Skip to content Skip to sidebar Skip to footer
Home / Phishing Email : CRA Applicant form return of $403.27 CAD

Phishing Email : CRA Applicant form return of $403.27 CAD

For the record, here's a recent Canada Revenue Agency (CRA) phishing email that is circulating and was caught by Junk or Spam filters, but maybe not for you.

What to do?

Report them and label them as Phishing Email not SPAM (in your online email system), see below.



Report them? 

Report Phishing URLs at Google Plex now as well;

Here's the view of the email in your online mail client




Dear Rob.Hamilton@outlook.com,

After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax refund of 403.27 CAD

Please fill the secure tax return form and allow us 2-3 business days to process it
Secure form : http://cra-arg.gc.ca/tax-return/123467890/applicant

                     SPAM URL Points to href="http://parkshilton.in/felrvnj/index.php"

[2]

Tax Return Number: GB232UUSZ21
Recipient e-mail: Rob.Hamilton@outlook.com

Here's what http://parkshilton.in/felrvnj/index.php page looks 



and is hosted in USA but owned by;    

   This info is available for any site using a Whois lookup, https://www.godaddy.com/whois[3] has one

   1   2   3   4   5   6   7   8   9  10  11  12  13  14  15  16  17  18  19  20  21  22  23  24  25  26  27  28  29  30  31  32  33  34  35  36  37  38  39  40  
  Domain ID:D5779724-AFIN  Domain Name:PARKSHILTON.IN  Created On:31-Jan-2012 10:59:24 UTC  Last Updated On:02-Apr-2017 18:20:40 UTC  Expiration Date:31-Jan-2018 10:59:24 UTC  Sponsoring Registrar:Mitsu Inc (R158-AFIN)  Status:CLIENT TRANSFER PROHIBITED  Reason:  Registrant ID:BS_10305232  Registrant Name:S P Mohanty  Registrant Organization:SME Consulting Services  Registrant Street1:Fort  Registrant City:Mumbai  Registrant State/Province:Maharashtra  Registrant Postal Code:400001  Registrant Country:IN  Registrant Phone:+22.9320565526  Registrant Email:smeconsulting@live.com  Admin ID:BS_10305232  Admin Name:S P Mohanty  Admin Organization:SME Consulting Services  Admin Street1:Fort  Admin City:Mumbai  Admin State/Province:Maharashtra  Admin Postal Code:400001  Admin Country:IN  Admin Phone:+22.9320565526  Admin Email:smeconsulting@live.com  Tech ID:BS_10305232  Tech Name:S P Mohanty  Tech Organization:SME Consulting Services  Tech Street1:Fort  Tech City:Mumbai  Tech State/Province:Maharashtra  Tech Postal Code:400001  Tech Country:IN  Tech Phone:+22.9320565526  Tech Email:smeconsulting@live.com  Name Server:NS1.RHOSTJH.COM  Name Server:NS2.RHOSTJH.COM



CRA and CDN Anti-Fraud Centre ?


According to Canada Revenue Agency[4] (CRA), it's important to know that:
  • The CRA never requests, by email, personal information of any kind from a taxpayer.
  • The CRA will never request information from a taxpayer pertaining to a passport, health card, or driver's licence.
  • The CRA will not divulge taxpayer information to another person unless formal authorization is provided by the taxpayer.
  • The CRA will not leave any personal information on an answering machine.

More information about this scam is available on Canada Revenue Agency's website. If you've been a victim, report it to your local police and to the Canadian Anti-Fraud Centre[5][6]

How to tell this is a Phishing email ?


  1. Convert the email view from HTML to text, check for bad URLs.
  2. Hover over all links in email, if it's not from the same as the text then forget it.
  3. The best way is to look at message source, see below.


How to examine Email Message Source ?


Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
And look for phony links.


Report Phishing Email (not as Spam)


  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 


Report phishing at Microsoft and government agencies


  1. https://www.microsoft.com/en-us/safety/online-privacy/phishing-symptoms.aspx[7]

Source: feedproxy.google.com