Phishing Is: Definition, Types & Legal Sanctions

In the increasingly advanced digital era, cybercrime is becoming increasingly prevalent and lurking around people, one of which is Phishing. Phishing is one of the many virtual crimes that are often encountered today. Anyone can be a victim of phishing crimes. From internet users, companies, to business actors, they are very likely to be affected by phishing. This is what makes phishing a dangerous threat.

The next question is, what is phishing? What are the legal sanctions for this virtual crime? Let's see the full explanation in this article.

1. What is Phishing?

1.1 Definition of Phishing

Phishing is the theft of data for the benefit of certain parties. With the development of technology, there are new crimes that cannot be avoided. Phishing is an online crime method by carrying out data theft for certain purposes that are certainly detrimental to the victim. This crime aims to trick victims into giving personal information without them knowing it. The original word phishing is "fishing", which means fishing.

Phishing is a crime that can be committed in various ways. Because it happens online, Phishing is done on every social media platform a person has. Phishers disguise their identities as if they come from a valid source and indirectly persuade the victim to provide sensitive information, such as credit card numbers, ID card numbers, to passwords. This is what makes phishing a very dangerous crime.

Also Read: Money Laundering Is: Definition, Type, and How To Prevent

1.2 Example of Phishing Crimes in Indonesia

Phishing is a crime that can happen anytime and to anyone. One of the famous artists who has just been a victim of phishing is Baim Wong. Reported by detikhot, he admitted to being a victim of phishing through WhatsApp which caused him to lose millions of rupiah.

Through his social media, Baim Wong tells the chronology of his being a victim of Phishing. Baim Wong admitted that he received a message from a number he did not know who claimed to be a package courier. Because he felt he was indeed ordering goods online, he immediately clicked the following file. However, what appeared was only loading for a few moments. He ignored it because he had a lot of work to do.

However, a few days after the incident, Baim Wong saw a suspicious bank transfer notification. A number of money had apparently been transferred from one of his accounts to another account that he did not know. He immediately contacted the bank and blocked his account. Even so, he has lost millions of rupiah and has become a victim of Phishing.

1.3 History of Phishing

Around the mid-1990s, the term "phishing" began to emerge. This word comes from "fishing" which means "fishing". However, it is not fish that are caught, but the victim's important data. Similar to fishing, the success rate of phishing is quite high, reaching 74%, because the victims are not aware that they are being cheated.

In the 1990s, phishing was rampant on the popular messaging platform at the time, namely AOL. The perpetrators pretended to be AOL employees to trick victims into handing over their usernames and passwords.

Entering the 2000s, phishing began to enter the banking world. Many phishing emails circulated with the aim of tricking victims into providing their bank account details. Not long after, phishing also attacked various popular websites such as eBay and Google.

2. Characteristics of Phishing Crime Forms

Basically, phishing is a crime that is dangerous for your finances. So that you don't experience it, understand the following characteristics of phishing:

2.1 Using Unrecognized Emails

The first characteristic of phishing is using an unknown email address. Either you don't recognize the email, or the email used uses a domain that is unfamiliar and uncommon. Even in many cases, unknown people can suddenly send unfamiliar emails, links, and files. If you find the contents of the letter like the characteristics above, you should not do anything. Do not click anything from the message. If necessary, you can directly block the email sender's account and report it as a phishing action. Because basically, phishing is an action that must be reported.

2.2 Message Templates Look Like Official Messages

The second characteristic of phishing is the message template which is similar to the official site, especially in terms of design. Even so, the information in it is suspicious. Usually, websites that look official force users to click to get certain rewards. What you can do is don't immediately believe and check directly on the official website of the relevant institution. Don't forget to see the website or email domain.

2.3 Poor Spelling or Grammar

The next characteristic of phishing is poor grammar or spelling. In other cases, the email language is very foreign and cannot be discussed. This is certainly easy to avoid. If one day you receive an email with a foreign language, then be careful. Because phishing is a scam that can happen to anyone, including you. Don't let yourself get caught just because of curiosity.

