A FAIR TRIAL № 6 / 2023 100 CYBERFRAUD PROTECTION attacks and protect yourself and your savings? To combat phishing, Kazykhanov A.A. And Bayrugin I.T. recommend «Conducting briefings with all company personnel; Using security software; The principle of trusting important information only to qualified employees» . The National Cybersecurity Center of Great Britain (NCSC) points out several difficulties in the course of «anti-phishing education», in particular due to the increasing number and volume of phishing threats, as well as the need to take measures to combine technical means of protection in the virtual space with increasing user awareness of common types of phishing attacks and ways to inform about them. So, it turns out that raising user awareness is not the key to success in the fight against phishing. To study the effectiveness of prevention, training seminars among employees, as well as in order to study the potential impact on susceptibility to phishing, scientists from the University of Bristol Emma Williams and Adam Joinson conducted a study based on the results of which it was found that «factors regarding the effectiveness of protective information obtained they can directly influence the future intention to interact with this information». That is, when determining the effectiveness of information to protect against phishing, users tend to use it in the virtual space. But not only these measures can protect against a phishing attack. According to the study, in most cases, letters from scammers offering to click on a link to some website, whether it’s a bank or a company’s website, contain meaningless sets of letters, numbers and symbols. The official website of a bank or other state institution or company contains a name that is relevant to its activities. For example, www.uztelecom.uz. But not in any way, *(9087()*6;%%%oro?;»««*((%% №;;№№№;,,?:%%;№№№№№№. Since phishing attacks are aimed at disinformation of a potential victim and prompting her to follow the link, based on such human qualities as carelessness, haste, inattention. Similarly, D.V. Bakhteev believes that «The most common and dangerous form of phishing is sending e–mails to Internet banking users containing a notification of the need to perform some actions with the account and a link that looks like the login address to the user’s personal account. In these methods of Internet fraud, instead of directly hacking a secure system (for example, an Internet bank), fraudsters use the vulnerability of the user’s psychology, his inattention, indifferent attitude to routine operations, gullibility, thirst for profit» . Based on the criminal cases concerning phishing investigated directly by the author himself, several key circumstances should be highlighted, because of which victimization from phishing attacks occurs: - if there are arguments with high quality in phishing letters (more plausible, correspond to the style of the letter and the manner of writing the «sender», correspond to the subject of correspondence); - if they came from a source with a «high level» of trust (friends, bosses, colleagues, bank); - if the genre of the letter corresponds to the source (background illustrations, font, pictures, colors, contrast, location of the letter, image quality, inscriptions) - if there is a lot of temporary pressure («URGENT!», «IMMEDIATELY!», «VERY IMPORTANT!»). The messages used in phishing attacks contain at least some false or contradictory content, which can usually be identified with sufficient systematic processing. A significant contribution was a study conducted by Xin (Robert) Luo, Wei Zhang, Stephen Burd, Alessandro Seazzu , in which the influence of the heuristic systematic model of information
A FAIR TRIAL № 6 / 2023 CYBERFRAUD PROTECTION 101 processing HSM developed by Chaiken on victimization in phishing attacks was studied. They concluded that focusing on sender identification technologies, as well as user training, can help attract attention to identifying fake and real senders by teaching specially targeted methods and skills. Phishers, when trying to commit a phishing attack on a certain company or enterprise, conduct a study of correspondence, business management, also study employees, their hobbies on social media accounts. The goal is to compile a targeted phishing letter, especially this method is used when the manager himself is chosen as a victim, since, unlike a simple employee, access to his data can provide an opportunity to obtain more valuable information that can later bring more profit. Therefore, it is necessary to be careful when posting private information, especially about the place of work and to discuss this point (confidentiality) when drawing up a contract when hiring. Another precautionary measure for protection in the virtual space is the need to enable the notification function for dubious or suspicious sites, which is available in any phone. It is also recommended not to enter such sites even if this site has the necessary information or incredible discounts and promotions for drawing a car or a whole house are announced in it. These sites serve to attract as many people as possible for further acquisition of information about the user or his banking data, at best, for marketing or advertising products. In addition, few people pay attention to abbreviations such as http and https. HTTP (Hypertext Transfer Protocol) is a protocol of the application layer of data transfer initially - in the form of hypertext documents in HTML format, currently used to transfer arbitrary data. Although most websites of government agencies, large companies and, in general, the