Canada CRA Email / Message Scam Example and Phone Call Scam Fraud Recording 2018 - NETSEC


Learning, Sharing, Creating

Cybersecurity Memo

Wednesday, October 17, 2018

Canada CRA Email / Message Scam Example and Phone Call Scam Fraud Recording 2018

One of the top scams happening in Canada is CRA Scam, also called Income Tax Scams. Over $5 million was lost to income tax scams in 2017. The Canada Revenue Agency (CRA) is warning Canadians to be careful of emails, voice mails, even mail claiming to be from the CRA. These are phishing scams that could result in identity thefts. Email scams may also contain embedded malware, or malicious software, that can harm your computer and put your personal information at risk of compromise. The CRA does not email Canadians and request personal information.

Recently, I collected some of real samples happened to me from those scammers.

1. CRA Email Scam

I got an email from a email address starts with CRA-NoticeSecured-Taxinfo, with an attachment inside. But it actually from some weird domain The email says Canada Revenue Agency has sent you an INTERAC e-Transfer with amount $782.57.

The attachment is PDF file. At the end of attachment, it asks you to click here to deposit this money. The click here url is hxxp://

2. Phone Short Message Scam Example
Here is a short text message I received on my phone a couple of days ago. It claims it is from CR agency and sent you an Internac eTransfer. It will ask you click a url to deposit your income tax return. Bitly is the online service provider  to allow user to easily shorten and share user defined web link. It can be used to hide the real URL for phishing purpose , just like this one here.

After you select the URL, you can see the full link. If you clicked it, it will re-direct to some other phishing website.

3. CRA Phone Scam
Here are a list of  my recent recordings for this notorious CRA phone scam. For somehow, they targeted my business phone number and called many times. In order to reveal the tricks they played to me over the phone and warn to others, I managed to record some of calls.

3.1 First "CRA" scam call for TAX dispute
It was happened on May 16 2018:

3.2 Second

This "CRA" scam call was for a lost suitcase under my name, and happened on May 24 2018. I missed the call and they left an voice message, apparently, it is solicit call targeting wide users. I tried to call back later, but the phone number was already invalid  :

3.3 Third one 
It happened on Jul 12 2018, also starting with solicit call , a pre-recorded message played. I immediately called back and they answered my call.

 Totally they were  from two phone numbers: 1 (778) 404-1752 and 1 (778) 404-1750.

At the end of call, there was email communication this time from [email protected]. It were used by scammers to collect your Google Play cards pictures.

Basically, the scammers told me I had a lawsuit because of owing CRA $5000+. Since my bank account only has $600+ , they asked me to buy $500 Google Play cards from Canadian Tire and take a picture to them to resolve this lawsuit.

I recorded this whole session and paid enough patience to go to last step. Again, if there is anyone trying to fool you to get you buy or pay something through phone call, you had better to think this is a scam.

3.4 Fourth case: Oct 16 2018

Subscribe me:

There is already warning on Canadian Anti-Fraud Centre website.

Tax scams

The Canadian Anti-Fraud Centre (CAFC) continues to receive reports of emails, text messages and telephone calls related to tax scams. Tax scams can involve the following:
  1. Fraudsters are calling consumers impersonating the Canada Revenue Agency (CRA) and claiming that a recent audit has identified discrepancies from past filed taxes. Repayment is required immediately. Fraudsters threaten consumers that failure to pay will result in additional fees, jail time and/or deportation. Fraudsters may request payment via money service business, pre-paid cards / gift cards (iTunes) or bitcoin.
  2. Consumers receive an email or text message indicating a refund is pending from the CRA. The email includes a link that directs consumers to a website that looks like the actual CRA. Consumers are asked to fill in their personal information such as Social Insurance Number (SIN), Date of Birth (DOB) and banking information before receiving the refund (email money transfer). Victims who input their personal information are subject to identity fraud. No refund is ever issued.

No comments:

Post a Comment