I have a dear friend who is kicking herself right now.
She received an email claiming to be from the Canada Revenue Agency (CRA) last week, telling her she had a tax refund owed to her from 2014 and asking for detailed personal information.
She sent the info and immediately regretted it.
My friend spent last weekend trying to fix the damage, talking to banks, credit and identity card providers, changing phone numbers.
Phishing scams like this are constant and the warnings are out there in the media and on Canada Revenue's website. My friend is older, knowledgeable about the world, and usually very cautious, but the plausibility of the words sent to her had an impact.
I know her well and would have never thought it possible that she could be taken in by something like this. Neither does she. She is shocked by her decision to respond.
Luckily, her quick realization it was a scam meant that she hasn't lost money; no major charges have been put on her credit cards. But her data is out there, likely in the hand of organized criminals, and she has a lot of changes to make. It could impact everything from credit to passports.
The police were called, but they cannot do anything unless money is stolen or identity theft is proved.
It can happen to anyone, including to you and the people you love. According to Microsoft, these scams cost people $5 billion a year worldwide.
And it can come from anywhere. Last week I had someone message me on the career website LinkedIn, tempting me with what sounded like a pretty sweet job in the Vancouver arts scene. I dug a little and found it was fake — we never got to the point of having information requested from me. No damage done, but it was plausible. I could have engaged with it quite easily.
Instead, I blocked and reported her. She'll be back under another name, no doubt.
It was the second time someone tried to deceive me online last week. The other was a hacker getting into my Yahoo email account. I'm in the middle of fixing that.
If you Google "the psychology of phishing scams," a lot of information comes up.
One study recruited 150 students at the University of Buffalo and surveyed them about their Internet habits. Six weeks later, each received a fake friend request on Facebook from a complete stranger. Most students accepted.
They were then sent a message by the researchers, written to imitate a phishing attack, complete with spelling errors, seeking interns for a good position and requesting detailed personal information such as student numbers and dates of birth.
The more often the students used Facebook, the more likely they were to send the information.
The more urgent sounding the message, the more likely a recipient is to respond with information.
So apart from staying offline, how can we protect ourselves?
The start of the tax season is upon us, and as if sorting out T4s wasn't already fraught enough, the CRA scam system always picks up at this time of year.
CRA has a page on its website called Protect Yourself Against Fraud (www.cra-arc.gc.ca/scrty/frdprvntn/menu-eng.html). It describes the types of frauds being committed and how to recognize scams.
Here are the basics: If you receive an email from someone claiming to be the CRA requesting personal information such as a social insurance number, credit card number, bank account or passport number — don't assist them, whether they tell you a refund is coming or they threaten you. Some victims are threatened with visits by the RCMP. That won't happen.
If in doubt, ask yourself the following:
Did I sign up to receive online mail from CRA through My Account, My Business Account, or Represent a Client?
Did I provide my email address on my income tax and benefit return to receive mail online?
Am I expecting more money from the CRA?
Does this sound too good to be true?
Is the requester asking for information I would not provide in my tax return?
Is the requester asking for information I know the CRA already has on file for me?
Finally, keep a look out for family members and friends, particularly the elderly, who may fall into the trap more easily.