Online Threats: Spam and Phishing
Spam:
- is unsolicited commercial email;
- may contain advertising or offer products or services for sale;
- may contain a request for money;
- may try to trick you into giving the sender detailed financial or other personal information; or
- may contain malware designed to disrupt computer systems; which will download itself onto your computer, causing damage or accessing your files without your knowledge.
With the rise of computer use worldwide, spam has become a very significant social and economic issue. It overloads bandwidths, creates problems with servers, affects the productivity of business and puts individual privacy and the security of personal information at risk. Unsolicited commercial email is more than an annoyance, it is a delivery system for electronic harms – phishing scams, viruses, and spyware.
Spam – the Harm: Identity Theft, Computer Damage, Loss of Control
Phishing is one way in which criminals try to trick you into disclosing your personal financial information. Phishing is accomplished by sending you an email that looks like it came from a legitimate source, such as your bank or other business. The message in the email may say that there has been some sort of problem with your account and will ask you to update or re-start your account by clicking on a link. The link may take you to another site, which also looks legitimate but which is actually fake. There, you may be asked to provide detailed personal information such as account numbers and codes. In this way, you are tricked into giving out your personal financial information, which can then be used by the fraudster for identity theft.
Other times, you might get an email which downloads a computer virus, a Trojan horse (a program which purports to do one thing but actually does another), spyware or other malware (software with a malicious purpose) onto your system. This malware could permit your computer to be secretly used by criminals to route their communications through your computer – all without your knowledge. Or it could send personal information to the criminals, or allow them to access your files.
Although the Task Force on Spam issued its report in May, 2005, no law has yet been enacted to deal with spam. The report contained wide-ranging recommendations including more rigorous law enforcement, increased public education, improved policy development and planning.
In February 2009, an Anti-Spam Bill was introduced in the Canadian Senate. Although Bills introduced into the Senate rarely become law, there is hope among some experts that the mere introduction of the Bill will stimulate discussion and encourage the government to move forward with a new law:
Is Spam Illegal?
There is no law in Canada that specifically applies to unsolicited commercial email. Although sending spam is not specifically illegal, many of the activities spammers engage in are not allowed. For instance, you are not allowed to use an individual’s work contact information to send unsolicited commercial email for purposes not related to the individual’s job function or the employer’s business.
You are also not allowed to use personal contact information without consent, so if you receive spam at your home email address you can complain to a Privacy Commissioner. Furthermore, laws related to fraud, misrepresentation, unfair and deceptive trade practices, invasion of privacy or criminal activities may be applicable, depending on the content of the spam email.
How Can You Protect Yourself From Spam?
Never reply to spam. The simplest and most important method of protecting yourself from spam is to just delete it without opening the email. Do not open emails from sources you don`t know. If you open an email and discover it is unsolicited commercial email, do not reply.
Legitimate businesses never send emails to their customers requesting sensitive personal information. If you receive an email claiming to be from a company you’ve done business with and it asks you to provide personal information by email, do not reply to it.
Instead, contact the company by phone using the number listed in the phone book. Do not use any number for the company that is provided in the email (if the email is a fraud, the phone number will be too). Tell the company about the email, so they can take steps to stop the spam and warn the public. It is very important to protect your computer by using security software and firewalls. You may also wish to have two or more email addresses: one for your trusted personal or business contacts, the others for other online users.