2.4 Request for Personal Data

The next most dangerous characteristic of phishing is a request to access or write personal data from the user. Usually, the requested data is very personal, such as the CVV number on a credit card, date of birth, and so on. In many cases, many websites seem to ask for the username and password of your account. Therefore, it is important for you to double-check the official website and domain link of the message that wants to access your personal data.

2.5 Messages Containing Urgency or Threats

The fifth characteristic of phishing is messages that contain elements of urgency or threats. Phishing actors often use this tactic to make victims panic and act impulsively without thinking critically.

Examples of such messages are:

"Your account will be blocked in 24 hours if you don't click this link."

"Verify your personal data immediately to avoid misuse."

"You have won a prize! Click this link to claim it."

If you receive a message with words like the above, it is suspicious that it is phishing. Don't panic and don't click any links. First, check the authenticity of the message by contacting the relevant party through their official website.

2.6 Suspicious URLs Through Text Messages or Emails

The last characteristic of phishing is suspicious URLs in text messages or emails. Phishing actors often hide malicious URLs behind text that looks safe.

Here are some characteristics of suspicious URLs:

Having a domain that is different from the official website

Having a lot of strange characters like "https://www.abcklikdi.sini/login?id=123456"

Having an unusual ending like ".xyz", ".top", ".pw"

3. Types of Phishing

There are the most common types of phishing that befall people. These types of phishing include:

3.1 Deceptive Phishing

Deceptive phishing is a type of phishing or scam by sending emails on behalf of an institution that asks the victim to carry out several activities, for example: verifying account information, username and password information, requesting a password change, and making payment transactions. After the information is given or changed by the victim, the hacker will access it again without your knowledge. Then, he will use the information to gain profit.

3.2 Spear Phishing

Spear phishing is phishing that is carried out by sending emails to potential victims by pretending to be someone they can trust. The email contains a link that directs potential victims to a fake website full of malware or phishing sites. Phishing sites are scams that trick victims into using the site. The goal of this phishing is for the perpetrator to be able to steal sensitive information such as the victim's financial information and account credentials.

3.3 Smishing Phishing

Smishing phishing is phishing that is carried out through SMS or phone calls to obtain personal information. This type of phishing is easier to victimize because people tend to trust text messages or phone calls more than emails. In this phishing, the perpetrator will try to make the victim willing to follow what he says. The perpetrator usually gives instructions to the victim to do things that are detrimental, such as clicking links, mentioning account numbers, sending pulses, and so on.

3.4 Web Phishing

Web phishing is phishing that involves creating a website that resembles or even resembles the original website. The difference lies in the domain or website address which usually only has a slight difference, such as a different letter or domain name. Like adding letters at the end or letters that can be equated like the lowercase letter 'L' with the uppercase 'i'. In this phishing, the victim will be asked to enter personal information such as email and password as if the victim must log in.

3.5 Whale Phishing

Whale phishing is phishing that targets celebrities or well-known public figures who are known to be wealthy or powerful. Although the method used is similar to spear phishing, whale phishing is usually more organized and often carried out by a group of people who have been working together. This makes public figures have to be vigilant and protect themselves from harmful threats.

3.6 Vishing

Vishing is a type of phishing that uses phone calls to lure victims into providing personal or financial information they already possess. The term "Vishing" itself is a combination of voice and phishing. Typically, victims will be called, and the perpetrator will pretend to be a trusted source such as a credit card company, bank, or government agency. The perpetrator will use social engineering techniques to convince the victim there is an issue with their account or that they must take immediate action, such as transferring money, changing passwords, and so on. Once the victim is convinced, the perpetrator will request sensitive information such as bank account details, credit card numbers, and so forth.

