Tax Tips & Pits: Fallout from the Heartbleed bug
Heartbleed bugs and blood moons. What’s up? You would think it’s Hallowe’en. Well, it is similar to that horror season ... after all it is tax season.
Joking aside, there are several heads-up items to warn you about regarding the recent e-service shut down at Canada Revenue Agency (CRA), even for those who filed their taxes already and think they have escaped the fall out. In fact, for everyone who has or is going to electronically file with CRA, there are a couple of important points to note.
First off, the CRA e-services are up and running as of this past Sunday and have been working well since re-boot. In fact, the e-services might even be operating faster than before the bug. Is that possible? Has everything been house cleaned?
More to the point, CRA has extended the April 30 annual filing date to Monday, May 5 to make up for the lost filing days. However, I advise that if you haven’t filed yet, stay on task as there is no guarantee the CRA electronic system is clean of all bugs.
And on the cyber front, beware of the e-mail scams surrounding the filing of your tax return. I am sure there are other scams but these are the ones I have experienced.
Prior to the heartbleed bug there was, and still is, an e-mail scam arriving in people’s in-boxes that involves a very official looking e-mail from CRA telling the recipient that their tax return has been received by CRA and to click the CRA link within the e-mail to confirm that the return is in fact their return. Or, if they haven’t yet filed their return, they are directed to click on the link to determine if someone is attempting to steal their identity by filing a fraudulent return.
Perhaps compelling reasons to follow the instruction ... but don’t. It’s a scam. And just connecting to that link can be disastrous so don’t be inquisitive. For interest sake, the fake CRA webpage looks quite real.
This scam is followed up by a second scam e-mail telling the recipient that since they did not confirm their tax return by clicking on the link in the prior e-mail, they are now under investigation by CRA and must click on the link provided to communicate with CRA immediately.
“Under investigation by CRA”, now that is compelling reason to follow the instruction. DON’T.
Another derivative of CRA e-mail scams is the requirement via e-mail to change CRA e-service passwords due to the heartbleed bug. Yes you should, but log directly onto the CRA website to do it. Don’t use the link provided in the e-mail.
In light of the heartbleed bug issue these e-mail scams may play into taxpayer fear, or even taxpayer logic given the circumstances. The point is, any supposed e-mail from CRA is just that, supposed. If in doubt about a communication from CRA, go directly to the CRA website or, better yet, get on the old fashion phone and enjoy listening to the music while on hold. When you think about it, it’s a small price to pay to avoid a hacked computer or stolen identity.