When I opened my email this morning I saw an email that seemed too good to be true. It looked like the Canada Revenue Agency (CRA) was offering me an unexpected refund.

As you can probably guess, this offer was too good to be true.

Like many phishing scams - online scams where criminals "bait" a hook with what seems like an incredible opportunity or urgent risk that needs to be addressed - the email was part of a tactic designed to steal money from vulnerable Canadians.

The first clue in the email was the way it was addressed. You see, the CRA knew how much they allegedly owed me ($386.00). They also had my email address. Yet somehow they did now know my name.

Generic greetings - in this case "Dear Applicant" - are a common signal that an email is not legitimate.

In the email I received there was a form I was asked to click on to apply for the refund. The form was titled "Verify_Form.htm."

Operating under safe Internet practice guidelines, the minute you get a suspicious email asking you to click an attachment you should be on guard. You should not click on a suspicious attachment, even if you are curious, as it's quite possible that the file will contain malicious code or in this case, take you to a website that could contain malicious code.

If you do end up at the website after clicking on an offer or request in an email, you should not be reassured if the design looks like you would expect it to.

When you visit a scam website that has spoofed the legitimate site, changes are good that it will look very similar to, possibly even identical to, the real thing.

Hackers and criminals are now able to duplicate the websites they are imitating so that it is very hard to tell the fake site from the real one. Your best point of defence is to be on guard when the email is received.

In this particular scam, the CRA allegedly asks you to provide either debit or credit card information so they can return money to you. However, if you look at the actual code behind the page, instead of being based on the correct government address all the links point to a domain that has hidden its true location using a foreign privacy protection service.

To put it bluntly, if you are tricked by this scam you will be giving either your debit or credit card information to a foreign criminal.

At the end of the day, common sense is a big factor in protecting yourself from scams like this.

Professional companies and organizations, especially ones like the government, eBay, Paypal and financial institutions will not send out generic emails asking you to login to a web system. When you receive an email asking you to do this, it is an excellent indicator that you have encountered a phishing scam.

If you enjoyed this article, be sure to visit CanadaOne's article knowledge base for more informative articles.