Anatomy of a scam

Trent Ernst, Editor

 

Just got an email in my inbox.

Actually, check that. It went straight into spam (thank you, Outlook). But, I was poking around in there to see if I had got anything important in there (it happens every so often).

Here’s the email:

Dear tax payer,

Our records indicate insuficient information for your income tax return. As a result, you have to been exempt fromthe Canadian Tax reporting and witholdings on claims to be payd to you

To aply for your claims we have been required by law to update our records in order to rectify your exemption status.

To access the online form for your tax refund, please click here <http://h1325709.stratoserver.net/img/glyph/dBxFiles/revenue/Refund.php>

This is a scam.

How do I know that this is a scam? There are a number of clues in the email itself that tip us off.

First, it is addressed to “tax payer.” If the CRA is sending me an email to tell me they owe me money, they aren’t going to address it to a generic “tax payer”, they’re going to address it to me, personally, so that nobody else tries to claim my money.

Second, they’re giving money back. Seriously? That just doesn’t happen. If it does happen, generally what happens is a cheque just shows up in your mailbox. They don’t email you and ask you to log into a website. They know where you live; they don’t need you to fill in any information

Third, look at that website this is linked to. h1325709.stratoserver.net. That doesn’t sound like a valid government link at all. Now, if the email hadn’t gone to spam, the link probably would be hidden behind an image. So how can you check if the link is valid? If you’re using Outlook, simply hover over the link, and the actual link will appear in a pop up box. If you are using a web-based browser, the link should appear in the bottom address bar. If you don’t get any sort of hint as to what the link is, you can right click on the image, then select “copy link” or your email program’s equivalent, then take and paste that link into a text document.

Fourth: The spelling is atrocious. There are five spelling mistakes in three sentences:  insuficient (insufficient), from the (from the), withholdings (with holdings), payd (paid), aply (apply).

Finally, the email doesn’t even make sense. We have insufficient information from your tax return, so we owe you money back? Try reading it aloud and try and follow the logic.

This is a fairly obvious scam. But there are scammers out there who understand how to spell, who can hide links via bit.ly or another service. Scammers who can actually construct an email that actually looks like it might have come from the CRA, or Apple, or Microsoft (don’t get me started on the three calls I got last week from Microsoft Tech support to tell me my Windows machine was acting up; I told them I was very concerned because, after having it sit under my desk unplugged for three years, I had thrown it out, and if it was acting up, I felt somehow responsible, and I’m sorry but I can’t go to it and turn it on because I DON’T KNOW WHERE IT IS ANYMORE CAN YOU HELP ME FIND IT!!!!?)

So what happens when a scam looks valid? Well, according to the CRA, they will never:

NEVER requests information from a taxpayer about a passport, health card, or driver’s license.

NEVER divulges taxpayer information to another person unless formal authorization is provided by the taxpayer.

NEVER leaves any personal information on an answering machine or asks taxpayers to leave a message with their personal information on an answering machine.

In addition, they say that, when in doubt, ask yourself the following:

  • Am I expecting additional money from the CRA?
  • Does this sound too good to be true?
  • Is the requester asking for information I would not include with my tax return?
  • Is the requester asking for information I know the CRA already has on file for me?
  • How did the requester get my email address or telephone number?
  • Am I confident I know who is asking for the information?
  • Is there a reason that the CRA may be calling or emailing? Do I have a tax balance outstanding?

As always, if someone approaches you for anything, view it with the highest suspicion. “Psst, buddy, want to buy a watch?” “Could you donate to the Heart and Lung foundation?” “Your computer is acting up, give us your credit card info and we’ll fix it for you.” “I am a Nigerian Prince…” If what they say does seem valid (say, someone asks for a donation for a worthy cause), then you need to find the official channel and contact them back.

Let’s say you get a call from the Heart and Stroke foundation. You want to contribute, but you don’t know that the person on the phone is really who they say they are. Thank them for their call, then hang up and go to the official website (heartandstroke.com), where you will find a link called DONATE on the bottom of the page, where you’ll find out how you can donate once, monthly, in honour of a loved one or in memory of someone. You’ll also find their phone number, a printable form so you can mail in a donation, and a list of HSF offices where you could donate in person.

People want to trust other people, but a modicum of caution is also needed, especially in this day and age where all the crooks, thieves, scammers and grifters from around the entire world now can contact you online or using a computer to phone program.