No one is safe from identity theft. But you can apply the best practices below to protect yourself:

1. Watch out for suspicious activity in your online accounts. If you notice a change to your personal information that you did not make, call the business or organization concerned immediately. For Revenu Québec, you can call our client services.
2. Limit how much information you share online.
3. Keep your private information safe from prying eyes. 
4. Never lose sight of your credit or debit card when paying. 
5. Never share private information, unless the law requires it or you trust the person asking for it.
6. Use strong passwords for your accounts. 
7. If you have any doubts about the payment method proposed by a business, go to its website to check if it is an official method. For Revenu Québec, check the Payment Options on our website.
8. Don't click links in emails or texts urging you to provide bank information to receive a refund.
9. If you think your identity's been stolen or that you've been targeted by a scammer, contact our client services immediately. We need to be notified promptly so we can take extra steps to protect your personal information. 

A strong password is the key

It's a fact: 80% of cyberattacks are due to weak or stolen passwords.

Passwords are the most common authentication method in digital technology. Phones, computers, bank accounts, social media profiles, government accounts to meet tax obligations—the list goes on and on.

Passwords act like barriers that keep your private and personal information from being stolen.

To protect your data, follow these rules:

• Change your passwords often.
• Use complex passwords by changing the characters.
• Prioritize long passwords.
• When changing a password, choose characters randomly rather than logically.
• Don't use the same password all the time on all the platforms you use.
• Memorize your passwords instead of writing them down.
• Don't include personal information like your pet's name or the make of your car in your passwords.
• Never save your passwords in your browser.

Be extra careful about passwords to prevent having your identity or private information stolen.

Psychological hacking

Psychological hacking is when cybercriminals exploit cognitive biases to get personal or financial information from their victims.

The technique makes emails, texts or voice messages look familiar to the victim. The source seems completely harmless, but scammers are behind it.

The best practices to help you spot psychological hacking attacks and prevent identity theft are as follows:

1. Check sources.
   If you receive an email, text or call from an unknown person, check the address or number online. If the address or number was already used in a psychological hacking attack that was reported, you'll be able to identify it and protect yourself.
2. If it sounds too good to be true, it probably is.
   Be wary of anyone offering luxury products at a fraction of their real cost or promising you a gift in exchange for information. Even if the offer or request comes from someone you know, be careful. Why are they contacting you in this way or sending you this link?
3. When in doubt, check it out.
   If you have doubts about messages, calls or emails, take the time to check that they're authentic by calling the business, the person or the organization concerned. Never use phone numbers or contact information in emails or texts: always find the official contact information online.
4. Find the mistake.
   If you receive an unusual email, check the email address in the message, even if the sender seems trustworthy. The addresses cyberattackers use differ slightly from the real thing.
5. Watch out for fake social media accounts.
   Hackers often pose as acquaintances or representatives of authorities or organizations to manipulate victims into disclosing private information. This often happens through social networks, so don't share private information with your contacts, even in a private conversation.

Our official means of communication

Cybercriminals use various techniques to get information and steal their victims' identities. Have you ever received an email or text that seemed to come from us, urging you to click a link to receive a refund or assistance? We would never communicate with you that way.  

Our official means of communication are as follows: 

• To get your feedback, we regularly conduct phone or online surveys, or hire outside firms to do so. We do not give information from our data banks to the firms. In addition, no one is authorized to ask for tax information on our behalf, and we decide what the firms can do with information they collect.
• If you asked us, we may send you the following information by text, email or automated call:
  • a temporary My Account access code
  • a clicSÉQUR verification code
  • a URL for the Order Prefilled TP-64.3-V Forms online service (available in French only), so you can download prefilled forms
• We send automated emails to notify you when there is a new message in My Account. These emails do not contain confidential information.
• We occasionally send documents and information by secure email. This service safeguards communications between senders and receivers in order to protect the email's confidential nature. 
• We may call you on behalf of the Government of Québec. If you missed the call, you can safely dial the number in the message we left.

Information security is a priority for us. For more information or what to do if you think you're a victim of a cyberattack, click Phishing Scams and Identity Theft.