Columnist image
Dale Jackson

Personal Finance Columnist, Payback Time


The COVID-19 pandemic has brought out the best in some people, but it has also brought out the worst. 

With billions of government relief dollars flowing and Canadians focused on the revised June 1 personal tax filing deadline, the Canada Revenue Agency (CRA) is warning about a rise in scams that  prey on fear and insecurity. It says seniors are most vulnerable.

Hundreds of incidents of fraud have been reported since the outbreak. People who claim to be trusted sources present themselves through emails, texts or phone calls requesting – and in some cases demanding – vital financial information or outright cash.

The scams usually originate overseas, which make them hard to police. Coordinated efforts with foreign authorities have resulted in arrests in the past but they are soon replaced by other scammers with new pitches looking for a quick buck. Often they pose as officials from the CRA. 

The most effective course of action is to prevent them in the first place by knowing the signs of a scam. The CRA says never reply or click on a link from someone claiming to be from the CRA, and to delete it immediately. 

  • Newsletter sign-up: Subscribe to BNN Bloomberg's weekly personal finance newsletter, Home Economics, here

The links scammers provide will often lead to a fake website asking for personal information like a social insurance, credit card, bank account or passport number. In many cases, they say the information is required to receive benefits. 

If the real CRA contacts you by phone it will only be to verify the personal information they already have including your full name, date of birth, address or social insurance number (SIN). It will never request other vital information or payment. It will not use the type of aggressive language or threatening  legal action many Canadians have already experienced. Caller ID can be useful but scammers have found ways to mask themselves as legitimate sources.   

The CRA will only notify you by email to inform you of a pertinent message or document in your personal CRA account, or a link you have already requested. Scammers who provide links are often using a technique called phishing to steal personal information. If you’re unsure about a link get, get out of your email account and search for the site independently. 

The CRA sends notices of assessment, amounts owed, audits or legal action through old-fashioned snail mail. Scammers will often use the old mail system and in some cases set up meetings in public places to receive payments. In rare cases, they will demand payment through bitcoin or prepaid gift cards like iTunes.  

The CRA never sends texts or direct messages through social media such as Facebook, Twitter or LinkedIn. 

All Canadians are advised to keep access codes, user IDs, passwords and PINs secret. They should also be changed regularly for extra security.

Of all your personal information, the most prized by scammers is your SIN. Credit card and bank account numbers can be changed but your nine-digit SIN number is the same throughout your life. If your SIN number has been stolen or compromised, contact Service Canada through its website. Although the number cannot be changed, online access through the CRA web site can be disabled and reactivated with further security measures.  

The CRA recommends registering for “My Account” or “My Business Account” to receive email notifications alerting you of changes that affect you. Establishing a personal CRA account is not only safe but can be useful to keep tabs on your tax status and allowable contribution limits for your registered retirement savings plan (RRSP) and tax-free savings account (TFSA).  

Putting scammers out of business requires vigilance. If you fall victim or even suspect a scam, the CRA wants you to report it to the Canadian Anti-fraud Centre and your local police service.

Payback Time is a weekly column by personal finance columnist Dale Jackson about how to prepare your finances for retirement. Have a question you want answered? Email