Identifying SPAMEnglish | Français
Many consumers receive legitimate messages about new products, special offers, warranties, subscription renewals, and newsletters via email and text. However, inboxes can also be filled with unsolicited sales pitches or promotions, false and misleading representations and shady offers, known as spam. These unwanted messages clog inboxes, waste time and can cause you to miss legitimate messages from reputable companies you may know or are already doing business with, but not all harmful or a cause for concern.
Under Canada's Anti-Spam Legislation (CASL), companies in Canada are not permitted to send email communications to you without your express or implied consent, except in certain limited cases. Companies that have your consent must provide you with a way to unsubscribe from further email communications if you wish.
CMA members agree to comply with the Canadian Marketing Code of Ethics and Standards which includes compliance with all applicable laws.
Below are some tips and flags to keep in mind.
- If you asked for the information, then it's not spam. Commercial are legitimate if the people receiving it asked to get the communication by signing up for 'news' or offers. When you receive the email or text, verify that the sender is legitimate. If you spot anything that is unusual, such as incorrect spelling, a clickable link to reset your account that you did not ask for or a logo that doesn't look legit, take precautions as outlined below.
- When friends or family forward an email and ask you to send it to others, the email is not spam even if it is unwanted. Use caution and if unsure, never hesitate to ask the sender if they did send the email. You can ask the sender not to forward those types of emails in the future.
- You could receive an email from an infected computer that sends spam emails to a person's contact list without them knowing. If you get a blank email or text message from a known individual, or one with a subject line that you suspect that individual would never write or is unusual (e.g.: sign up for this amazing offer today, reset your account, join me to play, is this accurate, help me do this today, confirm your attendance), contact them to confirm if they sent it. If they did not send it, do not click any links or open any attachments, delete it immediately.
- If you signed up to receive a newsletter and you no longer wish to receive it, the email is legitimate and not spam, unless you spot some of the previously flagged issues. Every legitimate organization will provide an easy way for you to be taken off their subscription list. Be cautious when unsubscribing to a newsletter from an unknown source, especially if the unsubscribe process involves requests for unnecessary additional information. Some spammers masquerade as newsletters with "unsubscribe information" that can serve to confirm that your email is valid and cause you to receive even more spam. If you are unsure, contact the company directly.
- Most organizations have rigorous filters to protect inboxes from spam on company devices, but some malicious spam can still make it through, so it’s important to always be vigilant. If you receive a message from a co-worker or colleague requesting your immediate help to access documents, confirm programs installed on your computer or apps you are using, make a payment or to provide information about staff, be cautious and report it immediately. Do not action, take the time to investigate.
Read more tips on how to protect your inbox and how to manage spam from the Office of the Privacy Commissioner of Canada.
A few common indicators of harmful spam are:
- Unsolicited message to confirm an account, pay an invoice, complete training, collect a refund or fix a "security issue".
- Urgent request that gives limited time for a response and prompts an immediate action. These messages can be made to appear as if they are being sent by a legitimate company like a financial or government institution, employer or known brand.
- Incorrect grammar or spelling.
- Subject line and content do not match.
- Suspicious attachments that may include .exe files.
- Requests for personal information or passwords.
- Offers that are too good to be true.
- Email domains that do not appear to be legitimate (e.g.: firstname.lastname@example.org), but the name may be accurate. In these cases, be wary of opening, replying, or even clicking the “unsubscribe” button, as this will notify the spammer of your receipt and that your email address is valid. This could lead to incessant and increasing attempts to send harmful spam which can infect your computer with malware and could lead to more scam attempts.
Approach any email that you receive from a person or organization that you have never heard of with caution as it may be harmful spam. Be especially wary about opening any attachments or clicking on any links from unknown senders as these can contain malware or spyware. If you have no knowledge of the sender and/or do not know why you are receiving the message from a known sender, it may be better to simply delete the email.
To learn more about fraud prevention and tips to protect yourself from scams, including those that occur by e-mail, click here.
The Competition Bureau’s Little Black Book of Scams, which is free to download, offers useful tips on ways to identify, avoid, and deal with a host of scams, including harmful and unwanted spam. Here is an excerpt about protecting yourself from harmful spam.
Don’t reply to harmful spam emails, even to unsubscribe, and do not click on any links or call any telephone number listed in a harmful spam email. Make sure you have current protective software or get advice from a computer specialist.
If an email or pop-up offers you a product or service that genuinely interests you and it seems reasonable, be sure that you understand all the terms and conditions and costs involved before making a purchase or providing your personal or financial information.
By opening this suspect email, will I risk the security of my computer? Are the contact details provided in the email correct? Telephone your bank or financial institution to ask whether the message you received is genuine.
Check out these other trusted resources: