Personalisasi
Halo,
Anda,

Segera Upgrade paket berlangganan Anda.
Dapatkan fitur lebih lengkap
Profil
Ada pertanyaan? Hubungi Kami
Bahasa
id-flag
en-flag

Criminal Penalty on Phishing and Its Methods

Share
copy-paste Share Icon
Teknologi

Criminal Penalty on Phishing and Its Methods

Criminal Penalty on Phishing and Its Methods
Erizka Permatasari, S.H.Si Pokrol
Si Pokrol
Bacaan 10 Menit
Criminal Penalty on Phishing and Its Methods

PERTANYAAN

What is phishing? How is it regulated in our law system? Thank you.

DAFTAR ISI

    INTISARI JAWABAN

    Phishing is a cybercrime in which a person disguises himself as a legitimate organization and contacts the victim/target via e-mail, phone, or text message, asking them to provide sensitive data such as personal identity information, banking and credit card details, and passwords.

    The information is then used to access critical accounts which can result in identity theft and financial loss.

    What are the common methods used by the perpetrators? Then, what are the articles that can criminalize the perpetrators according to Indonesian laws and regulations?

    Please read the review below for a further explanation.

    ULASAN LENGKAP

    This article is an English translation of Jerat Hukum Pelaku Phishing dan Modusnya written by Erizka Permatasari, S.H. and published on Thursday, 9 December 2021.

    This article below is the second update of the article entitled Phishing, first written by Si Pokrol and published on Wednesday, 1 February 2006, and was first updated on 17 May 2021.

    All legal information available on Klinik hukumonline.com has been prepared for educational purposes only and is general in nature (read the complete Disclaimer). In order to obtain legal advice specific to your case, please consult with Justika Partner Consultant.

    Definition of Phishing

    What is phishing? According to phishing.org in one of its articles entitled What is phishing? the meaning of phishing is a cybercrime in which a person disguises himself as a legitimate institution and contacts the victim or target via email, phone, or text message, in order to provide sensitive data such as personal identity information, banking and credit card details, and passwords.

    Once the victim or target provides the requested information, it is then used to access critical accounts which can result in identity theft and financial loss.

    Belajar Hukum Secara Online dari Pengajar Berkompeten Dengan Biaya TerjangkauMulai DariRp. 149.000

    Phishing itself comes from the word fishing. Just like fishing, phishing is a crime that works like fishing or utilizing bait. A well-targeted bait is the critical success factor for phishing. The presence of a phishing account is the key, as it resembles an official account.

    In this regard, the bait used is usually false information that is made to look like the real thing. It is usually sent as if it is from an authorized party, such as a system administrator, bank employee, or government employee. The content of the information can vary, but it is usually an invitation to update the targeted account information.

    Methods of Phishing

    In a thesis research entitled Kajian Yuridis Pertanggungjawaban Pidana Penyedia Jasa Internet dan Pemilik Domain Situs Phishing (Juridical Study of Criminal Liability of Internet Service Providers and Domain Owners of Phishing Sites), Ki Jagad Tomara (pp. 54 - 66) explains that there are five ways or methods of phishing.

    1. Sending fake emails

    This method, often known as email phishing, is the most commonly used mode. The perpetrator will send a fake e-mail, in which he acts as an officer or website admin of a banking company. The content of the email is usually about notifying customers about certain matters that are important, urgent, and require a quick response.

    In the e-mail, a phishing link is sent. A phishing link is a link used by the perpetrator to lead the victim to a special web page that has been prepared by the perpetrator.

    1. Web Forgery

    Web forgery or web phishing is a website that is intentionally designed to deceive its visitors. The appearance on the website is made to look like the original. Then, the victim is led to enter his identity in a form that has been prepared by the perpetrator.

    After the victim enters his user id and password, the data will be stored in the website's database. This stored data is what the perpetrator is targeting to misuse for his interests.

    1. Phone Phishing

    The perpetrator will call the victim on behalf of certain parties, such as law enforcement, important users, audit consultants, and so on. Then, he will ask or request certain things, such as asking for the victim's user id and account password, asking for an OTP (One Time Password) code to access the victim's cellphone, or asking the victim to transfer a certain amount of money to an account number designated by the perpetrator.

    1. Phishing via SMS

    The perpetrator sends an SMS containing that the victim won a lottery with a relatively large amount of money. To be able to collect the prize, the victim is asked to confirm by providing the user id and internet banking password to the perpetrator.

    1. Phishing through Conversation Applications (Chat Phishing)

    The perpetrator sets up a program on a popular chat application automatically, for example by pretending to be an online customer service by manipulating that the web display is being disconnected. After that, the perpetrator will ask the victim to log in again by entering the user id and password on the link sent.

