Canada Revenue Agency
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links

Online services and other e-services > CRA epass services

Institutional links

Important security information

Phishing, brand spoofing and email fraud

Security requirements

Phishing, brand spoofing and email fraud

What is it?

Phishing (pronounced "fishing" and also referred to as brand spoofing) is a type of fraud that is designed to trick individuals into disclosing confidential and financial information for the purpose of identity theft. Perpetrators send out emails, falsely claiming to be an established legitimate enterprise in an attempt to obtain personal information from the email recipient. The email usually directs the user to visit or click on links that will take them to a Web site where they are asked to update personal information, such as User Ids, passwords, account numbers, etc. The Web site, however, is a scam and is designed only to steal the user's information. For more information, see Phishing or Brand Spoofing (Royal Canadian Mounted Police).

Email fraud alert

If you do receive a fraudulent message purporting to be the CRA in your email do not respond and delete it from your Inbox. For more information, see Taxpayer alert: Don't be fooled by unsolicited e-mails or phone calls!

Report an email or online fraud

As a general rule, you should not provide your confidential and financial information over the Internet in response to unsolicited requests you receive. The Canada Revenue Agency (CRA) will never ask you to provide us with your personal information by email. If you receive such a request, do not respond and delete it from your Inbox. See what you can do to protect your personal information. For more information, see our Taxpayer alert: Don't be fooled by unsolicited e-mails or phone calls!.


Top of Page

Security requirements

The Canada Revenue Agency takes the confidentiality of your information very seriously. We use sophisticated security techniques to protect our site and your privacy. Powerful encryption technology and security procedures protect your personal information at all times. That's why you have to use approved security protocols to view your personal information or manage your personal income tax and benefit account online.

To use these CRA epass services, your browser must use 128-bit Secure Sockets Layer (SSL) 3.0 encryption. For more information, see Your browser.

Date Modified: 2009-10-05

Top of Page
Important Notices