Canada’s Anti-Spam
Legislation (CASL)

Actions carried out by the CRTC between
October 1, 2022 and March 31, 2023

View previous or next time period

Enforcement Highlights

In today’s digital society, no one is immune to phishing attacks. Canadians need to stay vigilant as threat actors develop new tools and techniques to take advantage while at the same time try to evade detection from law enforcement.

Phishing is an attack where a scammer calls you, texts or emails you, or uses social media to trick you into clicking a malicious link, downloading malware, or sharing sensitive information.

Phishing attempts are often generic mass messages, but the message appears to be legitimate and from a trusted source (such as from a bank or courier company).

Large-scale Bank Phishing Investigation

In January 2023, the CRTC’s Compliance and Enforcement team executed warrants to simultaneously search four dwellings in the Greater Montreal Area as part of an investigation into a series of large-scale bank phishing campaigns targeting Canadians and financial institutions in Canada. This was the largest search operation to date for the CRTC and involved significant coordination and support from local law enforcement agencies.

The investigation was initiated following reports from financial institutions and submissions by Canadians to the Spam Reporting Centre (SRC). Phishing activity is growing in complexity as new tools and techniques are used by threat actors to steal personal information, send phishing emails and text messages, and compromise accounts on a large scale and with little effort.

Canadian are encouraged to continue to report spam and suspicious practices to spam@fightspam.gc.ca or by using the SRC’s online form.

Using social media to warn Canadians

Canadians can follow the CRTC’s Twitter and Facebook accounts for alerts on emerging phishing and scam campaigns that are continually popping up.

In late 2022, the CRTC alerted Canadians to an ongoing text message spam that was circulating. They were warned not to click on the link if they received a text message referring to Canada’s Anti-Spam Legislation (CASL) and a judgment awarding money to victims of illegal text message spamming.

In early 2023, the CRTC’s SRC received complaints about emails containing malicious OneNote attachments.  If opened, the attachments could compromise their computer, mobile phone, or even steal their personal information. The CRTC acted quickly to warn Canadians to be on the lookout for these emails appearing to come from an oil or gas company, and to avoid opening the attachments. The CRTC also retweeted a similar warning by the  Canadian Cyber Center about this campaign.

At the end of March, the CRTC retweeted a Canadian Anti-Fraud Centre  warning of reports of phishing text messages claiming to be from the Canadian Revenue Agency (CRA) which included real CRA phone numbers to make the message look legitimate.

The CRTC continues to encourage Canadians to stay vigilant and to report spam messages, or infected Web links that install malware, spyware, and viruses onto their computers.

“It’s important for Canadians to know that the CRTC only uses credible channels such as our official website and social media accounts to share information and to warn Canadians about phishing campaigns and scams.  And that as a government agency, the CRTC DOES NOT send messages directly to devices.”

- Steven Harroun, Chief Compliance and Enforcement Officer, CRTC

Payments and Penalties Under CASL

Since CASL came into force in 2014, compliance and enforcement efforts have resulted in administrative monetary penaltiesFootnote 1 and undertakings totalling over $3.6 million.

Enforcement Measures

Enforcement measures infographic
Long description:
  • 144 Notices to Produce
  • 2 Undertakings
  • 1 Notice of Violation
  • 8 Preservation Demands
  • 4 Warrants

Complaints to the Spam Reporting Centre (SRC)

Between October 1, 2022 and March 31, 2023

Over 176,706 complaints to the Spam Reporting Centre

Over 176,706 complaints to the Spam Reporting Centre.

That’s 6,796 per week.

Approximately 4,577 of these complaints were submitted using the online form, which represents only about 2.6% of total complaints. The remainder of complaints were sent by email at spam@fightspam.gc.ca.

The CRTC encourages Canadians to use the SRC’s online form to provide as much information as possible about potential CASL violations. The information provided by Canadians is an essential part of the intelligence the SRC gathers on spam and electronic threats. Each report is valuable and helps us to enforce CASL.

SRC Database Updates

The SRC continues to make updates and enhancements to the database to help identify cyber threat actors. More specifically, the SRC has added several new features that allow us and our partners to make better use of available data, enhance data retention, search with greater precision, display the date as needed, and to navigate the system more easily.

Sources of spam (reported through online form)

Sources of spam chart
Sources of spam legend
Long description:
  • Email: 68%
  • Text message (SMS): 29%
  • Instant message (IM): 2%
  • Unspecified: 1%

SMS spam (reported through online form)

SMS spam chart
SMS spam legend
Long description:
  • Phishing: 66%
  • Other/Unknown: 12%
  • Commercial: 16%
  • Scams: 3%
  • Affiliate Marketing: 2%

Reasons why Canadians complain

Reasons why Canadians complain chart
Long description:

Complaint reasons and percentages

  • Lack of consent: 48%
  • Indentification of Sender: 19%
  • Deceptive Marketing Practices: 20%
  • Other: 10%
  • Software and Malware: 2%

Note: The total does not add to 100% since Canadians can select more than one category for a complaint.

Per month break down of complaints

Complaints about consent chart
Complaints about consent chart legend

Note: Statistics derived from spam reports filed through the SRC online form.

Long description:
Table 1
Year-month Lack of Consent Deceptive Marketing Practices Identification of Sender Other Software and malware Grand Total
2022-10 738 294 346 160 23 1561
2022-11 788 357 366 164 27 1702
2022-12 643 260 247 136 23 1309
2023-1 734 381 340 156 21 1632
2023-2 650 233 206 136 23 1248
2023-3 620 214 204 132 27 1197
Grand Total 4173 1739 1709 884 144 8649

Top 5 commercial and affiliate marketing complaints

Graphic of the top five categories of affiliate marketing messages

The top five categories of commercial and affiliate marketing messages reported to the SRC relate to:

  1. Online Shopping
  2. Food, Drug & Health
  3. Business to Business (B2)
  4. Software & Technology
  5. Home, Auto & Real Estate

Note: Statistics derived from spam reports filed through the SRC online form.

Top 5 Phishing and Scam Complaints

Graphic of the top 5 Phishing and Scam Complaints

The top five categories of Phishing and Scam Complaints reported to the SRC are:

  1. Private Company Impersonation
  2. Government Impersonation
  3. Extortion Scams
  4. Business Email Compromise/Gift Card Scams
  5. Advanced Fee Scams

Note: Statistics derived from spam reports filed through the SRC online form.


Outreach and engagement activities are a critical means to help educate legitimate businesses, including marketers, email senders, and other small and medium businesses, about their obligations under CASL.

CRTC Compliance and Enforcement staff participated in 8 virtual engagement activities with various companies, associations and organizations to raise awareness about the application of CASL to unsolicited communications.

In February and March, the CRTC took part in and promoted Fraud Prevention Month to remind Canadians that recognizing fraud is the first step in preventing it. On Twitter and Facebook, the CRTC reminded Canadians to watch out for misspelled words, urgent demands or unknown numbers being used by fraudsters as part of the tricks of their trades.

Collaboration with International Partners

For the first time, regulators from Canada, Australia, Ireland, Hong Kong and the United States met in person in the fall of 2022 to find better ways to combat scams.

Hosted by the CRTC, the Combating Scam Communications meeting was an opportunity to share strategic insights on current initiatives and cross-border enforcement challenges. Participants also explored opportunities for greater international collaboration to disrupt scam communications.

Representatives from the five countries agreed to continue their collaboration and share strategic information. They will also seek engagement from other regulatory agencies in jurisdictions that may be the source of or suffering from scam communications.

This meeting builds on an existing collaboration between regulators through the Unsolicited Communications Enforcement Network (UCENet) and the strong bilateral relationships between many global regulatory agencies.

“The purpose of the UCENet is to promote international spam enforcement cooperation and address related issues, such as online fraud and deception, phishing and the spreading of computer viruses.”

- Steven Harroun, Chief Compliance and Enforcement Officer, CRTC

The CRTC works with members from over 26 countries to fulfill its mandate, to promote international cooperation and address problems relating to spam and unsolicited communication.

Agreements with International Partners world map
Long description:

Canada (CA)

Memorandum of Understanding:

Enforcement Collaboration:

United States (US)

Memorandum of Understanding:

Enforcement Collaboration:

United Kingdom (UK)

Memorandum of Understanding:

Information Commissioner’s Office (ICO)

Japan (JP)

Memorandum of Understanding:

Ministry of Internal Affairs and Communications

Australia (AU)

Memorandum of Understanding:

Australian Communications and Media Authority (ACMA)

Enforcement Collaboration:

Australian Federal Police (AFP)

New Zealand (NZ)

Memorandum of Understanding:

Department of Internal Affairs (DIA)

Useful Resources


Are you still receiving spam?

Report it and we’ll have a look.

Date modified: