Legal Research Assignment LAW035 Introduction to Legal Learning Skills PDF

Preview

Summary

Download Legal Research Assignment LAW035 Introduction to Legal Learning Skills PDF

Description

LEGAL RESEARCH CYBER LAW GROUP 5 PI007K07 LAW035

PREPARED FOR: MADAM AINUL MARDHIYYAH BINTI TAJUDIN

PREPARED BY: NO.

NAMES

STUDENT ID

1.

SHEIKH MUHAMMAD IRFAN ALHABSHEE BIN CHE IBRAHIM

2021857384

2.

HILMI HAKEEM BIN HASMILI

2021811508

3.

NUR HANI ALISHA BINTI LOKMAN

2021891372

4.

SITI NORMAIMUNAH BINTI ABDUL AZIZ

2021650528

5.

NUR AINA NAJWA BINTI MOHD SAID

2021499386

TABLE OF CONTENTS

INTRODUCTION GENERAL BACKGROUND Phishing is becoming one of the most common crimes in the twenty-first century. It is one of the most rapidly developing types of online fraud. Phishing is the fabrication of email messages and online pages that are exact duplicates of legitimate sites in order to trick visitors into providing personal, financial, or password information. These attacks are often carried out by organised crime operations in order to utilise the data to carry out high-value money transfers, identity theft schemes, and credit-card scams. Typically, a phishing email will arrive with the spoofed company's logo and email style, instructing the recipient to click on a link to what appears to be a legitimate website and input their account number and password. If convincing, the scammers will net customers. (The Anti-Phishing Working Group, 2003)

Figure 1: Countries with the Highest Commitment to Cyber Security in 2018 Source: Global Cybersecurity Index

As shown in Figure 1 above, Malaysia was ranked as the eighth country that has the highest commitment to cyber security in 2018. This proves that our country is one of the best prepared countries when it comes to handling cyber attacks.

Malaysia has introduced the Multimedia Super Corridor (MSC) to commemorate the new millennium. The government has also welcomed cyber laws which include the Computer Crimes Act 1997. However, Internet crime has taken on a new dimension as a result of rapid improvements in computer technology. Some of our current laws have loopholes as a result of technological advancements.

The criminal laws of Malaysia, in particular the Penal Code does not exclusively provide for any computer-related crimes. Not only that but also our newly legislated Computer Crimes Act 1997 does not cover all aspects of computer related crime activities. As a result, the legality of specific sorts of these acts must be assessed in the context of existing legislation. The biggest stumbling block is that existing laws were not written with computer technology in mind and are, in most cases, insufficiently broad to cover all forms of computer-related activity. As a result, no matter how heinous or evil such crimes may have been in the past, they will not be tolerated in the future. (Khaw, 1996) Phishing is a type of online identity theft and social engineering that tries to persuade people to give personal information, particularly financial information. These details included usernames and passwords for bank accounts, dates of birth, credit card information, social security numbers, and much more. A normal Internet user's daily activities, such as reading email, trading online stocks, making financial transactions, and even perusing the web, might give an identity thief with a plethora of options. In this regard, the broad question is whether current Malaysian Cyber Law protects internet users from phishing techniques when no special legislation exists. PROBLEM STATEMENT Internet fraud is not an unfamiliar thing in Malaysia. Based on the statistics in Figure 1, the amount of fraud incidents compared to other crimes is the highest throughout 2021. Due to this, Malaysia receives many reports of phishing related offences and most of the categories of the

phishing cases are Vishing which is done in phone calls, Smishing which happens through SMS and Spear Phishing.

Figure 2: Reports Incidents based on General Incident Classification Statistics 2021 Source: Malaysia Computer Emergency Response Team [MYCert]

Figure 3: Reports Incidents based on General Incident Classification Statistics 2021 Source: Malaysia Computer Emergency Response Team [MYCert]

As shown in Figure 2 above, internet frauds have been recorded as the highest among others. Based on the analysis, the highest record for internet fraud so far in 2021 is during the month of June. An aspect that leads to this phishing scam is Malaysians' lack of cybersecurity education and awareness about phishing. Common examples include clicking links in emails and instant messages without verifying the source, opening attachments in suspicious emails, not being interested in installing paid antivirus software on a computer or smartphone, antivirus software that has been installed not being updated frequently with the latest signature, and not running full antivirus scans on a regular basis. The issue that arises is whether or not there is sufficient existing law in Malaysia to deal with an act of phishing?

DISCUSSION AND ANALYSIS LEGISLATIONS IN MALAYSIA SECTION 416 OF PENAL CODE Even though the act of committing phishing is clearly considered as illegal, there is no specific provision that is related to this act in Malaysia. However, Section 416 of the Penal Code is usually referred to when there is a phishing case.

Section 416 of the Penal Code states that a person is cheating by personation if he cheats by pretending to be someone else, or by knowingly substituting one person for another, or representing that he or any other person is a person other than he or such other person really is. In simpler words, this provision provides information regarding people that pretends to be someone else to intentionally cheat.

When deciding a suitable punishment for a person that commits phishing, Section 419 of the Penal Code is typically used. This section provides that a person who impersonates someone else shall be imprisoned for a maximum of seven years or with fine or with both.

SECTION 420 OF PENAL CODE Section 420 can be defined as someone who cheats and tricks another person to deliver any property to others. A person that is found liable under this section shall be imprisoned with a maximum of seven years as well as whipping, and shall also be liable to fine (Laws of Malaysia, 2018) . This section is related to a person who cheats another person by the gain of the property of the victim. The term "property" in this provision is also known as money.

