Enforcement Highlights
On April 4, 2023, as many as 28 Canadian police services took part in a Global Day of Action against Genesis Market.
Genesis was an online criminal marketplace that traded in advanced stolen credentials that supplied access to online accounts and other services. Cybercriminals bought what the market owners referred to as 'bots' that infected victims' devices through malware or account takeover attacks to gain access, defeat two-factor authentication and other security features as the first steps to commit fraud, hack into corporations, drop ransomware and steal intellectual property. Genesis Market had over 1.5 million bots and over 2 million identities listed when it was shut down, making it one of the largest online criminal facilitators.
With most Canadian Genesis users residing in Quebec, the Canadian Radio-television and Telecommunications Commission (CRTC) and Sûreté du Québec played a significant role in investigating high-level users and executing the warrants. The success of this large-scale targeted operation can be attributed to the RCMP’s National Cybercrime Coordination Centre who diligently worked with international partners from 17 countries that resulted in domain seizures and enforcement actions worldwide.
Click here to see the news release.
"The CRTC works closely with national and international partners to protect Canadians from online threats. The actions taken by the CRTC's enforcement partners to disrupt this illicit online activity will have a significant impact in preventing Canadians' stolen information from falling into the wrong hands. I applaud all our partners for their collaboration in this operation."
- Steven Harroun, Chief Compliance and Enforcement Officer, CRTC
Using social media to explain how the CRTC Fights Phishing and Spam
Steven Harroun, Chief Compliance and Enforcement Officer, CRTC, had a wide-ranging conversation with Ken Simpson, CEO of MailChannels. The discussion focused on critical topics surrounding Canada's digital landscape, including how the CRTC plays a role in protecting Canadians from online abuse, offered an overview of Canada's Anti-Spam Legislation (CASL) and sketched out the types of complaints the CRTC has received since the start of CASL.
During their chat, they talked about the CRTC’s enforcement strategies on spam, phishing, and other forms of cyber abuse. They also discussed emerging challenges posed by artificial intelligence, strategies for managing new threats such as botnet traffic, as well as ways to educate Canadians, including the complexities of navigating the evolving terrain of technology and communication platforms.
Click here to see the full interview.
Payments and Penalties Under CASL
Since CASL came into force in 2014, enforcement efforts have resulted in over $3.2 million issued in administrative monetary penaltiesFootnote 1.
Enforcement Measures
Long description:
- 11 Warning Letters
- 29 Notices to Produce
- 4 Preservation Demands
- 2 Searches
- 1 Notice of Violation
Complaints to the Spam Reporting Centre (SRC)
Canadian complaints are an essential part of the intelligence the Spam Reporting Center (SRC) gathers on spam and electronic threats.
Between April 1, 2023 and September 30, 2023:
Over 210,772 complaints were received by the Spam Reporting Centre.
That’s 8,106 per week.
Approximately 4,223 of these complaints were submitted using the online form, which represents only about 2.0% of the total complaints. The remainder of the complaints were sent by email at spam@fightspam.gc.ca.
It is helpful to use the SRC’s online form since it provide as much information as possible about potential CASL violations.
The CRTC encourages Canadians to also report spam SMS to the SRC.
Sources of spam (reported through online form)
Long description:
- Email: 73%
- Text message: 25%
- Instant message: 1%
- Unspecified: 1%
SMS spam (reported through online form)
Long description:
- Phishing: 28%
- Political SMS (CASL-exempt): 27%
- Commercial: 19%
- Other/Unknown: 16%
- Scams: 10%
Reasons why Canadians complain
Long description:
Complaint reasons and percentages
- Lack of consent: 53%
- Identification of sender: 17%
- Deceptive Marketing Practices: 18%
- Other: 10%
- Software and malware: 2%
Per month break down of complaints
Note: Statistics derived from spam reports filed through the SRC online form.
Long description:
| Year-month | Other | Lack of consent |
Identification of sender |
Deceptive Marketing Practices |
Software and malware |
Grand Total |
|---|---|---|---|---|---|---|
| 2023-04 | 106 | 566 | 210 | 215 | 38 | 1135 |
| 2023-05 | 105 | 643 | 170 | 174 | 14 | 1106 |
| 2023-06 | 114 | 685 | 212 | 265 | 11 | 1287 |
| 2023-07 | 107 | 454 | 141 | 134 | 24 | 860 |
| 2023-08 | 116 | 583 | 199 | 198 | 19 | 1115 |
| 2023-09 | 101 | 655 | 223 | 239 | 19 | 1237 |
| Grand Total | 649 | 3586 | 1155 | 1225 | 125 | 6740 |
Top 5 commercial and affiliate marketing complaints
The top five categories of commercial and affiliate marketing messages reported to the SRC relate to:
- Online Shopping
- Food, Drug and Health
- Home, Auto and Real Estate
- Software and Technology
- Business to Business
Note: Statistics are derived from spam reports filed through the SRC online form.
Canadians can follow the CRTC’s X (Twitter) and Facebook accounts for alerts on emerging phishing and scam campaigns that are continually popping up.
Top 5 Phishing and Scam Complaints
The top five categories of Phishing and Scam Complaints reported to the SRC are:
- Government Impersonation
- Employment Scams
- Private Company Impersonation
- Advanced Fee Scams
- Bank Impersonation
Note: Statistics are derived from spam reports filed through the SRC online form.
Long description:
Top 5 commercial and affiliate marketing complaints:
- Online Shopping
- Food, Drug and Health
- Home, Auto & Real Estate
- Software & Technology
- Business to Business
Top 5 Phishing and Scam Complaints:
- Government Impersonation
- Employment Scams
- Private Company Impersonation
- Advanced Fee Scams
- Bank Impersonation
Outreach
Outreach and engagement activities are a critical means to help educate legitimate businesses, including marketers, email senders, and other small and medium businesses, about their obligations under CASL.
CRTC’s Compliance and Enforcement staff took part in 16 engagement activities with various companies, associations and organizations to raise awareness about the application of CASL to unsolicited communications.
Collaboration with International Partners
The CRTC works with members from over 26 countries to fulfill its mandate, to promote international cooperation and address problems relating to spam and unsolicited communication.
Long description:
Canada (CA)
Memorandum of Understanding:
- Competition Bureau (CB) and Office of the Privacy Commissioner (OPC)
- Consumer Protection Authority of British Columbia
Enforcement Collaboration:
United States (US)
Memorandum of Understanding:
Enforcement Collaboration:
United Kingdom (UK)
Memorandum of Understanding:
Information Commissioner’s Office (ICO)
Japan (JP)
Memorandum of Understanding:
Ministry of Internal Affairs and Communications
Australia (AU)
Memorandum of Understanding:
Australian Communications and Media Authority (ACMA)
Enforcement Collaboration:
Australian Federal Police (AFP)
New Zealand (NZ)
Memorandum of Understanding:
Useful Resources
Check out recent fraudulent activities reported to the Canadian Anti-Fraud Centre.
Looking for cyber safety tips?
Office of the Privacy Commissioner of Canada
Frequently Asked Questions about CASL
Information Bulletin - Guidelines on the Commission's Approach to Section 9 of CASL
- Date modified: