Why taxpayers should fortify their online defence this season

Cybersecurity expert speaks out on 'perfect storm' of online risks, and how Canadians can protect themselves

Why taxpayers should fortify their online defence this season

After a whirlwind of COVID-induced challenges and changes in 2020, taxpayers in Canada are facing possibly the most problematic tax season they’ve ever had to contend with.

Given the myriad pandemic aid programs and eligibility rules that have been rolled out and unwound, determining what expenses to declare and which benefits and deductions to claim this year is a more exhausting process for countless Canadians. Aside from that, the continued need for contactless transactions is creating a tsunami of first-time online tax filers.

“We conducted research in the fall as we launched our new TELUS Online Security offerings, and we found out that over 77% of Canadians were spending more time on the web. This year, over 90% of Canadians are expected to file their taxes virtually,” said Leigh Tynan, director of TELUS Online Security. “We also found nine out of 10 Canadians believe that online security threats are growing increasingly sophisticated.”

While cybercrime was already one of the largest and fastest-growing industries in the world, Tynan said it has increased by 65% since the pandemic began. Across the world, Canada ranks third for identities being stolen, and ninth in terms of records being exposed, according to DigitalDefence.ca. Last year, the Canada Revenue Agency was targeted in a credential stuffing attack that left thousands of Canadians locked out of their online accounts with the agency; more recently, it proactively restricted 800,000 users whose login credentials matched personal information that had been found on the dark web.

“Those pieces – people dealing with complications related to the pandemic and spending more time online, and the surge in cybercrime – are leading to a perfect storm for taxpayers,” Tynan said.

Scammers and cyber criminals have a dizzying number of ways to go after Canadian taxpayers. One common scam tactic is phishing, where a fraudster pretending to be from the CRA contacts the victim and tries to get sensitive information. Victims may be contacted via text message or instant messages, which Tynan said is a red flag as the agency only communicates with taxpayers through their registered CRA account.

“Some cybercriminals, pretending to be from the CRA, tell their victims to e-transfer money to a specific account, which the agency would never do,” Tynan said. “We’re also seeing fake enforcement phone calls with aggression or threats telling victims that the CRA will arrest them unless they pay a fine, which can appear convincing because they use fake caller IDs.”

Identity protection should also be part of Canadian taxpayers’ cyber safety efforts, she stressed. At the most basic level, people need to use strong passwords; combining letters, numbers, and symbols is a widely recommended best practice. Using VPNs can help mask their activity from spyware and hackers that might be watching them with keyloggers. Their devices should also be equipped with measures to combat malware and ransomware attacks; keeping up with software and operating system updates can also go a long way toward patching up latent vulnerabilities.

Personal protection may not be enough, she added. As consumers interact with an ever-growing diversity of apps, platforms, and paywall-gated sites, cyber criminals are increasingly focusing their efforts at corporations with large stores of consumer login information. A deep-seated sense of trust, along with a concern that they might forget, leads many Canadians to use just one to three passwords that don’t differ significantly from one another.

“That’s why we want Canadians to change their behaviour around password management,” Tynan said. “By having unique and complex passwords for each site, they can be sure that a cyberattack on one business won’t expose them elsewhere, including in their CRA My Account.”

To help Canadians protect themselves online, TELUS Online Security has brought to market a comprehensive, all-in-one, cost-effective online security solution. Aside from providing device security with a password manager and VPN software, it includes a dark web monitoring service that alerts users if their information happens to turn up there. For victims of identity theft, the solution also provides for a dedicated restoration specialist to help them get their identity back – something that can take most Canadians a full week off from work to resolve by themselves – as well as reimbursement for fees paid to lawyers and other experts whose services may be required.

“We lock our doors when we leave our homes; we use bike locks when we leave our bike somewhere; we wouldn't consider driving a car without car insurance. And yet we’re not doing much to protect what’s arguably our most valuable possession, which is our own identity,” Tynan said. “Our survey found only 18% of Canadians are taking some kind of action to protect their identity. The simple fact is that a lot of people just don’t know where to start, and we want to make it easier for them.”