Email Spoofing

There seems to be a proliferation of email & sms spoofing sites on the web, most of which are based outside of North America. These  sites, often conveyed as a novelty item, permit users to fill in a form that enables them to send a message that appears to be originating from the person of their choosing.

Spoofing is defined by the RCMP to be the “Modification of identification or authentication information to mislead the reader on the true identity of the originator”

The Canadian Criminal Code does not specifically define Spoofing, but it would most certainly fall under what it calls Identity Fraud or Personation. These type of offences fall under fairly recent legislation which was introduced by bill C-28 in 2009.

What are the criminal implications of such activity? Section 403 of the Canadian Criminal Code states the following:

403. (1) Everyone commits an offence who fraudulently personates another person, living or dead,

(a) with intent to gain advantage for themselves or another person;

(b) with intent to obtain any property or an interest in any property;

(c) with intent to cause disadvantage to the person being personated or another person; or

(d) with intent to avoid arrest or prosecution or to obstruct, pervert or defeat the course of justice.


(2) For the purposes of subsection (1), personating a person includes pretending to be the person or using the person’s identity information — whether by itself or in combination with identity information pertaining to any person — as if it pertains to the person using it.


(3) Everyone who commits an offence under subsection (1)

(a) is guilty of an indictable offence and liable to imprisonment for a term of not more than 10 years; or

(b) is guilty of an offence punishable on summary conviction.

To illustrate,  someone who sends an email pretending to be a bank requesting financial information would most likely be violating  section 403 a) or b).

A  job candidate fooling another competing job candidate into thinking that his job interview has been rescheduled would be committing the offence under 403 c).

Clearly, the main objective of section 403 is to criminalize the offences  aimed at securing property or an interest in property. This however doesn’t preclude other circumstances that could fall within the set definitions.

For the time being, there is very little case law for this category of offence. Tracing the fraudulent senders IP address may be quite challenging for the investigating authorities. Jurisdictional hurdles , lacking technical expertise and shortage of time might partly explain it.


You May Also Like