Personal Data Vulnerability in the Digital Era: Study of Modus Operandi and Mechanisms to Prevent Phishing Crimes

The rapid digital transformation has significantly increased the vulnerability of personal data, leading to a worrisome rise in phishing crimes. This scientific article investigates the modus operandi and preventive mechanisms of phishing crimes in the digital transformation era. Phishing, a fraudulent practice aimed at obtaining sensitive information through deceitfully, has become a common cybercrime targeting individuals and organizations. This research utilizes a comprehensive literature review and analysis of various phishing attack scenarios to identify common strategies employed by cybercriminals. The analysis focuses on techniques used to manipulate unsuspecting victims, such as social engineering, email spoofing, and website forgery. Additionally, this study explores the exploitative nature of data breaches and their implications for personal privacy. The article highlights the importance of collaboration among stakeholders, including government agencies, technology providers, and individuals, in addressing the issue of personal data vulnerability. By sharing information, resources, and best practices, stakeholders can work together to enhance cybersecurity measures and effectively protect personal data. This research provides valuable insights into the modus operandi of phishing crimes and the preventive mechanisms necessary to safeguard personal data. By understanding the strategies employed by cyber criminals and implementing proactive measures, individuals and organizations can strengthen their defenses against phishing attacks.


INTRODUCTION
The advancement of technology has implications in various sectors of human life, offering convenience and introducing new patterns of interaction that were previously unprecedented.The recent technological progress is considered to bring significant benefits to life by providing ease in daily activities. 1 In Indonesia alone, the number of internet users reached 210 million people as of early 2022.This number continues to grow over time, and the usage becomes more diverse.
Digital transformation is one technological advancement that involves changing how work is done through information technology, making it more efficient and effective.Various industries have transformed e-learning, businesses, banking, government, and many more.The core of this transformation is the improvement of work efficiency and effectiveness through the use of databases.The main objective is to eliminate the need for documents, with databases replacing all transactional evidence in documents, making it easier, more flexible, and accessible anytime. 2 However, the presence of digital transformation also demands significant changes to Kit (APK) and using phishing links.They have arrested 13 suspects in connection with these activities. 9In West Java itself, a phishing case was uncovered by the Subdirectorate V Cybercrime Team of the Directorate of Special Criminal Investigation of the West Java Regional Police.They successfully apprehended a phishing criminal who originated from Palembang.The victims of this crime came from various provinces in Indonesia, including West Java. 10 An example of a phishing case involving the misuse of personal data is the incident experienced by users of the digital financing service Kredivo, where someone contacts the victims via phone and claims to have promotions, bonuses, or prizes.The victims subsequently receive inflated bills for purchases made through e-commerce platforms.11Based on the above explanation, the author of this article will discuss the implications of digital transformation and the vulnerability of personal data with the emergence of phishing as a form of cybercrime, its modus operandi in Indonesia, and the handling and prevention measures.The information and statements provided serve as the basis for this discussion.
This article aims to analyze the modus operandi of phishing crimes and the preventive efforts against them.The article seeks to address its urgency, at least for the following two reasons: First, to provide an overview of phishing crimes by exploring various modus operandi associated with phishing.Second, to formulate prevention efforts against phishing crimes as an alternative approach to combating such crimes.Thus, this study will contribute not only to the development of legal and constitutional knowledge but also to finding avenues that can be utilized to prosecute perpetrators of phishing crimes.

DISCUSSION
Almost every aspect of life is influenced by the ongoing rapid digital transformation.
The business models are changing due to digital transformation, resulting from the disruption era or Industry 4.0.This transformation is reshaping the existing business landscape into a new environment that is more innovative, complex, and dynamic. 12Digital transformation is the shift in how businesses leverage information technology to become more efficient and effective.
Various industries have transformed areas such as e-learning, business operations, banking, government, and many more.The core of this transformation is the improvement of work efficiency and effectiveness through the utilization of databases.The primary objective is to eliminate the reliance on physical documents; with databases replacing traditional paper-based transaction records, making processes easier and more flexible.
Various industries have undergone transformations in areas such as e-learning, business operations, banking, government, and many more.The core of this transformation is to enhance work efficiency and effectiveness through the utilization of databases.The primary objective is to eliminate the reliance on physical documents, with databases replacing traditional paperbased transaction records, making processes more straightforward, more flexible, and accessible at any time.Every individual and company involved in the business process can experience the impact of these changes, both positively and negatively.The banking sector has often been targeted by phishers as a place for exploitation.Data on electronic transaction records from a bank in Indonesia from 2016 to 2019 indicates an increase in fraud cases that correlates with the growing prevalence of electronic transactions, particularly e-commerce. 14Perpetrators send emails to victims, pretending to be representatives of Paypal.In the email, they claim that the victims have caused an issue due to policy violations.The perpetrators then ask the victims to update their accounts, providing a link redirecting them to a fake website.On this website, the victims unknowingly input their information as instructed, allowing the perpetrators to obtain the desired information. 15ishing attacks actually have success rate of 30% or higher.and significant rewards. 16ishing is the act of obtaining users' personal data by using fake emails and websites that appear to be genuine or official.Phishers collect or search for victims' account passwords or credit card numbers.They use emails, banners, or pop-up windows to lure users to fake websites where they request personal data.This is where phishers take advantage of users' carelessness and oversight on the fake website to obtain their data. 17 First, the source of phishing consists of over 120.000 phishing attacks peaking at billions of emails in 2014.65% of these attacks start with visiting a link sent through email.Furthermore, the Anti-

