Single Blog Title

This is a single blog caption

Fraud Crime Through Phishing

1. Introduction

In today's world, with the development of information technologies, the methods of committing crimes have also become digitized, and classic types of crimes are being committed using new techniques. Fraud, in particular, is one area where technology can be used as a tool, and in this context "phishing" have become one of the new threats to criminal law.

Phishing is a cybercrime method carried out by using fake websites, emails, messages, or applications to deceive individuals into providing their personal information (bank passwords, identity numbers, credit card information, etc.). This article will examine phishing from a criminal law perspective, discussing the elements of the crime, judicial practice, and victim rights in detail.


2. What is Phishing?

Phishing, derived from the English word "fishing," refers to "information hunting" through false statements in a digital environment. The crime's core principle is to trick the victim into sharing their private data through misleading content, without their knowledge, in order to gain financial profit from that information.

2.1. Common Methods in Phishing Crimes:

  • Creating fake bank/government institution websites

  • Sending a "log in to your account" alert via email or SMS

  • Sharing a fake customer service number via WhatsApp/Instagram

  • Messages containing the shipping company's name and the message "Please pay the shipping fee"

Through these methods, the victim conducts transactions believing they are interacting with a real person or institution, and transmits their data to malicious individuals.


3. Evaluation from the Perspective of Criminal Law

3.1. Turkish Penal Code Article 158/1-f: Qualified Fraud

Article 158/1-f of the Turkish Penal Code defines fraud committed "by using information systems, banks or credit institutions as tools" as aggravated fraud

Since acts committed through phishing involve deceiving the victim into providing data, and the perpetrator then uses this data to gain an advantage, they are evaluated under this article.

Punishment:

Imprisonment from 4 to 10 years,
judicial fine of up to 5,000 days.

3.2. Turkish Penal Code Article 244: Unauthorized Access to an Information System

If the perpetrator gains access to the victim's email or bank account without their consent, this also constitutes the crime of unlawful access to an information system

Punishment:

Imprisonment for 1 to 5 years (increased if damage has occurred)


4. Elements of the Crime

4.1. Fail

Any natural person can be the perpetrator. Technical knowledge is not required to commit the crime; it can be committed using readily available software or guides. The crime can be committed individually or as part of an organized group.

4.2. Victim

They are usually ordinary internet users. However, bank employees, public officials, or small businesses can also be targets. "Against whom the crime was committed" is important in determining criminal liability.

4.3. Verb

The perpetrator a deceptive act . This doesn't just involve creating a fake website; it also requires guiding the victim and persuading them to share information .

4.4. Conclusion

For the crime to be complete, it is sufficient for the perpetrator to gain an advantage as a result of deceiving the victim . A direct money transfer is not always necessary; the sale or use of personal data for other purposes is also sufficient.


5. Supreme Court Decisions

Supreme Court of Appeals, 15th Criminal Chamber, May 20, 2021, Case No. 2017/37851, Decision No. 2021/5508.

COURT: High Criminal Court
CRIME: Aggravated Fraud
VERDICT: Conviction pursuant to Articles 158/1-f-last, 62, 52/2 and 53/1-2-3 of the Turkish Penal Code.
The judgment regarding the defendant's conviction for aggravated fraud was appealed by the defendant, and the file was examined and the necessary considerations were made; It was understood that
the defendant advertised on the internet to obtain a loan, the complainant, upon seeing this advertisement, contacted the defendant through social media, the defendant stated that a commission of 500 TL was required to obtain a 5,000 TL loan, whereupon the complainant deposited 500 TL into the defendant's postal check account, and later could not reach the defendant when trying to contact him; therefore, the court's acceptance and application of the finding that the act constitutes the crime of fraud by using information systems as a tool, as regulated in Article 158/1-f of the Turkish Penal Code, is not found to be incorrect. 

the trial proceedings, the evidence gathered and presented at the decision-making stage, the court's conclusions and assessments in accordance with the prosecution's findings, and the scope of the examined file, the defendant's appeals regarding the application of favorable provisions are rejected, and the judgmentis AFFIRMED unanimously on May 20, 2021.

6. Problems Encountered in Practice

6.1. Difficulty in Identifying the Perpetrator

  • The perpetrator often uses VPNs, TOR, foreign servers, or fake email services.

  • Linking an IP address to the perpetrator is technically difficult and time-consuming.

6.2. Difficulty in Obtaining Evidence

  • Fake websites are created and deleted very quickly.

  • Bank or social media records are generally located abroad.

  • Failure to collect digital evidence in a timely manner hinders criminal proceedings.

6.3. Committing the Crime Within an Organized Structure

Phishing attacks are often carried out by international organizations. The perpetrator is in one country, the server is in another, and the victim is in yet another. This jurisdictional and legal issues .


7. Victim's Rights and Remedies

7.1. Criminal Complaint

The victim can file a criminal complaint directly with the prosecutor's office. According to Article 158 of the Code of Criminal Procedure, these crimes to investigation ex officio .

7.2. Material and Non-Material Compensation

In addition to the Turkish Penal Code, the victim can also claim compensation for their material damages through a civil court lawsuit under the Code of Obligations

7.3. Credit Card Disputes

If the perpetrator used the card with the information they obtained, the victim can apply to the Banking Regulation and Supervision Agency (BDDK) and the bank's head office to request the cancellation of the transaction and the removal of payment liability


8. Solutions and Preventive Measures

  1. A specific definition of "phishing" should be added to the Turkish Penal Code.

  2. A dedicated tracking system (CERT, USOM) should be established for phishing attacks.

  3. The public should be informed: Citizens should be warned about fake links, the differences between domain extensions, and communication protocols with banks.

  4. Internet service providers should be obligated to detect and respond to calls in real time .

  5. The mechanisms for determining ownership and confiscation in cases of fraud involving crypto assets need to be clarified.


9. Conclusion and Evaluation

Phishing is one of the most common and effective fraud methods among digital crimes today. This type of crime directly threatens individuals' economic freedom, personal data, and information security.

Although the general and specific regulations regarding fraud in the Turkish Penal Code have been expanded to cover these crimes, for lawmakers and implementers to adopt a more proactive approach .

Supreme Court rulings clearly demonstrate that this crime falls under the category of "aggravated fraud," however, due to problems with evidence in practice, numerous cases are dismissed during the prosecution phase due to insufficient evidence.

Therefore, digital evidence collection, international cooperation, and cybersecurity policies have become urgent necessities to ensure both faster justice for victims and impunity for perpetrators.

Leave a Reply

Call Now Button