Canada’s Anti-Spam
Legislation (CASL)

Actions carried out by the CRTC between
October 1, 2023 and March 31, 2024

View previous time period

Enforcement Highlights

The CRTC protects consumers and businesses from the misuse of digital technology, including spam and other electronic threats and helps businesses stay competitive in a global, digital marketplace. In October 2023, the CRTC’s Chief Compliance and Enforcement Officer published details regarding an investigation into a high-volume phishing campaign, and the issuing of a penalty of $40,000 to Sami Medouni, a resident of Quebec, for his role in the campaign.

The CRTC launched its investigation after being alerted by a phone company about a potential scam affecting their customers. The investigation found that between December 22, 2020 and January 14, 2021, Mr. Medouni used fraudulently obtained telephone numbers to send over 30,000 phishing text messages to Canadians.

The phishing text messages were sent to individuals without consent from fraudulently obtained phone numbers, and they mimicked well-known brands to obtain personal data including credit card numbers, banking credentials and other sensitive information.

Consult the news release

These phishing scams are not only a nuisance for Canadians, but they also put our personal and financial information at risk. The CRTC will continue to investigate possible violations that target Canadians.

- Steven Harroun, Chief Compliance and Enforcement Officer, CRTC

Regulatory Highlights

In November, the CRTC issued a publication to help parties understand the Compliance and Enforcement review process. This information package explains to parties how these types of proceedings unfold, and how to best participate for violations under the CRTC’s legislative authorities.

When it comes to CASL violations, this package is particularly useful if a party has been the subject of a CRTC enforcement action and would like to have it adjudicated by the CRTC. Enforcement actions can include preservation demands, notices of violations, and notices to produce. While parties can apply to this review process, there is an expectation that the application to do should be well supported.

Additional details can be found in the Information Bulletin on the CRTC’s practices in Compliance and Enforcement review proceedings.

Scam Alerts and Highlights

A QR code or a “quick response” code, is a type of barcode that stores information, most commonly hyperlinks, to allow quick navigation by consumers to web pages. The CRTC notes that QR codes are being reported by different organizations as a growing way to hide malicious URLs.

As such, the CRTC has recently implemented a content verification tool to detect QR codes in the spam Canadians submit to the Spam Reporting Center (SRC). This has allowed the CRTC to detect 432 QR codes associated with complaints submitted by Canadians. Of these, 49 are confirmed threats by Google Safebrowsing.

The CRTC continuously monitors the complaints submitted by Canadians to the SRC. Of note in the last 6 months, complaints have mentioned themed scams that contained malicious Excel spreadsheet and compressed file attachments. Canadians must be careful because if opened, these types of infected links can lead to the malware, spyware, and viruses being installed onto their computers.

Canadians are encouraged to follow the CRTC’s Twitter and Facebook accounts for alerts on emerging phishing and scam campaigns that are continually popping up.

During the month of December, the CRTC ran a social media campaign warning Canadians to stay vigilant during the holiday season. Typically, scammers try to capitalize at this time of the year to trick Canadians into clicking on malicious links and sharing sensitive information. The CRTC’s campaign provided Canadians with some tips and tricks to help them spot these tactics.

The CRTC reminds Canadians to continue to stay vigilant and to help us by reporting spam messages at spam@fightspam.gc.ca or using the online form.

Payments and Penalties Under CASL

Since CASL came into force in 2014, enforcement efforts have resulted in over $3.2 million issued in administrative monetary penaltiesfootnote 1.

Enforcement Measures

Enforcement measures infographic
Long description:
  • 63 Notices to Produce
  • 1 Preservation Demand

Complaints to the Spam Reporting Centre (SRC)

Canadian complaints are an essential part of the intelligence the Spam Reporting Center (SRC) gathers on spam and electronic threats.

Between October 1, 2023 and March 31, 2024

Over 216,900 complaints were received by the Spam Reporting Centre.

Over 216,800 complaints were received by the Spam Reporting Centre.

That’s 8,338 per week.

Approximately 4,705 of these complaints were submitted using the online form, which represents only about 2.0% of total complaints. The remainder of the complaints were sent by email at spam@fightspam.gc.ca.

It is helpful to use the SRC’s online form since it provide as much information as possible about potential CASL violations.

The CRTC encourages Canadians to also report spam SMS to the SRC.

