The lead-up to the Canada Day festivities has brought a tax scam with it
Even though the deadline to file taxes in Canada already passed on May 2nd, 2022, some people may have filed late or are still expecting their refund. Perhaps that’s why I received a phishing email yesterday purporting to come from the Canada Revenue Agency (CRA) and promising a refund of nearly CAD$500:
Aside from the blunder of using guidovedebe@skynet.be as the From: address of the email, this is not how the CRA communicates. If you are using a My Service Canada Account, you should expect to receive a notification that looks like this:
Figure 2. An example of legitimate correspondence from the CRA
Understanding how phishers abuse links in emails, the CRA has taken the wise strategy of not providing links in official correspondence and instead instructing clients to navigate on their own to the official website.
If, however, you do click on the “Interac e-Transfer Autodeposit” button, you are redirected from a malicious link hosted on istandyjeno[.]hu to the malicious subfolder cra_ca_service hosted on oraclehomes.com:
Figure 3. A phishing website offering a tax refund from the CRA
The operators behind this campaign have done a fairly good job of creating a legitimate-looking page, but there are still some signs of…
