CRIMINAL LAW ENFORCEMENT OF PHISING ATTACKS ON ONLINE BANKING SERVICES
DOI:
https://doi.org/10.47701/icohetech.v1i1.1160Keywords:
Phising, Bank Services, CybercrimeAbstract
The high rate of fraud crimes has a negative impact on bank customers. Where the higher the crime rate, the customers need a high level of system security, because many attackers or phisers are interested in exploiting customer data if the security level is low. In addition, legal or statutory powers are also needed in dealing with these crimes. In this study, the research method used is juridical or normative research methods. This research method uses research on existing library materials to solve problems. The approach method used in this research is to use the statutory regulatory approach. In this study using primary legal materials and secondary legal materials: 1. Primary legal materials are materials that have juridical binding power, such as statutory regulations, court decisions, and agreements. The legal materials used include the Criminal Code. 2. Secondary legal materials are materials that do not have juridical binding power, namely draft laws and regulations, literature, and journals related to the focus of research. E. Legal Material Analysis Techniques Analysis of the legal materials used in this research is qualitative data analysis including data classification activities in accordance with legal issues and provisions, then editing, presenting the results of the analysis in narrative form, and drawing conclusions. Law enforcement of phishing attacks on this online banking service is in the form of: Criminal threats for the perpetrator (phishers) are regulated in accordance with the following provisions: 1) According to Article 378 of the Criminal Code, it explains that "Whoever with the intention of benefiting himself or another person unlawfully, by using a false name or fake dignity, by deception, or a series of lies, moves another person to hand over something to him, or in order to give a debt or write off a debt, he will be punished for fraud with a maximum imprisonment of four years ”. 2) In Article 28 of the Law on Electronic Information and Transactions Number 11 of 2008 which states, "every person knowingly and without rights spreads false and misleading news that results in consumer losses in electronic transactions." shall be sentenced to imprisonment for a maximum of 6 (six) years and / or a maximum fine of Rp. 1,000,000,000.00 (one billion rupiah). 3) Based on Article 35 of the Law on Electronic Information and Transactions Number 11 of 2008, which contains: Every person intentionally and without right or against the law manipulates, creates, changes, removes, destroys Electronic Information and / or Electronic Documents with the aim that Electronic information and / or Electronic Documents are considered as if the data is authentic. shall be sentenced to imprisonment of up to 12 (twelve) years and / or a fine of not more than Rp. 12,000,000,000.00 (twelve billion rupiah). " 2. The factor causing phishing attacks on online banking services is the lack of user knowledge about the data security system.
References
Anderson, R. (2007). Closing the phishing hole - Fraud, risk and nonbanks. Proceedings of the Payments System Research Conferences, 1–16.
APWG [Anti-Phishing Working Group] (2015). Phishing activity trends report: 4th quarter 2014. Retrieved from http://docs.apwg.org/reports/apwg_trends_report_q4_2014.pdf.
Bossler, A. M., & Holt, T. J. (2009). On-line activities, guardianship, and malware infection: An examination of routine activities theory. International Journal of Cyber Criminology, 3(1), 400–420.
Brown, J. S., Collins, A. & Duguid, P. (1989). Situated cognition and the culture of learning. Educational Researcher, 18(1), 32–42.
Choi, K.-S. (2008). Computer crime victimization and integrated theory: An empirical assessment. International Journal of Cyber Criminology, 2(1), 308–333.
Cohen, L. E. & Felson, M. (1979). Social change and crime rate trends: A routine activity approach. American Sociological Review, 44, 588–608.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M. & Baskerville, R. (2013). Future directions for behavioral information security research. Computers & Security, 32, 90–101.
Davinson, N. & Sillence, E. (2014). Using the health belief model to explore users’ perceptions of “being safe and secure” in the world of technology mediated financial transactions. International Journal of Human-Computer Studies, 72(2), 154–168.
Einspruch, E. L., Lynch, B., Aufderheide, T. P., Nichol, G. & Becker, L. (2007). Retention of CPR skills learned in a traditional AHA Heartsaver course versus 30-min video self-training: A controlled randomized study. Resuscitation, 74(3), 476–486.
Harrell, E. & Langton, L. (2013). Victims of identity theft, 2012. Washington DC: Bureau of Justice Statistics. Hong, J. (2012). The state of phishing attacks. Communications of the ACM, 55(1), 74–81.
Hutchings, A. & Hayes, H. (2009). Routine activity theory and phishing victimisation: Who gets caught in the net? Current Issues in Criminal Justice, 20, 433–451.
Jansen, J. (2015). Studying safe online banking behaviour: A protection motivation theory approach. Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance, 120–130.
Jansen, J. & Leukfeldt, R. (2015). How people help fraudsters steal their money: An analysis of 600 online banking fraud cases. Proceedings of the 5th Workshop on SocioTechnical Aspects in Security and Trust, 25–31.
Jansson, K. & von Solms, R. (2013). Phishing for phishing awareness. Behaviour & Information Technology, 32(6), 584–593.
Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L. F. & Hong, J. (2010). Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology, 10(2), 7:1–7:31.
Lastdrager, E. E. (2014). Achieving a consensual definition of phishing based on a systematic review of the literature. Crime Science, 3(1), 1–10. Leukfeldt, E. R. (2014). Phishing for suitable targets in the Netherlands: Routine activity theory and phishing victimization. Cyberpsychology, Behavior, and Social Networking, 17(8), 551–555.