Sources of spam (reported through online form)

Sources of spam chart
Sources of spam legend
Long description:
  • Email: 75%
  • Text message (SMS): 22%
  • Instant message (IM): 2%
  • Unspecified: 1%

SMS spam (reported through online form)

SMS spam chart
SMS spam legend
Long description:
  • Phishing: 45%
  • Commercial: 22%
  • Other/Unknown: 16%
  • Scams: 13%
  • Political SMS (CASL-exempt): 3%

Reasons why Canadians complain

Reasons why Canadians complain chart
Long description:

Complaint reasons and percentages

  • Lack of consent: 54%
  • Indentification of sender: 17%
  • Deceptive Marketing Practices: 17%
  • Other: 10%
  • Software and malware: 2%

Per month break down of complaints

Complaints about consent chart
Complaints about consent chart legend

Note: Statistics derived from spam reports filed through the SRC online form.

Long description:
Table 1
Year Other Consent for messages Identification of sender Deceptive Marketing Practices Software and malware Grand Total
2023-10 113 678 183 197 25 1196
2023-11 111 638 159 166 10 1084
2023-12 98 555 167 160 14 994
2024-1 139 613 243 239 16 1250
2024-2 132 656 226 226 13 1253
2024-3 118 651 225 205 20 1219
Grand Total 711 3791 1203 1193 98 6996

Top 5 commercial and affiliate marketing complaints

Graphic of the top five categories of affiliate marketing messages

The top five categories of commercial and affiliate marketing messages reported to the SRC relate to:

  1. Online Shopping
  2. Business to Business
  3. Food, Drug and Health
  4. Software and Technology
  5. Leisure and Gambling

Note: Statistics are derived from spam reports filed through the SRC online form.

Canadians can follow the CRTC’s X (Twitter) and Facebook accounts for alerts on emerging phishing and scam campaigns that are continually popping up.

Top 5 Phishing and Scam Complaints

Graphic of the top 5 Phishing and Scam Complaints

The top five categories of Phishing and Scam Complaints reported to the SRC are:

  1. Private Company Impersonation
  2. Government Impersonation
  3. Employment Scams
  4. Advanced Fee Scams
  5. Bank Impersonation

Note: Statistics are derived from spam reports filed through the SRC online form.


Outreach and engagement activities are a critical means to help educate legitimate businesses, including marketers, email senders, and other small and medium businesses, about their obligations under CASL.

CRTC’s Compliance and Enforcement staff took part in 4 engagement activities with various companies, associations and organizations to raise awareness about the application of CASL to unsolicited communications. In addition, Steven Harroun, the CRTC’s Chief Compliance and Enforcement Officer (CCEO) presented before the Standing Committee on Access to Information, Privacy and Ethics. The speech outlined how the CRTC is part of a larger federal government effort to protect Canadians from spam, malware, phishing, and other electronic threats. And that CASL authorizes the CRTC’s investigators to request warrants from the courts to examine computers and other electronic devices when necessary, including with the use of digital forensic tools. That said, the CCEO stressed that the CRTC takes the use of digital forensics tools very seriously and that follows strict legislative and judicial parameters when using these tools.

Fraud Prevention Month is an annual campaign that seeks to help Canadians recognize, reject and report fraud. In February and March, the CRTC promoted Fraud Prevention Month by highlighting a “scam of the week” on X and Facebook. In its messages, the CRTC reminded Canadians that phishing scams often come disguised as emails, or SMS messages. And the CRTC provided tips to Canadians such as always double-checking the sender’s address and keeping security software up to date to help avoid being caught by a scam.

Collaboration with International Partners

The CRTC works with members from over 26 countries to fulfill its mandate, to promote international cooperation and address problems relating to spam and unsolicited communication.

Agreements with International Partners world map
Long description:

Canada (CA)

Memorandum of Understanding:

Enforcement Collaboration:

United States (US)

Memorandum of Understanding:

Enforcement Collaboration:

United Kingdom (UK)

Memorandum of Understanding:

Information Commissioner’s Office (ICO)

Japan (JP)

Memorandum of Understanding:

Ministry of Internal Affairs and Communications

Australia (AU)

Memorandum of Understanding:

Australian Communications and Media Authority (ACMA)

Enforcement Collaboration:

Australian Federal Police (AFP)

New Zealand (NZ)

Memorandum of Understanding:

Department of Internal Affairs (DIA)

Useful Resources


Are you still receiving spam?

Report it and we’ll have a look.

Did you find what you were looking for?

Yes No
Date modified: