The Canadian Radio-television and Telecommunications Commission (CRTC) has issued a $40,000 penalty to Sami Medouni, a Quebec resident, for his involvement in a large-scale phishing campaign.
The announcement was made by the CRTC’s Chief Compliance and Enforcement Officer, who detailed the findings of the investigation on Monday.
The probe began after an unnamed phone company alerted the CRTC about a potential scam targeting its customers. The investigation revealed that between December 22, 2020, and January 14, 2021, Medouni used fraudulently obtained telephone numbers to send over 30,000 phishing text messages to Canadians. These messages were sent without consent and impersonated well-known brands to collect personal data, including credit card numbers and banking credentials.
“These phishing scams are not only a nuisance for Canadians, but they also put our personal and financial information at risk. The CRTC will continue to investigate possible violations that target Canadians. As Cyber Security Awareness Month draws to a close, it is a good opportunity to remind Canadians to remain vigilant and report suspicious and spam activities,” said Steven Harroun, Chief Compliance and Enforcement Officer at the CRTC, in a statement.
The fine amount seems pretty small if you think about it, at about $1.33 per text message sent. I can only imagine the conversion rate on the phishing campaign that possibly saw a higher return than the penalty imposed. Let’s say he had a conservative 1% conversion rate of people falling victim to his scams, or about 300 people. If each person was scammed say, $500, that’s already $150,000 possibly made.
