Phishing, Vishing, Deepfakes…, methods for hackers to attack their prey progress quantitatively and qualitatively, which represents an issue for the people in charge of the protection of citizens in that domain, overall in laws.
Here’s an article from the Hellenic Police that give an interesting and detailed perception of it.
The Evolution of Online Identity Theft: From Phishing to Deepfakes and Legal Responses
Online identity theft (OIDT) has evolved significantly in recent years,
with criminal methods becoming more complex. What began with phishing
attacks has grown into more sophisticated tactics, including the rise of
deepfakes. This article explores how identity theft methods have changed
over time and the legal responses to these emerging threats.
Phishing and Its Expansion
Phishing, which emerged in the 1990s, involves deceiving users through
fake emails, messages, or websites that appear to be from trusted
institutions like banks or government agencies. Despite increased
awareness and the use of spam filters, phishing remains one of the most
common and dangerous data theft techniques due to the continuous
evolution of attack methods by cybercriminals.
From Phishing to Malware and Social Engineering
As phishing attacks became widespread, cybercriminals began using more
advanced tools, such as malware (e.g., keyloggers and spyware), while
social engineering techniques like spear phishing now target specific
individuals or organizations. The internet and social media provide
perpetrators with rich material to customize their attacks.
The Rise of Deepfakes
The most concerning development is the rise of deepfakes—technology that
uses artificial intelligence to create hyper-realistic fake videos,
images, and audio recordings. Cybercriminals can use deepfakes to create
fake identities or impersonate individuals for fraudulent purposes,
blackmail, or defamation, making traditional identity verification
methods like facial recognition or voice authentication unreliable.
Legal Responses to Identity Theft
Legal approaches to identity theft have evolved over time:
1. Data Protection Laws: The EU’s General Data Protection Regulation
(GDPR) and similar laws in other countries, such as the California
Consumer Privacy Act (CCPA), grant citizens more rights over their
personal data and impose stricter obligations on businesses to protect
it.
2. Anti-Phishing Laws: The EU Cybersecurity Act and the NIS2 Directive focus on improving cybersecurity measures across the European Union, which indirectly helps in combating phishing by enhancing overall cybersecurity resilience and cooperation among member states. Additionally, international agreements like the Budapest Convention on Cybercrime strengthen cross-border cooperation.
3. Deepfake Legislation: Addressing deepfakes is more challenging due
to the rapid pace of technological advancements and the difficulty of
detecting them. The EU AI Act aims to regulate the use of artificial intelligence, including deepfakes, to ensure transparency and accountability.
Conclusion
Online identity theft continues to evolve, with deepfakes emerging as
the next major threat. Legal responses are attempting to adapt to new
technologies and threats, but the rapid development of the internet
makes full protection difficult. Cooperation between governments, tech
companies, and users remains critical in effectively addressing these
risks.
Hellenic Police