Monday, March 12, 2012

Class 4 - Spam, crime and phishing

Next week we will be looking at spam, crime and phishing.

Please look at the relevant chapters of the textbook (chapter 11 and part of chapter 3) as well as the following materials.


Spam

Australian law - Spam Act 2003 (Cth)
US law - CAN-SPAM Act
EU directive - Directive on privacy and electronic communications (Article 13)
Australian Communications and Media Authority (ACMA)
Internet industry Spam Code of Practice

How effective are these laws?

Crime
Australian law - Criminal Code 1995 (Cth)Criminal Code 1899 (Qld)
Scale of cybercrime - Symantec report
Australian Federal Police
Lulzsec
Cost - here and here

Is cybercrime underreported? Australian Institute of Criminology

Phishing
Australian government - Scamwatch
Anti Phishing Working Group
Domain-based Message Authentication, Reporting & Conformance

What is the best way to respond to phishing - raising awareness, enacting legislation or cutting off scam emails before they arrive?

5 comments:

Victor said...

Some of you may have already heard about this case but in any event it is quite interesting and amusing.

The first link describes the facts of the case and the second the actual court decision.

http://www.news.com.au/business/aussie-woman-scammed-nigerians-court/story-e6frfm1i-1226279659427

http://www.couriermail.com.au/news/queensland/young-mum-sarah-jane-cochrane-ramsey-who-double-crossed-nigerian-scammers-in-online-car-sales-fraud-is-jailed-then-released-on-parole/story-e6freoof-1226300197154

Victor said...

I found this article on the Cybercrime Legislation Amendment Bill 2011 I thought would be interesting to share. (The full text of the bill can be found at www.comlaw.gov.au/Details/C2011B00116)

Victor said...
This comment has been removed by the author.
Victor said...

I am unable to post the full article on the blog. It can be found on Case Base. the Title is "New Bill changing how cybercrime is regulated in Australia" by Dudley Kneller MIDDLETONS

Victor said...

In response to the question, I would say that increasing the awareness of phishing would be the best alternative. If one is aware of the dangers associated with disclosing personal information requested from an entity by e-mail he/she would most likely either refrain from doing so or undertake some research on the actual authenticity of such entity.

Cutting off scam emails before they arrive my result in the loss of important non spam messages wrongly interpreted as being spam.