4. Tips and Ways to Avoid Phishing

4.1 Handle Login Information Carefully

Handling login information carefully is crucial to prevent unauthorized access to your online accounts as your first line of defense against phishing. Make sure not to store passwords or other login information in easily accessible places, such as notes on your phone or an insecure computer. Always use secure password storage methods, such as encrypted password managers.

4.2 Access Websites with SSL

Another way to avoid phishing is by accessing websites using SSL. SSL (Secure Sockets Layer) is a security protocol that secures communication between your web browser and the server. Ensure to access websites using encrypted HTTPS protocol, especially when entering sensitive information such as passwords or payment information. This helps protect your data from phishing attacks and hacking.

4.3 Be Cautious of Unknown Calls

Another way to avoid phishing is to be cautious of unfamiliar numbers. Phishing perpetrators often use phone calls to attempt to obtain personal information or deceive you into revealing sensitive information. Therefore, always be cautious of phone calls from unknown numbers. Never provide personal or financial information over the phone unless you are certain of the caller's identity.

4.4 Regularly Check Device Security

Regularly checking the security of your devices is an important step in preventing phishing attacks. Ensure that your operating system software, applications, and antivirus programs are always updated to the latest versions to address any security vulnerabilities that may exist. Also, periodically check your devices for any suspicious activities or applications.

4.5 Install Anti-Phishing Protection Apps

There are various security applications designed specifically to protect users from phishing attacks. You can install anti-phishing protection apps that can detect and prevent access to phishing websites and provide warnings when interacting with suspicious online content. Make sure to choose reputable apps and keep their security definitions updated.

4.6 Don't Easily Fall for Email/Message Prizes

One common phishing tactic is to send emails or text messages offering prizes or enticing offers to lure victims into clicking on dangerous links or providing personal information. It's important not to easily fall for offers that seem too good to be true and always verify the authenticity of such offers before taking further action.

5. Phishing Crime Sanctions

There is no specific law governing phishing sanctions. However, perpetrators can be prosecuted under provisions in the Criminal Code (KUHP) and the Information and Electronic Transactions Law (UU ITE). In addition, phishing perpetrators can also be charged with several criminal offenses such as:

5.1 Fraud

Regulated under Article 378 of the Criminal Code, which states:

Anyone with the intention of benefiting themselves or others unlawfully by using a false name or false dignity, through deception or a series of lies, persuades another person to deliver goods to them, or to incur debt or forgive debt, is threatened with fraud, with a maximum prison sentence of 4 years.

5.2 Manipulation

If someone sends an email that appears to be genuine, they can be charged under Article 35 jo. Article 51 of the Information and Electronic Transactions Law, as follows:

Any person intentionally and without right or unlawfully manipulates, creates, alters, deletes, or damages Electronic Information and/or Electronic Documents with the aim of making the Electronic Information and/or Electronic Documents appear as if they are authentic data, shall be punished with imprisonment for a maximum of 12 years and/or a fine of up to Rp12 billion.

5.3 Intrusion

If someone breaches a specific electronic system, using the victim's identity and password without authorization, they can be charged under Article 30 paragraph (3) jo. Article 46 paragraph (3) of the Information and Electronic Transactions Law, as follows:

Any person intentionally and without right or unlawfully accesses a Computer and/or Electronic System in any way by violating, intruding, exceeding, or breaching security systems shall be punished with imprisonment for a maximum of 8 years and/or a fine of up to Rp 800 million.

5.4 Transference

Sobat BFI, that's an explanation regarding harmful phishing actions, including recognizing the types of phishing, knowing legal sanctions, and ways to avoid phishing actions. Essentially, phishing is a criminal act that harms many people. Protect yourself from phishing attacks and always be cautious.

If you need funds to meet financial needs, you can apply for a loan through BFI Finance, dear BFI Friends. Apply for financing at BFI Finance, with a quick and easy process. BFI Finance itself is a financing company that provides multipurpose loans with collateral such as motorcycle vehicle registration certificates, car vehicle registration certificates, and house or shop certificates for your needs.