Enforcing
Canada’s Anti-Spam
Legislation (CASL)

Actions carried out by the CRTC between
October 1, 2019 and March 31, 2020

View previous time period

Enforcement Highlights

CRTC issues $115,000 in penalties to stop the spread of malicious software

Recently, CRTC staff took enforcement action against Orcus Technologies and its partners John Paul Revezs and Vincent Leo Griebel, who developed, marketed and sold the Orcus RAT. Following this investigation, the Chief Compliance & Enforcement Officer issued Notices of Violation with total administrative monetary penalties of $115,000 for contraventions of section 9 of CASL.

Remote Access Trojans (RATs) are a type of malware that causes significant harm to Canadians. RATs are used by malicious actors to control computer systems without the owner’s consent, contrary to Canada’s anti-spam legislation.

As part of this investigation, CRTC staff cooperated with domestic and international law enforcement agencies, including the RCMP, the US Federal Bureau of Investigation and the Australian Federal Police, as well as private cyber-security firms. This complex investigation demonstrated the benefits of cooperation among law enforcement in addressing global threats.

Staying Vigilant over COVID-19 Scams

The CRTC investigates those who send commercial electronic messages without the recipient’s consent or install programs on computer systems without express consent. This includes malware, spyware and viruses in computer programs or spam messages, or downloaded through infected Web links.

Agencies worldwide have seen a spike in scam activity related to the COVID-19 pandemic. CRTC staff is working to identify malicious sites associated with the pandemic and working with partners to have them shut down, helping to protect Canadians. In addition, the CRTC is using its social media platforms to advise Canadians to stay vigilant against emerging scams related to COVID-19 and how to report them.

Enforcement Measures

Administrative Monetary Penalties

Since CASL came into force in 2014, enforcement efforts have resulted in administrative monetary penalties totaling nearly $1.3 million. Of this amount, $568,000 has been paid as part of negotiated undertakings.Footnote 1

Complaints to the Spam Reporting Centre

Between October 1, 2019 and March 31, 2020

Over 163,500 complaints to the Spam Reporting Centre

That’s over 6,200 per week.

Approximately 6,709 of these complaints were submitted using the online form, which represents only 4.1% of total complaints. The remainder of complaints were sent by email at spam@fightspam.gc.ca.

The CRTC encourages Canadians to use the Spam Reporting Centre’s online form to provide as much information as possible about potential CASL violations. The information provided by Canadians is an essential part of the intelligence the Spam Reporting Centre gathers on spam and electronic threats. Each report is valuable and helps us to enforce CASL.


More than 44% of complaints submitted through the online form reported email spam

Sources of spam (reported through online form)

SRC complaint reasons donut chart
SRC complaint reasons donut chart legend
Long description:
  • Email: 44%
  • Text message (SMS): 29.5%
  • Instant message (IM): 3%
  • Unspecified: 23.5%

Lack of consent
is still the
#1 complaint

Reasons why Canadians complain

Triggers for complaining donut chart
Triggers for complaining donut chart legend
Long description:
  • Lack of Consent: 38%
  • Identification of Sender: 24%
  • Software and Malware: 2%
  • Deceptive Marketing Practices: 22%
  • Other: 14%
Graphic of the top 5 types of scam emails

Between October 2019 and March 2020, more than 26% of the messages reported to the SRC were related to affiliate marketing or legitimate businesses selling or promoting the sale of a good or service.

The top five types of scam emails reported to the SRC during this period were associated with: (1) Extortion; (2) Business Email Compromise (fake CEO scams); (3) Employment Scams; (4) Dating Scams; (5) Unexpected Money.

Outreach

Outreach and engagement activities are a critical means to help legitimate businesses, including marketers and email senders, with their compliance efforts under CASL.

The Compliance and Enforcement team participated in 15 engagement activities with companies, associations and organizations to raise awareness about the application of CASL to unsolicited communications. In December 2019, the CRTC’s Chief Compliance and Enforcement Officer (CCEO) addressed a panel on “Cybersecurity Risks and Realities” at the Telecommunications Media Forum, organized by the International Institute of Communications. As part of his message, the CCEO noted that the CRTC engages with stakeholders to understand business models of online industries, helping it to more effectively mitigate online abuse to protect Canadians.

CRTC staff continue to leverage online platforms such as social media, webinars and podcasts to disseminate compliance information and guidance to support businesses.

Partnerships

The CRTC has forged partnerships with organizations across the globe in order to better fulfill its mandate.

The CRTC is part of the Unsolicited Communications Enforcement Network (UCENET). Members from over 26 countries work together to promote international spam enforcement cooperation and address problems relating to spam and unsolicited telecommunications.

Collaboration with International Partners

Agreements with International Partners world map
Long description:

Canada (CA)

Memorandum of Understanding:

Enforcement Collaboration:

United States (US)

Memorandum of Understanding:

Enforcement Collaboration:

United Kingdom (UK)

Memorandum of Understanding:

Information Commissioner’s Office (ICO)

Japan (JP)

Memorandum of Understanding:

Ministry of Internal Affairs and Communications

Australia (AU)

Memorandum of Understanding:

Australian Communications and Media Authority (ACMA)

Enforcement Collaboration:

Australian Federal Police (AFP)

New Zealand (NZ)

Memorandum of Understanding:

Department of Internal Affairs (DIA)

Useful Resources

Check out recent fraudulent activities uncovered by the RCMP.

Looking for cyber safety tips?

Competition Bureau Canada

Office of the Privacy Commissioner of Canada

Frequently Asked Questions about CASL

CASL Compliance Tips

Information Bulletin - Guidelines on the Commission's Approach to Section 9 of CASL

Are you still receiving spam?

Report it and we’ll have a look.

Date modified: