Saturday, June 20, 2009

New Phishing scam - CRA

Earlier this week I got a mail from what purported to be the CRA (Canada Revenue Agency). Looking at the email I saw a grammar error and the way the email was addressed made it look like a scam. My ISP also flagged it as a possible scam. I didn't click on the attached link, but, put my mouse over it to see what the link would resolve to. The proper URL for the CRA is WWW.CRA-ARC.GC.CA. This one had that and a bit more, namely the URL went to a '.COM' site. As this was a new scam to me I forwarded the note to RECOL and reported it as a scam/phishing attempt.

It failed on a few areas:
  • Subject was 'recalculation of you tax refund'. They used 'you' instead of 'your'
  • It was addressed to 'Dear Applicant' rather than my proper name.
  • The URL provided did not end in GC.CA, but, to a COM site which the Government of Canada does not use.
  • I had already got my tax refund and I know that the CRA does not have my main email address for correspondence as I prefer hard-copy rather than email from them.
When I got home I opened the site using Linux as it was fairly safe from trojans and viruses. It asked the following questions:
  • Name and Adress
  • Date of Birth
  • Mother's maiden name
  • Phone number
  • email address
One of the first things firefox did was to warn me that this was a site reported for web forgery. If you don't have firefox I would advise you to download and install this browser ASAP as it is a second level of defense.

Again, if you get an email that claims to be from the government, bank, insurance company or anyone else asking you to key in personal information do not ever use the attached URL, go to their site yourself (using a link you know is legit).