However, both Section 416 and Section 420 are not exclusively related to the act of phishing. The reason why is that these provisions are typically applied to identity theft. Also, they are not specifically classified as cybercrimes and are legislated in general.

LEGISLATIONS IN OTHER COUNTRIES UNITED KINGDOM Theft Act 1968 Other than that, an offence of “obtaining a money transfer by deception” was created under the Theft Act of 1968. This legislation appears to cover most phishing and related offences, since in all likelihood there will be some form of money transfer involved. However, the transfer of other assets in digital form may not be classified under either “money transfer” or “property”. Fraud Act 2006 The Fraud Act 2006 has been enacted and passed by the Parliament, which is of direct relevance to the act of phishing and other such fraudulent acts. The law ensures that criminals utilizing technology to commit offences will not escape prosecution due to a loophole in the law based on outdated and narrow definitions. It also includes false representation that this offence would also be committed by someone who engages in phishing. (Abu Bakar Munir & Siti Hajar Mohd Yasin, 2007) Section 2 of this Act is legislated broadly so as to encompass fraudulent Internet and other activities especially phishing. Section 6 also can be used against phishers. Under this clause, it is an offence for phishers to have in his possession or under his control any software to be used to intercept communication between parties to glean information which he should not have access.

SINGAPORE COMPUTER MISUSE ACT (CAP. 50A)

HACKING (I.E. UNAUTHORISED ACCESS) Under section 3(1) of the Computer Misuse Act (Cap. 50A) (“CMA”), it is an offence for any person to knowingly cause a computer to perform any function for the purpose of securing access without authority, to any program or data held in any computer. Upon conviction, an offender shall be liable for: a fine of up to $5,000; imprisonment for a term of up to two years; or both for the first offence.

Denial Of Service Attacks. A denial-of-service (“DOS”) attack is a cyber-attack meant to shut down a machine or network, thus making it inaccessible to its intended users. Under section 7(1) of the CMA, any person who, knowingly and without authority or lawful excuse: (a) interferes with, or interrupts or obstructs the lawful use of, a computer; or (b) impedes or prevents access to, or impairs the usefulness or effectiveness of, any program or data stored in a computer, shall be guilty of an offence. Upon conviction, an offender shall be liable for: a fine of up to $10,000; imprisonment for a term of up to three years; or both for the first offence. Phishing. An offender who is convicted under this section shall be liable for: a fine of up to $5,000; imprisonment for a term of up to two years; or both for a first offence. In Public Prosecutor v Lim Yi Jie [2019] SGDC 128, the Court found the accused to have facilitated a phishing scam involving the use of a phishing website, causing a victim to divulge her two-factor-authentication and time-sensitive PIN number to the accused, as the victim assumed that the phishing website was an official bank website. Although the accused was not responsible for the execution of the phishing scam (which, in the Court’s view, could be an offence under section 3(1) of the CMA, then named as the Computer Misuse and Cybersecurity Act), the accused had attempted to cash two cheques that were the criminal proceeds of the phishing scam. The accused was thus charged and convicted of an offence under the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (Cap. 65A).

Identity theft or Identity fraud (e.g. in connection with access device) Under Section 4 of the CMA, it is an offence for a person to cause a computer to perform any function for the purposes of securing access in any program or data held in any computer, with the intent to commit a number of offences, including certain offences involving fraud or dishonesty. A person convicted of such an offense is liable for: a fine not exceeding $50,000; imprisonment for a term not exceeding 10 years; or both. Penalties for identity theft and identity fraud are also set out in the Penal Code (Cap. 224) (“Penal Code”). Under section 419 read with section 416 of the Penal Code, a person who cheats by personation (i.e., if he cheats by pretending to be some other person, or by knowingly substituting one person for another, or representing that he or any other person is a person other than he or such other person really is), is guilty of an offence and, upon conviction, liable for: imprisonment for a term of up to five years; a fine; or both. Whilst this offence is of general application, it could also extend to the cyber context. Separately, section 170 of the Penal Code criminalises the offence of personating a public servant. Any person who is convicted of this offence shall be liable upon conviction for: imprisonment for a term that may extend to two years; a fine; or both.

CONCLUSION Cyber crime is the most prevailing crime in the present scenario which is done through the Internet. It causes a severe loss to the victim. Therefore, some of the measures and protocol should be taken by the government to avoid such crime. The vigilant behavior and following the safety protocols are the only helping aids which can reduce the occurence of cyber crimes. All in all, laws and acts enacted by governments are very important in order to maintain peace and the safety of net citizens.

REFERENCES

The Anti-Phishing Working Group, Proposed Solutions to Address the Threat of Email Spoofing Scams, 2003. Khaw Lake Tee, et. al, Laws and Policies Affecting the Development of Information Technology, Final Report, National Information Technology Council, 1996. Annamalai, N. “Cyber laws of Malaysia: The Multimedia Super Corridor” (1997), 12(12) Journal of International Banking Law pp 473-481 Laws of Malaysia (2018). “Penal Code – Act 574”, The Fraud Act 2006 (Commencement) Order 2006, legislation.gov.uk, The National Archives, SI 2006/3200 Abu Bakar Munir and Siti Hajar Mohd Yasin (2007). “Would the phishers get hooked”? Hertfordshire: published by Bileta...