Don’t Risk It: Protect Your EFILE ID and TaxCycle Account

We want to remind all our users about the importance of protecting their EFILE ID and account information. We will never ask for your EFILE ID and password whether it is via email or when you call into our support team.

Stay Vigilant Against Phishing Attempts

Be cautious of any communications that request your EFILE ID and password. These could be phishing attempts aimed at stealing your sensitive information. Never share these credentials with anyone. 

The Canada Revenue Agency (CRA) has issued a warning about a new phishing scam targeting EFILERs. The scam involves fake EFILE Sign in pages that try to trick tax preparers into entering their login credentials to “activate” their accounts. 

The CRA will never send links asking for your financial or personal information.

If you think your EFILE credentials may have been compromised, contact the EFILE Helpdesk right away. Failure to report a potential compromise will result in the suspension of your EFILE privileges.

How to Protect Yourself and Your Clients

• Always validate your client’s identity before any transaction or release of information.
• Never send confidential information such as a Social Insurance Number (SIN), Business Number (BN), Web Access Code (WAC) or EFILE ID or password by email.
• Use unique and strong passwords and change them often.
• Monitor your accounts regularly.
• Don’t click links in emails or text messages.
• Verify the URL and domain before logging in to any CRA accounts.
• Only log in to your accounts from trusted sources.
• Keep your browser up-to-date with the latest security fixes.
• Lock your computer when you step away from it.
• Manage representatives associated with a Business Number GroupID to prevent unauthorized access to client information.
• Log off from the CRA when you complete a secure task, such as downloading from Auto-fill my return (AFR) or accessing Represent a Client.
• Clear your cache and quit your browser to remove the history of secure online sessions with the CRA.

Strengthen Your TaxCycle Account Security With Two-Factor Authentication

We strongly recommend enabling two-factor authentication (2FA) for your TaxCycle account. 2FA adds an extra layer of security by requiring a verification code in addition to your password when you log in. This makes it significantly harder for unauthorized individuals to access your account.

When you sign in, you confirm your identity through an authenticator app (preferred method), on your mobile phone or by receiving a unique code via text message. This additional step protects your clients and firm from unauthorized access to confidential documents. 

Follow the instructions in these help topics to set up 2FA on your TaxCycle account:

• Set up 2FA Using an Authenticator App (Preferred Method)
• Set up 2FA via Text Message (SMS)

Additional CRA Security Practices

• Be wary of unsolicited emails, phone calls, or text messages claiming to be from the CRA. The CRA will never ask for sensitive personal information by email or text message.
• Use a passphrase or strong password and keep all network devices updated.
• Use a Virtual Private Network (VPN) to send and receive data more securely, especially when working remotely.
• Control access to your device by using a hardware firewall.
• Train staff in network security tools and programs.
• Contact the CRA directly if you have any doubts about the legitimacy of a communication.

Additional Resources

• Canada Revenue Agency: Reminder - Security practices for electronic filers
• Canada Revenue Agency: Protect your CRA accounts
• Canada Revenue Agency: Recognize a scam
• Canadian Anti-Fraud Centre: Protect yourself from scams and fraud
• Canada Revenue Agency: Security and privacy of your information with the CRA