Important Security Information

If your CRA user ID and password have been revoked

Some taxpayers may have received a notification that their CRA user ID and password have been revoked. Visit CRA user ID and password have been revoked for more information.

Phishing or brand spoofing

Phishing (pronounced "fishing" and also referred to as brand spoofing) is a type of fraud that is designed to trick individuals into disclosing confidential and financial information for the purpose of identity theft. Perpetrators send out emails, falsely claiming to be an established legitimate enterprise, in an attempt to obtain personal information from the email recipient. The email usually directs the user to visit a web site or click on links that will take them to a web site where they are asked to update personal information, such as User IDs, passwords, and account numbers. The web site, however, is a scam and is designed only to steal the user's information. For more information, see Canadian Anti-Fraud Centre.

Email fraud alert

If you do receive a fraudulent email message claiming to be from the CRA, do not respond and delete it from your Inbox.

Report an email or online fraud

As a general rule, you should not provide your confidential or financial information over the Internet in response to unsolicited requests you receive. The CRA will never ask you to provide your personal information by email. If you receive such a request, do not respond and delete it from your Inbox. See what you can do to protect your personal information.

Security requirements

The CRA takes the confidentiality of your information very seriously. We use sophisticated security techniques to protect our site and your privacy. Powerful encryption technology and security procedures protect your personal information at all times. That's why you have to use approved security protocols to view your personal information or manage your personal income tax and benefit account online. For more information, see Your browser.

Clearing your cache

If you are using a computer available in a public location (e.g., a library), you should clear the browser's cache or close and reopen the browser. Information stored in the browser's cache is not encrypted, so clearing the cache helps to ensure the security of your information. For more information, see Access online services safely.


Clearing your cache will remove any cookies that are stored on your computer's browser. This means that each time you sign in using that computer, you will have to answer one of the security questions you have chosen. If you do not want to answer one of the questions you already chose and this is the personal computer that you use most often to sign in to the CRA sign-in services, do not clear your cache.

Page details

Date modified: