Enforcement Highlights
CRTC issues $115,000 in penalties to stop the spread of malicious software
Recently, CRTC staff took enforcement action against Orcus Technologies and its partners John Paul Revezs and Vincent Leo Griebel, who developed, marketed and sold the Orcus RAT. Following this investigation, the Chief Compliance & Enforcement Officer issued Notices of Violation with total administrative monetary penalties of $115,000 for contraventions of section 9 of CASL.
Remote Access Trojans (RATs) are a type of malware that causes significant harm to Canadians. RATs are used by malicious actors to control computer systems without the owner’s consent, contrary to Canada’s anti-spam legislation.
As part of this investigation, CRTC staff cooperated with domestic and international law enforcement agencies, including the RCMP, the US Federal Bureau of Investigation and the Australian Federal Police, as well as private cyber-security firms. This complex investigation demonstrated the benefits of cooperation among law enforcement in addressing global threats.
Staying Vigilant over COVID-19 Scams
The CRTC investigates those who send commercial electronic messages without the recipient’s consent or install programs on computer systems without express consent. This includes malware, spyware and viruses in computer programs or spam messages, or downloaded through infected Web links.
Agencies worldwide have seen a spike in scam activity related to the COVID-19 pandemic. CRTC staff is working to identify malicious sites associated with the pandemic and working with partners to have them shut down, helping to protect Canadians. In addition, the CRTC is using its social media platforms to advise Canadians to stay vigilant against emerging scams related to COVID-19 and how to report them.
Enforcement Measures
- 2 Notices of Violation
- 131 Notices to Produce
- 3 Preservation Demands
- $115,000 in Administrative Monetary Penalties
Administrative Monetary Penalties
Since CASL came into force in 2014, enforcement efforts have resulted in administrative monetary penalties totaling nearly $1.3 million. Of this amount, $568,000 has been paid as part of negotiated undertakings.Footnote 1
Complaints to the Spam Reporting Centre
Between October 1, 2019 and March 31, 2020
That’s over 6,200 per week.
Approximately 6,709 of these complaints were submitted using the online form, which represents only 4.1% of total complaints. The remainder of complaints were sent by email at spam@fightspam.gc.ca.
The CRTC encourages Canadians to use the Spam Reporting Centre’s online form to provide as much information as possible about potential CASL violations. The information provided by Canadians is an essential part of the intelligence the Spam Reporting Centre gathers on spam and electronic threats. Each report is valuable and helps us to enforce CASL.
More than 44% of complaints submitted through the online form reported email spam
Sources of spam (reported through online form)
Long description:
- Email: 44%
- Text message (SMS): 29.5%
- Instant message (IM): 3%
- Unspecified: 23.5%
Lack of consent
is still the #1 complaint
Reasons why Canadians complain
Long description:
- Lack of Consent: 38%
- Identification of Sender: 24%
- Software and Malware: 2%
- Deceptive Marketing Practices: 22%
- Other: 14%
Between October 2019 and March 2020, more than 26% of the messages reported to the SRC were related to affiliate marketing or legitimate businesses selling or promoting the sale of a good or service.
The top five types of scam emails reported to the SRC during this period were associated with: (1) Extortion; (2) Business Email Compromise (fake CEO scams); (3) Employment Scams; (4) Dating Scams; (5) Unexpected Money.
Outreach
Outreach and engagement activities are a critical means to help legitimate businesses, including marketers and email senders, with their compliance efforts under CASL.
The Compliance and Enforcement team participated in 15 engagement activities with companies, associations and organizations to raise awareness about the application of CASL to unsolicited communications. In December 2019, the CRTC’s Chief Compliance and Enforcement Officer (CCEO) addressed a panel on “Cybersecurity Risks and Realities” at the Telecommunications Media Forum, organized by the International Institute of Communications. As part of his message, the CCEO noted that the CRTC engages with stakeholders to understand business models of online industries, helping it to more effectively mitigate online abuse to protect Canadians.
CRTC staff continue to leverage online platforms such as social media, webinars and podcasts to disseminate compliance information and guidance to support businesses.
Partnerships
The CRTC has forged partnerships with organizations across the globe in order to better fulfill its mandate.
The CRTC is part of the Unsolicited Communications Enforcement Network (UCENET). Members from over 26 countries work together to promote international spam enforcement cooperation and address problems relating to spam and unsolicited telecommunications.
Collaboration with International Partners
Long description:
Canada (CA)
Memorandum of Understanding:
- Competition Bureau (CB) and Office of the Privacy Commissioner (OPC)
- Consumer Protection Authority of British Columbia
Enforcement Collaboration:
United States (US)
Memorandum of Understanding:
Enforcement Collaboration:
United Kingdom (UK)
Memorandum of Understanding:
Information Commissioner’s Office (ICO)
Japan (JP)
Memorandum of Understanding:
Ministry of Internal Affairs and Communications
Australia (AU)
Memorandum of Understanding:
Australian Communications and Media Authority (ACMA)
Enforcement Collaboration:
Australian Federal Police (AFP)
New Zealand (NZ)
Memorandum of Understanding:
Useful Resources
Check out recent fraudulent activities uncovered by the RCMP.
Looking for cyber safety tips?
Office of the Privacy Commissioner of Canada
Frequently Asked Questions about CASL
Information Bulletin - Guidelines on the Commission's Approach to Section 9 of CASL
- Date modified: