Royal Canadian Mounted Police
Symbol of the Government of Canada

Common menu bar links

Internet Security

An increasing number of Canadian families have access to Internet. When used with caution, cyberspace is an extraordinary communication and information medium. However, surfing the Net involves certain risks. The Internet is a network of millions of interconnected computers. Unlike a TV set, the computer provides for two-way communication. In other words, when you connect to another computer, not only do you receive information, but you also transmit data!

It is important to understand that today almost any "traditional" crime can be committed with the help of technology. Those who are victims of cybercrimes must understand that they have the same recourse than if the offence had been committed without the use of technology. For example, a death threat made by e-mail or text message must be treated in the same way as a death threat made verbally.

Furthermore, the Internet is a worldwide network that is not yet regulated like radio or television. For instance, what is illegal in Canada can be perfectly legal in another country. However, as Canadian citizens, we have to abide by the laws of our country.

In short, jurisdiction on the Internet is a complex issue. For this reason, the saying, “An ounce of prevention is worth a pound of cure” takes its full meaning when you surf the Net.

Major Internet Risks and Problems

Protect Yourself!

Here are three basic precautions you should take in order to surf the Net in a more secure manner:

  • Make regular updates of your computer system (software, operating system, etc.).
  • Get a good anti-virus software and update it regularly.
  • Get a good firewall and update it regularly.


  • Pick secure passwords.
  • Regularly save your data to avoid losing it.
  • Consumers beware when buying on line. Take the same precautions as for traditional transactions.
  • Supervise your children when they surf the Net. Do not set up a computer in your child’s room but rather in a family room.

Hackers and malicious logic


Hacking is the process of gaining unauthorized access to a computer system. There are many ways this can be accomplished, but the three most common are:

  1. Exploiting preexisting bugs in the target system software to gain access.
  2. Taking advantage of a system's poorly configured software security protocols to gain access.
  3. Installing a Trojan horse program which, when executed by a user of the target system, provides a back door thus permitting the hacker to enter.


A computer virus is a small piece of software that attaches itself to other computer programs. Every time the program is run, the virus is run too, which can cause damage to your system (such as erasing your hard drive). Viruses also replicate when the program is executed, thus spreading to your computer hard drive and other storage media such as USB keys or external hard drives. Sending these executable files by e-mail can also infect other computers.


A worm is a self-replicating program that resides in memory (RAM) and in most cases does not alter files on the hard drive. It propagates by sending itself to other computers in a network. The network could be internal, such as in a company, or it could be the Internet itself. Unlike viruses, a worm is a separate entity, it does not attach itself to other files or programs. One of the ways a worm can spread is by sending itself to everyone in your e-mail program's address book.

Worms, such as Code Red and Code Red II, cause millions of dollars in damage by consuming system resources and overwhelming the Internet. When parts of the Internet go down, millions in revenue are lost. Even ordinary citizens can feel the effects of a worm as it eats up their system's resources and slows down their computer.

Trojan Horses

A Trojan horse is a malicious computer program that disguises itself by pretending or appearing to be something that is benign. Trojan horses can pretend to be a game or just about any program found as an e-mail attachment. A Trojan horse is an executable file, meaning that when you double click on it, for example, it will run the program. Some possible file extensions for executable files are: exe, bat, pif, com, vbs. Beware of double extensions such as photo.jpg.exe which may appear to be an image file, but instead is an executable program. By default, Windows hides extensions, so this file would appear as "photo.jpg", a popular type of image file.

A Trojan horse, once executed, can destroy files or open up a "backdoor" to your computer, allowing someone to enter and control your system. They can copy and delete files or use your computer as a stepping stone to hack other computers. They can even watch you via your Web cam!

  • Update your operating system regularly (Windows 7, Vista, XP, etc.) to reduce the number of vulnerabilities.
  • Install a personal firewall that closes all ports of entry into and out of your computer, except for the few that you really need. Your computer has 65,536 ports (like doors, they are the only way to enter your computer), of which you probably only use about five (5). A firewall closes all the doors you don't need thus minimizing the chances of a hacker entering. Updating the firewall is also important.
  • Install an anti-virus software and update it regularly. Antivirus software does not detect all malware, but they can stop many of them.
  • Never run suspicious executable programs. Some anti-virus software will even warn you if these files have already caused problems to other uses.
  • Be aware of suspicious e-mails sent by anyone you know. Delete them immediately without opening them. Do not open e-mails coming from unknown sources and, most importantly, never open the attachments to these e-mails.
  • Make sure you use good passwords (at least 8 characters, not a word in the dictionary, using capitals and non capitals, numbers and symbols). Change your password regularly is also a very good resolution.

