Skip to content

Be wary with tax returns: cybersecurity expert

Revenue Canada locked out taxpayers due to breaches

Canadians should be wary of filing their taxes through anything other than tried and trusted systems, according to a B.C. cybersecurity expert.

Derek Manky, chief of security insights and global threat alliance for Fortiguard Labs, a California-based company with a research and development centre in Burnaby, said cybercrooks love tax time and the information they can steal from the unwary.

That tax information is of huge interest to cyberthieves, he said, as highlighted through the recent lockouts of Canadians from their Canada Revenue Agency (CRA) accounts not once but twice.

Those crooks can gather information through not only cyber attacks and data breaches but also by targeting individuals through email, texts or other messaging services.

Their goal, he said, is to get personal data and then monetize it by holding that data for ransom. Or, information stolen can be used for identity fraud.

In the past year, Manky said, cybercrooks have used the lure of COVID concerns as a way to target scams. With people generally concerned about taxes, he said, that combination is a “double-hooked fishing lure.”

What lures people to scams, he said, can be unsolicited offers, in these cases for tax assistance.

Don’t jump at the bait, Manky said, saying offers can come from bogus companies, tax-filing services, accountants or legit-sounding government departments that don’t really exist. People should also watch out for phony spreadsheets or messages with poor spelling and grammar.

“There’s a lot of red flags to look out for,” Manky said. “It’s critical to look out for anything unsolicited.”

CRA locked some 800,000 taxpayers out of its online platform in March after an investigation found some usernames and passwords may have been obtained by unauthorized third parties.

The CRA called the action a precautionary cybersecurity measure coming after a similar action in February, when over 100,000 accounts were locked.

"Like the accounts that were locked in February, these user IDs and passwords were not compromised as a result of a breach of CRA's online systems. Rather, they may have been obtained by unauthorized third parties and through a variety of means by sources external to the CRA," said CRA in a news release.

CRA cited email phishing scams and external data breaches as threats that could have led to personal information being compromised.