website of organizations carrying out legal activities begins with the abbreviation www. or https. The letter «S» in the https protocol means the word «secure» from the English secure. That is, this site is checked for the presence of danger and is safe to use because it ensures the confidentiality of information by encrypting it. When using third-party sites or when searching for information, it is also necessary to focus on such nuances of a secure Internet. These rules are far from exhaustive, but since scammers are always looking for loopholes to bypass the system, realizing that it is more difficult to hack a computer, they focus on the human factor (excitement, desire to get rich, get a discount, win the lottery, etc.) during phishing attacks. Therefore, it is necessary to be careful and pay attention to the smallest features and rules of safe use of the Internet to avoid spending money or even worse to become an accomplice of a crime. Based on the above, the author came to some conclusions, and formulated a set of measures to counteract one of the types of plastic fraud - phishing: 1. Supplement the third part of Article 168 of the Criminal Code of the Republic of Uzbekistan with paragraph «d» - «using payment, counterfeit cards or electronic means of payment». 2. To protect against phishing, send users only verified and proven information. 3. In the structure and system of the organization, when hiring new personnel, conduct instruction on combating cyberbullying and anti-phishing measures, in the case of a phishing attack on the company, the employee is personally responsible for the losses incurred. 4. Establishment of a hierarchy among employees, according to which, depending on the importance and confidentiality of information, each category is granted access to one or another information as in military
A FAIR TRIAL № 6 / 2023 102 CYBERFRAUD PROTECTION 1. Википедия. https://ru.wikipedia.org 2. https://ru.wikipedia.org › wiki › Фишинг 3. Юрочкин Н.С. Кибермошенничество: характеристика, приемы и методы его совершения. Таврический научный обозреватель www.tavr.science №12 (17) — декабрь 2016, часть 2. С. 158 4. Хурсанов Р.Х., Анорбоев А.У. Киберфирибгарлик жинояти: жиноий-ҳуқуқий ва криминологик тавсифи. Б. 306. Юридик фан ва ҳуқуқни қўллаш амалиётининг долзарб муаммолари мавзусидаги илмий-амалий конференция материаллари I жилд. Тошкент.2020 5. https://www.osp.ru/winitpro/2019/03/13054903 6. Сторчак С.А. Обзор антифишинговых технологий. Проблемы науки. 2019. Таганрог. 7. Уголовный кодекс Российской Федерации. https://ppt.ru › kodeks › kodeks=20 8. Уголовный кодекс Испании. artlibrary2007.narod.ru › kodeks › ispanii_uk 9. Уголовный кодекс Италии. https://cheapstrongwinda8.weebly.com/ 10. П.В. Головненков. Уголовное уложение. (Уголовный кодекс) Федеративной Республики Германия: научно-практический комментарий и перевод текста закона. 2-е издание. Strafgesetzbuch (StGB). 2011. C.45 11. Уголовный кодекс КНР. https://asia-business.ru/law/law1/criminalcode/code/ 12. Swiss Criminal Code of 21 December 1937 (Status as of 1 January 2019). Amended by No I of the FA of 13 Dec. 2002, in force since 1 Jan. 2007 (AS 2006 3459 3535; BBl 1999 1979). Р.31 13. Казыханов А.А. И Байругин И.Т. Фишинг, как проблема для специалистов отдела ИБ. Международный научный журнал «Символ науки» №10-2/2016. УФА. РФ. С. 54 14. NCSC Phishing Attacks: Defending Your Organisation. https://www.ncsc.gov.uk/phishing. Дата обращения. 10 июля 2018 года 15. Emma J. Williams and Adam N. Joinson. Developing a measure of information seeking about phishing. Journal of Cybersecurity, 2020, Vol. 6, No. 1. Р. 13 16. Бахтеев Д.В. О некоторых современных способах совершения мошенничества в отношении имущества физических лиц.Российское право. №3.2016. С.25 17. См. Xin (Robert) Luo, Wei Zhang, Stephen Burd, Alessandro Seazzu. Investigating phishing victimization with the HeuristiceSystematic Model: A theoretical framework and an exploration. Anderson School of Management, University of New Mexico, 1924 Las Lomas NE, MSC05 3090, Albuquerque, NM 87131, USA. http://dx.doi.org/10.1016/j.cose.2012.12.003 18. www.wikipedia.com https://g.co/kgs/4PNRWv institutions. 5. Pay attention to abbreviations like http and httpS, where the letter «S» (secure) indicates a preliminary check of the site for the presence of danger. 6. The key circumstances that result in victimization from phishing attacks are highlighted. 7. Mandatory activation of the notification function about dubious or suspicious sites, which is available in any phone or computer. Modern types of fraud pose a greater danger than ordinary fraud since it involves the creation of a criminal group of specialists with computer skills, has a wider range of victims, in some cases the need to have opportunities, channels for redirecting funds to foreign bank accounts in order to cover their tracks and evade responsibility. Therefore, strengthening measures to counteract them should be the prerogative of law enforcement agencies. A. SABYRBAYEVA, PhD, Associate Professor of the Department of Criminal Procedure Law of the Academy of the Ministry of Internal Affairs Republic of Uzbekistan
ОДИЛ СУДЛОВ ЕЛЕКТРОН ПРАВОСУДИЕ ЕЛЕКТРОН 1 2023 Қонун ҳужжатлари Суд қарорлари Суд амалиёти Суд очеркдари Законодательные акты Судебные решения Судебная практика Судебные очерки ОДИЛ СУДЛОВ Ҳуқуқий, илмий-амалий ЭЛЕКТРОН ЖУРНАЛ ПРАВОСУДИЕ ЭЛЕКТРОННЫЙ ЖУРНАЛ A FAIR TRIAL ELECTRONIC JOURNAL 1 2023 Қонун ҳужжатлари Суд қарорлари Суд амалиёти Суд очерклари Legal documents Court decisions Judicial practice Court essays Законодательные акты Судебные решения Судебная практика Судебные очерки