Be diligent when dealing with spam

Revised: March 2020

Spam is unsolicited electronic communications, including email, text messages and messages you receive through social media. Canada's anti-spam legislation protects Canadians from the misuse of digital technology, including spam and other electronic threats.

Spam is often sent for commercial purposes. However, some spam can be malicious and may contain hidden computer viruses or other malicious software (malware).

On this page

• Common examples of spam
• Beware of malicious spam
• How to avoid being tricked
• Report fraud

Common examples of spam

Commercial spam may be unsolicited but it may not be malicious in nature. It is the electronic equivalent of the junk mail that sometimes clogs your mailbox. For example, you may receive unsolicited emails or other electronic messages from:

• marketers who have purchased an email list with your address on it
• real estate agents who copy your email address from a website where you listed your home for sale
• consulting services that contact you on social media to offer you a job
• educational services companies that get your work email from a public site and send you unsolicited emails about training programs
• retail stores where you may have given your email address in order to receive an electronic receipt, but the store sends you advertisements by email as well

How to manage spam

Most email providers have built-in filters that remove spam from incoming messages before it reaches your inbox. However, if you do find spam in your inbox, your email service should allow you to select the item and classify it as spam, which automatically moves it to your junk mail folder.

If you receive spam in the form of a text message on your phone, your mobile service provider may offer the option of blocking the phone number associated with the message. This will prevent spammers from messaging you from that phone number.

Beware of malicious spam

Although a lot of spam is simply a nuisance, some spam is designed to trick you into providing personal information to steal your money, your identity or both.

Spammers are very sophisticated. They use emails or other messages that look almost identical to those of banks, online payment systems and other reputable websites. They use familiar logos, contact information, etc. But these legitimate looking messages can link to phony sites or come with harmful attachments.

Here are some examples of how spam can be used to trick people into giving up personal, sensitive or financial information:

Phishing

Phishing generally refers to a specific type of attack. Spammers will try to impersonate a trusted brand or contact, someone from your financial institution or a potential employer. The goal is to get you to select a link, open an attachment, or provide personal or financial information.

In some cases, they may even try to impersonate a friend or family member through an email account. The emails may appear to be legitimate, as they seem to come from somebody you know. Still, their attachments or web links may be infected with a computer virus or contain a code that can track you online. Be cautious when selecting links or downloading attachments.

Charities

An increasingly common type of phishing involves electronic messages that appear to come from disaster-relief charities. They direct you to a phony website and ask you to make a credit card donation. Doing this may give fraudsters access to your accounts and your hard-earned money.

Spear phishing

Spear phishing is a variation of phishing where scammers target a specific individual. The scammer then uses the fake identity they have created of your friend or family member to ask you to send money or confidential information.

Financial scams

You could receive emails that appear to be from government departments or from a lawyer, claiming you have not correctly submitted documents that are required by law. Fraudsters tell you that you must pay a large financial penalty and ask for payment in the form of pre-paid credit cards, cryptocurrencies like Bitcoin or money transfers.

Sometimes, spammers send messages claiming you’re entitled to a big tax return that you weren’t expecting. If it sounds too good to be true, it probably is. The same goes for emails that claim you’ve won big money or are receiving a large inheritance from a family member you’ve never heard of.

Technical support scams

Another common scam involves messages claiming your computer has been infected by a virus and your personal information has been stolen. Fraudsters tell you that you need to supply personal or financial information to make things right.

How to avoid being tricked

It can be hard to tell sometimes if an email is legitimate. Before you do business with an organization or individual you have met online, be extra diligent in doing research on that organization or person. Do research online, and in the case of a company, call the Better Business Bureau and ask for references.

Easy ways to know you’ve received a malicious message is to keep in mind that major brands do not send emails that:

• are filled with typos and bad grammar
• offer unsolicited freebies
• ask you to click on links except to visit their website

Verify the sender

Always verify that the source of the electronic message is legitimate. If you can, look up the phone number for the organization or individual who sent you the message and call to ensure they actually sent it. This is especially important if you’re being asked to send a payment.

Call the company directly

If you receive any unusual bills, emergency notifications or requests for payment in relation to an account, contact the company directly using their main phone number. Don’t trust phone numbers or websites that you receive in an email. Following up with the company directly to confirm that the notification or request is legitimate is often the best way to avoid being scammed.

Check web links in messages

In the case of browser-based email, hover over the name of the sender to see that the name matches the email. On a phone or mobile device, select the sender’s name to call up their contact information. This will allow you to see the full email address.

Always check the full email address or URL. Are there extra numbers and letters you wouldn’t expect? If the address doesn’t look right, don’t follow the links or reply to the email!

If it is a scam, you will quickly notice that it’s not FirstNameLastName@gmail.com or offers@onlineretailer.com, as you were expecting, but rather something like FirstNameLastName12345@gmail.com or offers@onlineretailer.dealz.com. It will be just close enough to fool you, but definitely not the real thing. Be extra careful if the link is shortened using a service such as bit.ly.

Don’t reply to spam

Responding to spam only helps it thrive. The same goes for selecting website links contained in spam messages. By replying, you are confirming that your email address is live and in use. This information can be used for nefarious purposes. Moreover, the original spammer can profit further by reselling your address to other spammers.

If you get an automated message asking you to confirm receipt of a spam email, don’t respond. If your email application lets you set up auto-confirmation of such receipts, make sure to turn off this option.

Don’t share your email address

If possible, avoid sharing your email address online on websites, social media or blogs. Doing so can make your email address easy prey for harvesters who use computer software to troll the Internet for email addresses and then sell them to spammers.

Be conscientious at work

If you are at work, always confirm the legitimacy of any request you receive from executives or their staff by email or other electronic message. Your IT department may be able to help you determine if the request is legitimate.

If you’re being asked to send confidential information, were you asked to encrypt it or protect it in other ways? If not, it may be a scam.

Use security software

Make sure your devices are equipped with online security and privacy safeguards including firewalls and virus protection. Be sure to keep the software and operating systems on your devices up to date.

Report fraud

If you believe you have been a victim of a scam, contact your local police and report it to the Canadian Anti-Fraud Centre.

Consult the website www.fightspam.gc.ca for more information.