking you for information it will already have on file, were it a legitimate email communication.
Will the Real CRA Please Stand Up?
Although the email messages look real, using the logos, language, and look of a true CRA communication, it is important to remember, again, that the Canada Revenue Agency wouldn’t just send you an unsolicited email regarding a tax refund. They would send you a letter by snail mail with a phone number to call one of their representatives.
Never, never, never click on links embedded in unsolicited emails. And for mercy’s sake, don’t ever give over exploitable data like names, tax ID numbers, or financial information to these wily, reprehensible cybercriminals. If they don’t provide a phone number and actual human being for you to verify that what is said in the email is true, then leave it alone, flag it, and delete it!