Cybersecurity month banner
Government of Canada

Oct. 25, 2022

Cybersecurity Awareness Month: What legal actions can you take against a phisher?

Professor Emily Laidlaw explains

According to the Government of Canada, phishing is the fourth most common scam in Canada. If you participate in any type of online activity, you’ve probably received a phishing method at some point.

But are there any legal actions you can take if you’re a victim of phishing?

Professor Emily Laidlaw

Professor Emily Laidlaw is the Canada Research Chair in Cybersecurity Law

According to Dr. Emily Laidlaw, a professor at UCalgary Law and a Canada Research Chair in Cybersecurity, legal action against phishers is difficult simply due to the nature of the crime. Cyber criminals are hard to find, and if you can’t figure out who the culprit is, you can’t charge them with a crime.

“There are certainly cases of individuals convicted for fraud for sending phishing messages, usually for luring people to send money. Those cases are rare, and the best actions to take if you’re a victim of phishing is to contain the damage,” explains Laidlaw. “If you’re at work, contact your IT department. If there is money involved, contact your bank. Also contact the police to let them know it happened, as you’re likely not the only person who is a victim of the crime. The thing to remember is that we are all vulnerable to phishing attacks.”

If you’ve been phished, it is also a good idea to contact the Canadian Radio-television and Telecommunications Commission (CRTC), as the phishing message could be considered an unsolicited commercial message and subject to Canada’s anti-spam law.

If a cyber criminal can be found, how does the law deal with them?

“Cyber criminals are mostly dealt with through the criminal justice system,” says Laidlaw. “There are a variety of offences in the Criminal Code that cover phishing, hacking, distribution of malware, denial-of-service attacks and identity theft.”

Learn more about Cybersecurity Month