Phishing Modus Operandi And Perpetrator's Methods
In 2001, a case resembling phishing occurred in Indonesia.At that time, several banks in Indonesia had just introduced internet banking services, and one of the affected banks was Bank Central Asia (BCA).In this case, the perpetrator purchased six domains with names similar to the genuine BCA website, www.klikbca.com.This led unsuspecting BCA customers to believe that one of the fake websites was BCA's actual internet banking website.As a result, when customers entered their user ID and Personal Identification Number (PIN) into the fake website, the data was successfully recorded by the perpetrator and stored on their computer's

208
hard disk.The case caused a significant uproar at the time and continues to serve as an example of a phishing case that occurred in Indonesia. 18 the world of web phishing, the term "Web Forgery" is used because these websites are created solely to deceive visitors.The phishing process begins with the perpetrator creating a domain that serves as the host, which can be a paid or free domain.Next, the perpetrator designs the website to closely resemble the genuine website, including the layout, logo, color scheme, objects, and other small details.This is done to trick victims into providing their personal data, such as usernames and passwords, on the form present on the fake website.The victim's data is then automatically stored in the database of the fraudulent website. 19cording to several sources, phishing attacks typically start with an email that appears to come from an organization closely related to the victim.The attack then prompts them to update their information by following a URL link provided in the email.Phishing essentially utilizes complex attack vectors and social engineering to make the email recipients feel entirely unaware of what is actually happening.Attackers will send millions of emails to millions of users, and the engineering will deceive at least thousands of people.These attacks always use fake emails to trick users into sharing their personal information.Secondly, you will be asked to provide your personal information, such as passwords and bank account numbers, on a website.This information will ultimately be used for identity theft.Additionally, phishers use tools to steal the source code of genuine websites and replace them with fraudulent ones.
Furthermore, embedded links are created by phishers to gather the personal information of victims.Thirdly, malware attack techniques involve pretending to ask staff members to download files sent by phishers to neutralize malware, which ultimately leads to compromising their systems. 20ishers use various strategies to target their victims, such as: 1. Email spoofing Phishers commonly use email spoofing to send emails to millions of users, pretending to be from official institutions.The emails usually request users to download specific forms or provide credit card information.

Web-based delivery
Web-based delivery is one of the most sophisticated phishing methods.Hackers, also known as "man-in-the-middle," operate between the phishing system and the genuine website.

Instant messaging phishing
Users receive instant messages with links that redirect them to fake phishing websites designed to resemble authentic ones.

Host Trojan
Phishers attempt to access user accounts and collect credentials through the local machine using a host Trojan.
5. Phishers send acquired data to another phisher: In this scenario, phishers create links to websites that direct users to the phisher's site instead of the legitimate one, enabling them to obtain sensitive information.

Phishing malware
Phishing malware consists of malicious software that needs to be installed on the user's computer.Phishers often include this malware in emails sent to users.Victims are required to click on a link to initiate the malware.Sometimes, the downloaded file contains malware.
It is crucial to remain vigilant and exercise caution when dealing with suspicious emails, links, and downloads to protect yourself from phishing attacks.

Enforcement Against Perpetrators Of Phishing Crimes
To take action against phishing criminals, Article

Prevention and Mitigation of Phishing
To prevent or anticipate phishing, the following steps can be used and maximized: 21 1.Using toolsdetect to identify phishing attempts is an effective preventive measure.The internet has become an essential part of our daily lives, and for some individuals, it is indispensable.While the internet allows us to do many things, such as searching and sharing information, we often find attractive but unwanted websites.It can be tempting to input necessary information without realizing it is a phishing site.To prevent this, we can utilize detection tools that can distinguish between genuine and fake websites.These tools help identify and avoid potential phishing attacks, safeguarding our personal and sensitive information.
2. Using additional web browsers that protect against tabnabbing is another important measure.Phishers continuously develop new attacks each year, and tabnabbing is one of the newer techniques.This phishing attack occurs online, where phishing sites appear 21 Wibowo and Fatimah. in between other tabs when users have multiple tabs open.The attack begins when the user is distracted and opens a new tab.The fake tab then switches with one of the tabs the user has opened, making the genuine tab disappear.This attack is considered clever because it no longer relies on previously clicked links to lure users into the phisher's trap.By using web browsers that provide protection against tabnabbing, users can mitigate the risk of falling victim to such phishing attacks and maintain a safer browsing experience.
3. Using anti-phishing pre-filters is another effective method for preventing phishing.
These pre-filters consist of three prevention components: site identifier, login form finder, and webpage feature generator.The prevention process occurs in stages.
Additionally, detection is performed through streaming analysis, where many individuals are researching to develop tools or applications.People are also exploring various methods of detection.Furthermore, this anti-phishing approach utilizes streaming analysis called PhisStrom to detect phishing attempts.By implementing antiphishing pre-filters, users can enhance their protection against phishing attacks and minimize the risk of falling victim to fraudulent schemes.The Organization for Economic Cooperation and Development (OECD) report titled "Computer-Related Crime: Analysis of Legal Policy" in 1986 outlined several important steps that every country should take to combat cybercrime.These steps include increasing awareness among law enforcement agencies regarding prevention efforts, investigation techniques, and prosecution of cybercrimes, as well as raising public awareness about the importance of preventing the spread of cybercrime.By doing so, countries can effectively address cybercrime and create awareness among citizens about the significance of preventing the proliferation of cybercrime. 22CONCLUSION This article discusses the modus operandi of phishing crimes and various prevention methods.Phishing is an online fraud where attackers attempt to obtain sensitive information

1
Sayid Muhammad Rifqi Noval, "Evolusi Hak Pekerja Di Era Digital: Prawacana Right To Disconnect Di 46% increase compared to the fourth quarter of 2017.7TheIndonesianInternetDomain Name Administrator (Pengelola Nama Domain Internet Indonesia or PANDI) reported that there had been approximately 5.579 phishing incidents in the country from April to June 2022.8TheDirectorate of Cyber Crime (Direktorat a

Table 1 .
Comparison Data between Electronic Transactions and Fraud Transactions Source: Author's processed secondary data, 2023Hackers continue to favor this type of cybercrime.As a result, internet crime still thrives, particularly in identity theft.A report states that phishing accounts for 67% of cybercrimes.Personal, account, and financial data are the targets of phishing.Phishing typically succeeds because perpetrators impersonate trustworthy individuals or official institutions, making the victims unsuspecting.The use of Paypal is one well-known case of phishing.
Phishing Working Group received 229.265 reports of phishing emails from consumers in March 2016.18,3% of Australians fell victim to email phishing.Second, through phishing websites, which combine advertisements with social media platforms like Facebook, Twitter, and Instagram.A survey conducted by Facebook indicated that 8,7% of 83.090.000accounts were not genuine users.Additionally, an estimated 1,5% of the 14.320.000accounts unknowingly spread harmful content, such as spam messages and suspicious links.The majority of phishing attacks occur through hacked web servers, affecting 73% of the targeted sites.Third, phishing attacks also occur through malware distribution, one example is Koobface malware, which victimized 81% of users.
The reasoning behind this is that creating fake websites resembling genuine ones and engaging in activities that deceive individuals into accessing false links and providing their confidential information, which should remain private, can be subject to Article 28 Section (1) in conjunction with Article 45A Section (1) of the ITE Law.With appropriate legal policies in place, effective measures can be taken to combat cybercrime, and the prosecution of such crimes can be conducted effectively.In line with this, Article 1 Section (3) of the 1945 Constitution of the Republic of Indonesia states that Indonesia, as a legal state, must uphold the law in every action taken by the state without exception.Therefore, the writer believes that laws should govern activities conducted in the virtual realm, such as electronic transactions, so that individuals engaging in electronic transactions can determine which laws are applicable and which are not, particularly in Indonesia.Therefore, the crime of phishing in electronic transactions is typically carried out by two or more individuals who assist in its commission.Hence, Article 363 Section (4) and Article 55 of the Criminal Code are usually applied regarding involvement in resolving cases of phishing fraud.The use of the Criminal Code in addressing cases of electronic transaction crimes is considered one of the efforts to fill the legal gap.