Addressing the spectre of phishing : are adequate measures in place to protect victims of phishing?

Abstract

The Internet has introduced cheap, interactive and instant global communications. However, it has also resulted in new forms of criminal behaviour. Cyber criminals have also become more sophisticated and brazen in their attacks. The technique whereby scammers trick bank customers into entering their usernames and passwords is called ‘phishing’. Therefore, phishing scams are used to coerce unsuspecting users to disclose personal and banking information about them. Scammers obtain private information about consumers by posing as legitimate businesses and they play on the combination of trust and fear of fraud. Phishing attacks exploit vulnerabilities in computer networks, cause financial loss to victims and banking institutions and undermine consumer confidence in e-commercial transactions. Phishing has become an international evil that transcends national boundaries.

However, attempts are being made by some countries and organisations to tackle phishing on a global scale. In this article, I shall examine the increase in phishing attacks in South Africa and the United States of America and measures taken to address phishing in these countries. The United States has invaluable experience in combating phishing; hence it was chosen for the comparative study. The role of international bodies in addressing phishing and the effectiveness of new developments on phishing attacks will also be discussed. The article calls for a coordinated global response by law enforcement agencies, legislators and the private sector. The computer industry and financial institutions also need to stay abreast of crafty cyber criminals and develop effective technical solutions to address the problem. Internet users should also be educated about the risks of transacting online, and they need to practice caution and vigilance when transacting online. The study reveals that both the United States of America and South Africa have introduced legislation that can be used to address phishing. However, it is submitted that such legislation can be improved upon. It is recommended that more comprehensive legislation to address phishing should be introduced in South Africa. At the end of the day, the need for a multi-faceted approach involving law enforcement agencies, legislators and the private sector is advocated, as phishing scams impact on governments, companies and individuals worldwide.