Gwen Martin didn't expect a second tax return this year, so when the 74 year-old got an email promising her more money, she suspected a scam.
The email appears to come from Canada Revenue Agency.
It claims she's eligible for a nearly $400 return after registering for a Government Gateway account.
Martin did not click the link and instead she contacted an anti-fraud agency who told her to delete the email.
Martin had heard about the Heartbleed Bug and wondered about a possible connection.
Canada's Revenue Agency blames the computer glitch for nearly 900 stolen social insurance numbers.
The agency had blocked access to its online services for several days, hoping to prevent this.
The CRA says each affected person will receive a "registered letter" notifying them of the breach.
It won't contact people by phone or email to eliminate chances of fraud.
The agency's website has been restored and the deadline for filing taxes has been extended to May 5th.
Michael Legary, chief strategy officer at Seccuris, knows of many email scams like the one Martin received.
Rather than Heartbleed itself, Legary says they are likely attempts to exploit the attention drawn to the CRA.
He recommends not opening email you aren't expecting, and if you do, don't click on the link, even if it appears to be a link to a trusted website.
Instead, you could type the website into your browser.
But Legary says Heartbleed concerns still exist.
It leaves no traces, so the number of people affected remains unknown.
Legary recommends changing all of your passwords, and monitoring accounts for any strange activity.
