Archive note: This text comes from the old archive of Nomika Epilekta and is carefully preserved for historical and informational reading.

The method of “phishing” is often connected with the unlawful acquisition of data or the commission of fraud on the internet. The expression “phishing” comes from the habit of hackers of calling the websites to which they have access “phish”.

More specifically, “phishing” is the sending of electronic messages (e-mails) intended to cause the theft of confidential details belonging to the recipient of the electronic message. These electronic messages give the impression that they come from a bank and, using various excuses and pretexts, ask the recipient to disclose sensitive data, for example the number of a bank account or a personal identification number (PIN). If the unsuspecting recipient discloses this information, the perpetrators (Phishers) immediately “invade” the account and, after transferring money from that account to another, empty it.

Because the method of “phishing” is based on deceiving the victim with the aim of causing property damage, it is obvious that Phishers thereby obtain an unlawful financial benefit for themselves and/or for third parties. Since the perpetrators also have knowledge and will regarding their unlawful activity, it follows that “phishing” constitutes fraud under Article 386 of the Criminal Code, according to which “whoever, with the purpose of obtaining for himself or another an unlawful financial benefit, harms another person’s property by persuading someone to perform an act, omission or tolerance through the knowing presentation of false facts as true, or through the unlawful concealment or suppression of true facts, shall be punished by imprisonment of at least three months and, if the damage caused is particularly large, by imprisonment of at least two years”.

The technique of “pharming” is a method of deception through the internet similar to “phishing”, but clearly more dangerous. A special program exploits security gaps in the system, penetrates the victim’s computer and affects it in such a way that, even if the user types the correct address of the website he or she wishes to visit, believing that the environment is secure, that computer “leads” the user only to fake web pages. In particular, if the page is a bank website, the victim’s attempt to carry out transactions through online banking ends in the transfer of the victim’s money to the perpetrators (Pharmers).

It is clear that the increase in hours of internet use multiplies the risk of installing programs that make “pharming” possible, and this is gradually developing into one of the most serious forms of internet criminality.

The method of “pharming” is a kind of penetration through the internet without the consent of the lawful holder of the data. Consequently, since it is obvious that this method is committed with intent, it constitutes a breach of confidentiality under Article 370C § 2 of the Criminal Code, according to which “whoever obtains access to data that have been entered into a computer or into a computer peripheral memory, or are transmitted through telecommunications systems, provided that these acts were committed without right, especially by violating prohibitions or security measures taken by their lawful holder, shall be punished by imprisonment of up to three months or by a monetary penalty of at least EUR 29.00 (...)”.

In conclusion, the two methods above may be punished under the applicable provisions of the Criminal Code. To address such phenomena, it is considered necessary to take technical security measures and to raise the awareness of internet users, so that they do not easily become victims of Phishers and Pharmers.