Offensive and inappropriate material

Child Pornography

Child pornography is a criminal offence under section 163.1 of the Canadian Criminal Code.

Making, distributing and possessing child pornography are criminal offences. It is important to distinguish this type of pornography with pornographic sites or advertisement. There are thousands of Web sites featuring pornographic advertisement and, although this is a shame, these sites may not be illegal as such.

  • Install software specifically designed to restrict access to certain sites and "block out" offensive material on the Internet.
  • Visit the Web site Canada's national tipline for reporting the online sexual exploitation of children.
  • Contact your local police service. If necessary, they will redirect your call to the Sûreté du Québec.

Bomb Making Sites

It is currently not illegal to post instructions on bomb making or other similar criminal acts on the Internet, and in fact, "how to" guides for the manufacture of explosives are readily available in bookstores and public libraries.

The manufacture of any explosive device, apart from being extremely dangerous, is also illegal. Any person caught with such material can be charged under section 82 of the Criminal Code of Canada - “possession of explosive substances” or one of the related sections. Inciting anyone to build or use such a device is also illegal, and the person aiding anyone in the construction or the use of such a device is party to the offence and therefore could be liable to the same charges as the bomb maker.

  • Do not allow your children to use the Internet unsupervised as there are any number of sites that contain offensive or dangerous materials on the Web.
  • Do not post any such material on your Web site as you may become criminally or civilly liable if someone uses this information to commit a criminal act.
  • If you become aware of someone attempting to use this information, please report them to your local police.

Traditional offences


Intimidation is a criminal offence under section 423(1) of theCanadian Criminal Code.

Cyberbullying is a growing phenomenon. Internet, with all the services it offers, is a great communication tool. It allows us to communicate through e-mail, Web site, test messages, chat rooms, social networks and discussion forums. However, some people make inappropriate use of these tools. While the Canadian Criminal Code does not include a specific section on cyberbullying, section 423(1) will apply since it encompasses all means, including the Internet, that can be used for intimidation purposes. In short, the advent of technology allows bullies to remain anonymous so they can act as they please. This phenomenon is growing and has devastating consequences for the victims. Cyberbullying can result in a loss of self-esteem and isolation. Worse, it can lead to depression and, in some cases, to suicide.

  • Keep your personal information to yourself: your phone numbers (home and cell), your name on instant messaging system or your e-mail address.
  • Discuss bullying with your children. Children are often victim of bullying at school or in other social situations.
  • Assert yourself! When you observe a bullying situation on the Internet, do not hesitate to talk about it and take action to fight it. 
What to do if you are victim of cyberbullying
  • Save all the messages.
  • Block the originator’s messages. Never reply to these messages.
  • Quit the place of the discussion or end the situation immediately.
  • Talk to someone you trust. If you are a minor, talk to an adult.
  • Contact your local police service if you want to file a complaint.

Criminal Harassment and Threats of all Kind

People sometimes refer to criminal harassment and other similar types of behavior as online predators, child predators, harassment or criminal harassment. For our purposes we will refer to this type of behavior in an online criminal harassment. Online criminal harassment generally refers to the use of repeated electronic communications to cause another person to feel like they or a member of their family is being threatened. The legal definition of harassment, according to Black's Law Dictionary, is:

"A course of conduct directed at a specific person that causes substantial emotional distress in such person and serves no legitimate purpose" or "Words, gestures, and actions which tend to annoy, alarm and abuse (verbally) another person."

The Canadian Criminal Code section that applies to cyber stalking is section 264(1) criminal harassment, and would in most cases be the mandate of the local police force in your city or town to enforce.

Harassment is not:
  • Someone sending you one e-mail or instant message even if it contains obscene comments, pornographic photo attachments, or a virus though they may be separate criminal offence of corrupting morals under section 163 of the Canadian Criminal Code or related sections which refer to child pornography.
  • Comment made about you on a public forum (or on someone else's web site) unless the statements are libelous (injuring the reputation of a person or company) in which case the person or company that published them may be guilty of defamatory libel under section 298 of the Canadian Criminal Code.
  • A threat made against you or another family to cause death or bodily harm, to damage or destroy your personal property, or to poison kill or injure an animal that is the property of a person. This would be an offence under section 264.1(1) of the Canadian Criminal Code - Uttering threats.
  • Spam. If you're online, you have to learn to live with junk e-mail from companies offering all sorts of things to make quick money. There is nothing criminal about sending advertising via e-mail which is what Spam is, however, some of the products you may be offered are not available or may be illegal in Canada. There are things you can do to reduce the amount of spam you receive, but it will never go away completely. Please refer to the section on unsolicited e-mail.
  • All cases of child pornography, defamatory libel or threats should be reported to your local police department.

Identity theft

Identity theft means deliberately assuming someone’s identity, without his/her consent, generally for the purpose of committing fraud. The applicable sections of the Canadian Criminal Code are:

  • Theft from mail (section 356)
  • Theft, forgery, etc., of credit card (section 342)
  • Identity fraud (fraudulently personating another person) (section 403)

The advent of technology has made it increasingly easy to access and find personal information on the Net. Social networks are a good example of this.  Access, communication and use of your personnel information on the Internet are protected by the Personal Information Protection and Electronic Documents Act. However, not everyone takes the necessary precautions to protect their personal information. The multitude of search tools developed over the years could certainly help ill-intentioned individuals to find other information about you. For example, with your name, it is possible to find your e-mail, address and phone number depending on your level of activity online. This could make those who give too much information in their social network account more vulnerable. Often, this type of information will allow an ill-intentioned individual to order and use a credit card under your name. Among the information used to steal your identity are:

  • Name, first name, address and birth date
  • Password
  • Age and sex
  • Occupation
  • Social insurance number
  • Personal identification number (PIN)
  • Debit and credit card numbers
  • Monitor your younger children when they use the computer. They can easily learn how to use social networks and, unknowingly, disclose personal information. This could make the child, and his/her family, vulnerable to identify theft.
  • Format your old hard drives before disposing of them.
  • Beware of the information you disclose about yourself on social network sites and chat rooms. Some ill-intentioned individuals are very good at manipulating people to get a maximum of information from them. They then use this information to commit fraudulent acts against you, without your knowledge.

Internet Sales Fraud

E-commerce is a growing business. For instance, many Internet sites offer to sell or buy products and services. However, a number of Internet users are defrauded by people who take their money without sending the goods that have been paid for. In 2002 alone, the FBI’s Internet Fraud Complaint Center (IFCC) referred some 50,000 complaints for fraud to police agencies having jurisdiction. Many of the complaints dealt with fraud through online auction sites.

Some companies on the Internet will send the goods, but these are poor quality or even counterfeit. Online medications, such as Viagra, are an example of this. Sometimes the pills contain only sugar or they may contain chemical substances that are harmful to health. For these reasons, if you develop a health problem, you should see a doctor as quickly as possible to get the prescription you need.

  • When you buy anything on the Web, especially on online auction sites, go through a company acting as escrow (reliable third party). An escrow service acts as a third party which holds the buyers’ money until they have received the merchandise. The buyer then notifies the escrow service that they can release the funds to the seller. Since the buyer pays minimal fees for this service, a host seller should never refuse to use it. Some online auction sites offer their own escrow-type service.
  • Inquire about the policy of the site through which you make your transactions. But be careful! There are many reliable escrow-type companies, but you will also find a number of fraudulent services of this nature which simply pocket the money. Make sure to do business with a recognized company. If you have any doubt concerning an escrow service, switch!
  • On the other hand, please note that some online commerce sites offer a free dispute resolution service for conflicts between sellers and buyers, along with a fraud protection service. Check the policy of the Web site you use to do business.
  • Do not buy medications online.
What to do if you are victim of sales fraud
  • In Quebec, Royal Canadian Mounted Police Commercial Fraud sections do not investigate frauds against the general public unless they are major frauds that are national or international in scope, like fraudulent telemarketing. Since Internet fraud is a “traditional” offence that is committed using electronic communication means, the RCMP is of the opinion that these investigations come within the purview of local police departments. You should therefore contact your local police service.
  • If you fear that you have been the victim of telemarketing fraud, either by mail or e-mail, we suggest that you file a complaint with the Canadian Anti-Fraud Centre (formerly called Phonebusters).
  • If you live outside Canada, please contact your local police department which will make a formal request for assistance to the RCMP or the police agency having jurisdiction, as applicable. If you live in the United States, you can file a complaint with the Internet Fraud Complaint CenterExternal link, Opens in a new window (IFCC).

