Canada Revenue Agency published a tax-season security reminder focused on account access, fraudulent returns, and benefit claims.
The CRA said threat actors increase their efforts during tax season to access taxpayer accounts, file fraudulent tax returns, and submit benefit claims.
One measure is multi-factor authentication. The agency described MFA as part of its account-security approach for CRA sign-in services.
The CRA also said it proactively revokes user IDs and passwords that may have been obtained by unauthorized third parties through external sources.
Unused credentials are also revoked after prolonged inactivity to reduce the chance that old accounts are misused.
The tax tip warned taxpayers to be cautious about fake websites that may appear more frequently during tax season and to use official CRA sources for tax information.
The issue is administrative rather than legislative. It matters because account compromise can lead to false filings, delayed refunds, disrupted benefit payments, and additional CRA verification work for affected taxpayers.