Wednesday, January 14, 2015

Canada Revenue Agency Tax Return - Phishing Email

Subject: [notifications]-ID-123456769

Tax time and spammer's are hitting early. If you receive this crafty email similar to below, then it beware it's probably a phishing email attempt that is recently going around. What to do?  Report them now,

Action > Report the Phishing URL to Google Plex now, click this link

How to tell this is a Phishing email ?

  1. Canada Tax Revenue agency does not use email to engage CDN citizens that their tax return is due.
  2. Reply to this email is sent to <>; this is Bell and not CRA. If it were CRA it would be something like <>.
  3. Email is From: Canada Revenue Agency but don't let that fool you the address is from <> and cleverly crafted but not the CRA.
  4. Reading email in Outlook generated pop-up "Click to follow link"
  5. Hover over action url, For tax refund click here >> and you see it's to the phishing link

  6. The best way is to look at message source, see below.

How to examine Email source?

Email consists of a message header and body. 
Briefly, the message body is basically everything you see below the subject line. 
To view the source message header, which includes details such as To:, Cc:, Bcc:, Reply To: and Subject, do the following in your email system;

  1.>Actions->View Message Source 
  2.>More (down arrow to top right)->Show original
  3.>More (at Bottom of Message)->View Full Header
  4. Outlook Program - see  

For this phony email, we have the message source in a code source reader.

At line 9 you have Received: from (HELO ( is located in Japan but originally from Korea, not Canada.

Find out geo location of the IP address on map, click link below;

Report Phishing Email (not as Spam)
  1.>Junk (at Top)->Phishing Scam
  2.>More (downarrow to top right)->Report Phishing
  3.>Spam->Report a Phishing Scam

Also Report Phishing domain at Google Plex now!!! 

If you have recievied this email take further action now by click these links


Also Report phishing email at Microsoft and government agencies


Learn how Office 365 prevents spam and malware free course 

No comments:

Post a Comment