Tricks of the attackers are typical and mostly boil down to the creation of phishing sites and web pages. Such resources can ask for personal account passwords on the local tax service website, answers to secret questions, the names of the next of kin, dates of their birth, information on bank cards, and much more. In addition to the information that the user, in fact, he himself transmits to fraudsters, attackers also often receive “accompanying” information, the IP address and location of the victim, information about the name and version of the browser, the computer’s operating system. That is, anything that can increase the chances of getting access to the accounts of the victim, bypassing the security systems.
Phishing pages can also spread malware under various pretexts. Do not stop scammers and direct extortion of money on behalf of tax officials; they conduct similar attacks in the USA, France, Canada, Ireland and other countries. Consider the most popular tax phishing schemes. For Unfiled Tax Returns Canada the services are now there.
In Canada, the Canada Revenue Agency (CRA) is responsible for collecting and administering taxes. The deadline for filing tax returns for the previous fiscal year is April 30th. On the chart below, you can see that in 2016, the greatest activity of phishers was recorded during the period of filing tax returns and declined only in May.
We can observe a slightly different picture on the 2018 chart:
- Schedule of anti-phishing components on users’ computers when trying to switch to phishing sites using the brand CRA, 2018.
The jump came in the period when most Canadians expect a refund of part of the taxes paid. We recorded a huge number of phishing pages telling the recipient that he has the right to return a certain amount of money. Basically, it was in such letters that links to fake CRA pages were distributed, where the victim was asked to fill out a web form.
- Typically, these pages almost completely copy the design of the official CRA website and request a large amount of personal information. If the user does not doubt the authenticity of the web page, the amount of information requested will also not confuse him, which means that, most likely, he will fill in the fields. As a result, the attackers receive valuable information, and the user receives a message about the successful sending of data and a proposal to wait a few days that are supposedly needed to process his request. For greater likelihood, the victim can be redirected to the original CRA website.
Among the information collected by fraudsters is the data of a bank card (including its PIN code), social security number and driver’s license, address, telephone number, date of birth, mother’s surname, and employer. Also, attackers get IP address and system information.