The article was written by Dr. iur. Dr. rer. pol. Fabian Teichmann in collaboration with Marie-Christin Falker and published in the 2021 Financier Worldwide Magazine. Digitalization is permeating society as never before, not least due to the COVID-19 pandemic, which resulted in a shift of most economic and social interactions to the Internet. Even before the pandemic, digitization was influencing the lives of many as part of the so-called fourth industrial revolution. Not only does most communication take place online via social media and other applications, but online commerce and e-banking are also flourishing. However, with the many opportunities of digitalization also comes a multitude of risks and opportunities for fraudulent behavior. In general, cybercrime can be divided into two categories: Crimes against infrastructure, which include hacking, sharing malware and viruses, and crimes via the Internet, such as phishing. The term phishing describes computer techniques used by fraudsters to obtain data through the unwitting cooperation of their victims. It is derived from the words "password," "harvest," and "fishing" (phishing) and refers to techniques used to obtain personal information, usually related to banking transactions, in order to commit property crimes or identity theft. Because the sophistication of these techniques puts victims' assets at risk, the problem requires an appropriate response in criminal law. The first peak of phishing occurred in 2003, when criminals used techniques such as social engineering to get victims to cooperate. The victim received an email or text message from the perpetrator, who often used a spoofed or imitation return address (known as email spoofing). The message usually contained a request to renew personal information for security reasons and a link to an impersonated website where the personal information should be provided. Another possibility would be that a real website was hacked to host phishing pages, which is known as cybersquatting. Phishing techniques that require the victim's active cooperation can be mainly divided into two types: Vishing, which uses voice-over-IP technology (e.g., via phone calls) to trick someone into revealing their personal, financial or password information, and spear phishing, which targets a specific user by using a highly personalized message. Potential victims could be a company's employees in what is known as CEO fraud. Over time, phishing techniques have evolved. Today, criminals use techniques that allow them to directly access the victim's computer by using malware. This type of phishing is called "man-in-the-middle." The installed malware allows the perpetrator to take control of the victim's computer.
The author of the text is Fabian Teichmann, a lawyer in Switzerland and a notary in St. Gallen. He also practices as a European lawyer in Liechtenstein. In addition to his legal practice, he is a lecturer at various universities in Switzerland and abroad.
For more on this topic, see Teichmann, F. & Falker, M-C. (2021). The Risks of Digitalization in the Context of Cybersecurity - Phishing. Financier Worldwide Magazine.