Telemarketing (Nigerian scam and others)

Fraud letters from Nigeria (and other African countries) is a type of scam that has been around for a number of years. Businesses, educational institutions and government departments were originally the prime targets of electronic messages bearing the promise of substantial amounts of money from alleged government or company officials in Nigeria. The general public is now also targeted, and thousands of people like you receive similar e-mail messages in their personal mail boxes. In some cases, con artists even send stolen or forged cheques to their victims. This scam can also be done by phone and from many countries. In addition to money you can be asked for confidential information against the promise of profits.


Sales Pyramid/Chain Letters

The pyramid scheme is a business opportunity whose main focus is on recruiting an increasing number of investors. A pyramid can appear similar to an MLM (Multilevel Marketing), which is where a company recruits people to sell their products and, if these new salespeople recruit more salespeople, they will get a percentage of their sales. MLMs are legal in Canada, whereas pyramids are not. The pyramid scheme focuses on getting money from the recruits not selling products, which is what differentiates them from an MLM. With a pyramid, recruits will be required to invest large sums of money (e.g. inventory fees) up front, whereas an MLM will never have large start-up costs. MLM profits are based on product sales, not recruit investment fees.

Inevitably, all pyramids will collapse which means that all the people who invested last lose their money. So beware! Be careful if you are contacted (by phone or e-mail) to ask you to invest in a business and advise you to recruit people to have them invest as well.

  • Since criminal activities conducted via the Internet are in fact traditional crimes that are committed through the use of an electronic communication device, municipal police departments are responsible for investigating such cases. You should therefore file a complaint with your local police service if you are approached by what looks like a pyramidal organization.

Long Distance Phone Bill

Some people have received large long distance telephone bills to exotic locations which they don't recall making. Upon receiving the bill, these people realize that they were surfing the Internet at the time of these telephone calls. They don't understand how their computer could have made a long distance phone call when it was connected to their local Internet Service Provider. This issue, which occurs strictly with entertainment Web sites (mostly adult entertainment sites, but also sites involving gambling, psychic services and travel deals), is becoming more and more problematic due in large part to the fact that one does not realize what is happening until it is too late.

Some entertainment Web sites include a link that you have to click on if you wish to continue viewing the site. By clicking the link, your computer downloads a program that alters your Internet dial-up properties so that instead of calling your local ISP (Internet Service Provider), you connect to an ISP located far away (like Africa for example), thus incurring expensive long distance charges. Since you reconnect to an ISP in Africa, you continue surfing the Net as you normally would. Usually, the victim has to accept a disclaimer or licence agreement before the program is installed. The disclaimer can be a part of the downloaded program or part of the Web site you were visiting. Most people, however, don't bother reading the fine print and agree to pay the costs without realizing the ramifications of their actions.

Who profits from this dubious activity? The answer is not a simple one. This is how it works: the owner of an entertainment Web site sets up an ISP in Africa. He then makes a deal with a local African telephone company to receive a percentage of the profits for connecting the calls to their ISP telephone number. Upon receipt of the telephone bill, the victim is obliged to pay the local telephone provider the total amount because the victim accepted the disclaimer agreement, whether knowingly or not.

This problem mainly affects Internet users with dial-up connections. However, users with high-speed connections can be vulnerable as well. There have been cases where suspicious web sites have asked people to dial a long distance phone number to obtain a password which will allow them to continue viewing the site. They ask the victim to not hang up the phone until they are done viewing the site or else the Internet connection will be cut. Beware that as long as your phone is connected to this long distance number, you will incur long distance charges on your phone bill. Calls to some countries can cost several dollars per minute regardless of your long distance phone plan.

For more information on this type of fraud, please visit the Web site of the Union des consommateurs (French only).


