Talbot & Associates Tax News
CRA web services hack: Make sure you are protected!
As many of you may already know (and for those that don’t), the Government of Canada’s web services were recently the victim of a coordinated cyberattack via its Canada Revenue Agency (“CRA”) and GCKey websites. Fraudsters were able to gain access to a total of 11,200 accounts, in many cases making fraudulent claims for government benefits and changing direct deposit information to redirect payments to themselves.
What does this mean for you?
- The Government of Canada has indicated that those affected have been contacted, so if you have not heard anything in regard to this issue, your account is likely not affected.
- The affected websites are now back up and running. Make sure you are protecting yourself by changing your CRA and/or GCKey password immediately, and frequently in the future where feasible.
- Best practices dictate that the longer your password is, the more difficult it may be to be compromised. Try not only to use combinations of capital and lowercase letters, numbers, and symbol where possible, but also consider the use of “pass-phrases” – sentences that can serve to lengthen your password while still being memorable e.g. “ILoveToWalkAndG0ToTheBeach”. Other examples of strong passwords involve the use of multiple unrelated words that do not have any general relationship e.g. “5Teacher-Alpha-Aluminum6”.
- For both passwords and security questions, try not to use questions or passwords that might be easily discernible by an outside user. Try to pick questions to which you alone would know the answer. If you must use a question that might be easily guessed by an outside party e.g. “what is my spouse’s name?”, consider purposefully using a wrong answer that wouldn’t be easily guessed.
- Do not reuse passwords and logins across multiple sites. The majority of those affected in this breach was the result of individuals having reused passwords and logins – if another site is hacked, this puts all reused login credentials at risk immediately.
Having access to your online CRA MyAccount profile is and still remains to be a great way to make sure you have access to all reported slips, income tax assessments, and mail correspondence from the CRA. It is also recommended to check periodically to ensure you have not been the victim of any unauthorized direct deposit information changes, or fraudulent claim activity such as unauthorized applications for the Canada Emergency Response Benefit (“CERB”).
If you have any other questions on this issue, please reach out to us and we can help!