    Also read: Criminal Penalty on Cracking According to PDP Law and EIT Law

    Study Case of Phishing

    As an illustration of phishing examples related to phishing cases in Indonesia, we take the example of the Decision of the District Court of Pekanbaru No. 958/Pid.Sus/2020/PN Pbr.

    The perpetrator is known to conduct phishing by distributing a copy website that is similar to the original website to the victim's e-mail with the aim of obtaining user data, such as e-mail, password, and victim's identity, including the victim's address (p. 3).

    After obtaining the victim's credit card data, the defendant then sold the phished credit card through a Facebook account (p. 4).

    For these acts, the defendant was found legally and convincingly guilty of violating Article 32 section (2) jo. Article 48 section (2) Law Number 11/2008 or EIT Law with a prison sentence of 1 year and 2 months and a fine of IDR 20 million (p. 17).

    Criminal Penalty

    According to our research, there is no legislation that specifically regulates phishing. However, perpetrators can be charged with provisions under the Criminal Code as well as the EIT Law and its amendments as in the case above.

    In addition, it is important to know that phishers can be charged with several criminal offenses, such as fraud, manipulation, breaching, and moving or transferring.

    There are several articles that can potentially criminalize phishers, namely:

    1. Fraud

    Fraud is regulated in Article 378 Criminal Code, which reads as follows:

    Any person who with intent to unlawfully benefit himself or another, either by assuming a false name or a false capacity, or by crafty artifices, or by a web of fictions, induces someone to deliver any property or to negotiate a loan or to annul a debt, shall, being guilty of fraud, be punished by a maximum imprisonment of four years.

    1. Manipulation

    The perpetrator of sending electronic mail (e-mail) as if it were genuine can be charged with Article 35 jo. Article 51 EIT Law, as follows:

    Any Person who intentionally and illegally or unlawfully manipulates, creates, alters, omits, or damages Electronic Information and/or Electronic Document so that said Electronic Information and/or Electronic Document is considered as if the data were authentic, will be subject to imprisonment for a maximum of 12 (twelve) years and/or a maximum fine of IDR 12,000,000,000.00 (twelve billion rupiahs).

    1. Breaching

    If the perpetrator breaks into a certain electronic system, using the victim's identity and password without right, he can be charged with Article 30 section (3) jo. Article 46 section (3) EIT Law, as follows:

    Any Person who intentionally and illegally or unlawfully accesses a Computer and/or Electronic System in any way by violating, breaching, bypassing, or breaking through the security system, will be subject to imprisonment for a maximum of 8 (eight) years and/or a maximum fine of IDR 800,000,000.00 (eight hundred million rupiahs).

    1. Moving or Transferring

    For the act of moving or transferring information and/or electronic documents belonging to the victim, such as account contents, phishers can be charged with Article 32 section (2) jo. Article 48 section (2) EIT Law, which reads:

    Any Person who intentionally and illegally or unlawfully in any way moves or transfers Electronic Information and/or Electronic Document to the Electronic System of an unauthorized person, will be subject to imprisonment for a maximum of 9 (nine) years and/or a maximum fine of IDR 3,000,000,000.00 (three billion rupiahs).

    These are the answers we can provide, we hope you will find them useful.

    Legal Basis:

    1. Criminal Code;
    2. Law Number 11 of 2008 on Electronic Information and Transactions as amended by Law Number 19 of 2016 on the Amendment to Law Number 11 of 2008 on Electronic Information and Transactions;

    Reference:

    1. Ki Jagad Tomara. Kajian Yuridis Pertanggungjawaban Pidana Penyedia Jasa Internet dan Pemilik Domain Situs Phising. Minor Thesis of The Faculty of Law Universitas Brawijaya, 2011;
    2. What is Phishing?accessed on 8 December 2021 at 14.30 West Indonesian Time (zone).

    Court Decision:

    Decision of the District Court of Pekanbaru No. 958/Pid.Sus/2020/PN Pbr.

    Tags

    klinik english edition

    Punya Masalah Hukum yang sedang dihadapi?

    atauMulai dari Rp 30.000
    Baca DisclaimerPowered byempty result

    TIPS HUKUM

    Cara Mengurus Surat Cerai dan Langkah Mengajukan Gugatannya

    24 Mar, 2023 Bacaan 10 Menit
    logo channelbox

    Dapatkan info berbagai lowongan kerja hukum terbaru di Indonesia!

    Kunjungi

    Butuh lebih banyak artikel?

    Pantau Kewajiban Hukum
    Perusahaan Anda Di Sini!