  • Do not download and execute programs from anywhere and anyone you do not trust.
  • Read all disclaimers and user agreements carefully.
  • Install an anti-virus software and update it regularly.
  • Install a firewall software and update it regularly.
  • Install an anti-spyware able to eliminate some automatic dialling program, and update it regularly.
  • Contact the Canadian Anti-Fraud Centre.

Unsolicited E-mails and the Protection of Privacy


The massive distribution of unsolicited messages by people or companies is a technique known as “spam” or “spamming”. Most of the time, these messages have an advertisement or pornographic content. To obtain lists of electronic addresses these people or companies consult newsgroups, purchase e-mail lists, and surf the Net.

Even though this technique is deplorable, it is not illegal as such and it is extremely difficult to control. However, you can take some basic precautions to cut down on the number of spams you receive and, at the same time, on phishing attempts.


Phishing is the process of sending spam messages, the content of which appears to come from a legitimate institution and asks you to provide your personal account information. Of course, it’s a scam.

Therefore, beware of all e-mail messages pretending to be from your bank, paypal or e-Bay accounts. Cases have been reported where individuals have received e-mail from what appeared to be their bank asking them to click on a link included in the message. The content of the message stated that by clicking on the link you would be directed to the bank’s home page, where you could log onto your on-line banking account, thus allowing the bank to confirm your e-mail address, or to participate in a contest. If you click on the link, you are brought to a web site that appears to be your bank’s web site, but it is not. When you enter your personal information such as your debit card number and password, this information is immediately sent to the perpetrators of this fraud. Canadian banks do not send e-mail to customers requesting them to provide account information.

Recommendations against spamming and phishing
  • Do not give your e-mail address on the Web. Use an alias e-mail address (other than your personal address).
  • Avoid opening unsolicited e-mail.
  • Do not reply to or forward "chain-letter" e-mail and do not forward these letters to others.
  • Even if an e-mail is from someone you know it is possible that his account was hacked. So if he asks you for personal information or money, contact him using another communication mean to validate the situation.
  • Most e-mail software offer the option to block originators or to automatically filter messages based on the correspondent’s e-mail address, key words used in the message and/or the title of the e-mail message. Do not hesitate to use this function.
  • Beware of the contents of e-mail messages circulating on Internet, especially those that invite you to invest money in a venture without any solicitation on your part and promise huge profits. When in doubt concerning the legal aspect of an investment proposal, always remember, "If it’s too good to be true, it probably is!"
  • If you receive any e-mail that requests personal information, for example from your bank, do not provide it on-line. Contact the institution by telephone using a phone number that you obtained via an independent source (ie. Not from the suspect e-mail!). If the bank did not send the e-mail, they will tell you and they will notify the authorities.
  • Do not click on the link that is embedded inside any e-mail of this type.
  • Most sites on which you enter personal information will have a secure connection indicated by a lock icon in the lower right corner. Make sure the lock is there.
What to do if you are victim of a phishing attempt
  • Visit the Web site Canadian Anti-Fraud Centre to find out what to do if you want to file a complaint. You can also contact the Centre by phone at 1-888-495-8501. If, however, you have already given your personal information, you should contact your local police service. Depending on the information you have provided, you should also cancel your debit and credit cards.


Spyware is software that gathers information about people without their knowledge. Generally speaking, it tracks your movements and habits on the Web and sends the information to advertising companies. They use the information to create marketing profiles thus helping them to market their products better. Spyware is sometimes included in free software (also known as shareware) that is downloaded from the Internet. Often there are long licence agreements (which few people read) stating that you agree to the software gathering information about your habits and sending it back to the company's Web site. Spyware can also find its way onto your computer via a virus.

Cookies also gather personal information about a user, but they are not considered spyware because they are not hidden. Users can disallow cookies at any time if they choose to do so.

The use of spyware is common practice in informatics. Even though this practice is not highly appreciated, it is not illegal and software manufacturers do not, as a rule, have criminal intent. We suggest that you contact the manufacturer to express your apprehension and comments. If you are not satisfied with the manufacturer’s reply, you still have the option to not use the software. There still are basic precautions that you can take to avoid that your computer become infected by spyware. This will also reduce the number of pop-up ads you receive.

Pop-up Ads

Pop-up ads are those small windows containing advertisements that literally pop up during your Internet sessions. In some cases, closing the window results in the repeated opening of one or more advertisement boxes. These boxes often are generated when you are surfing a commercial site, but they can also be launched by spyware.

As a rule, these windows are perfectly harmless. However, most Web users find them annoying because they hamper their Web sessions. It is possible to reduce and even to eliminate these pop-up ads.

Recommendations against spyware and pop-up ads
  • Before installing free software, read the user agreement. It might make reference to a form of spyware or to the transmission of personal information.
  • When you install software obtained on the Internet, refuse that additional free programs be installed along with the software. Such programs rarely are absolutely necessary and they may conceal spyware.
  • Get an anti-spyware program. Some of these are offered for free on the Internet. This could also reduce the number of pop-up ads.
  • Get anti pop-up software which automatically closes these windows or boxes. Some of this software is available at no expense and can be downloaded from the Internet.
  • Get a browser that enables you to block pop-up ads.


Cookies are generally harmless pieces of information generated by a Web server and stored in the requesting user's computer. Cookies are stored to speed future access to the site making use of user-specific information transmitted to the Web to personalize a user's Web page. The storage and access of the cookies by servers are automatic and therefore generally unnoticed whenever a user requests a Web page.

The information contained in a cookie is text containing the user's preferences. The cookies are generally stored in a cookie folder by the browser so that they can be called up by the Web server whenever the user returns to the site.

Cookies are not a danger to your computer, they are information your Web browser uses to access Web sites. Cookies may, however, pose a threat to your privacy as they store your preferences and are accessible by all Web servers.

  • If you wish to stop your browser using cookies, most browsers give you the option of either warning about accepting a cookie or rejecting all cookies. Several privacy programs also are available on the Web that will keep your information private.

Child Luring through the Internet

The Internet is an extraordinary source of information and entertainment. Unfortunately, it also involves very real risks. Generally speaking, these risks are the same for grownups as for children but the latter are much more vulnerable.

In general terms, child luring through the Internet could be defined as adults aged 18 and more who attempt, through the Internet, to contact minors for the purpose of inciting them to have sexual contacts. Section 172.1 of the Canadian Criminal Code (Luring) is associated to this offence.

There are many ways to lure minors through the Internet. More particularly in chat rooms, nothing is easier than to pretend to be someone else. Some people take advantage of the relative anonymity offered by the Net to lie about their age, sex, occupation and... intentions. For instance, sexual predators and pedophiles regularly participate in chat room discussions to find their victims. Ripoff artists are also very common. In the last few years, social networks have become very important in the lives of youth. As with discussion forums, we have to be careful about the information we disclose. Youth may not always understand the consequences of their actions and the information disclosed may make it easier for predators to manipulate minors.  


  • You should always supervise your children as they surf the Net. Protection software is available that filters and blocks access to offensive sites. Browsers also offer some protection functions.
  • Install the computer in a room shared by all family members like the living room.
  • When you are not there, consider using a password to restrict access to the Internet. This allows for a better control by parents as they can monitor the activities of their children, especially if they are very young.
  • Identify specific periods of time during the day when your children are allowed to use the computer, and set a time limitation on their surfing sessions.
  • Ask yourself whether a child should take part in chat room discussions and use a Web cam.
  • Take time to discuss with your children the dangers associated with the Internet, stressing the risks involved in chat rooms. Set security rules (for instance, not to open attachments, never give personal information to anyone, etc.).
  • Take time to surf the Net with your children and to find out what they like!
  • If your child if victim of luring, make sure not to delete the contact or the conversations. Isolate the computer and call your local police service. It is important for the investigators to have access to all the information.

Safety tips intended for young Internet users

1) Unless you have your parents' or a teacher's permission:

  • Never give out your name, address, phone number or the name of your school on the Internet;
  • Never send your photo;
  • Never give out your e-mail address or your password;
  • Never give out information concerning your parents.

2) If you feel in danger or uncomfortable on a chat, e-mail or web site, log off the Internet right away and tell your parents or a teacher about it.

3) Never arrange a meeting with an acquaintance made on the Internet unless one of your parents will be present.

4) When participating in chats, newsgroups and forums, always use a nickname that does not reveal anything about you.

5) Never open e-mails, links, pictures or games if you do not know the source. If in doubt, ask an adult first.

6) Never make a purchase online without your parents' permission.

Useful sites concerning child safety: