Cyber-attacks detection and prevention

On the Internet, you can find a number of activities, or websites [1] presenting amazing prizes or offering various goods at very reasonable prices. Attackers use social engineering and rely primarily on people's trustworthiness and carelessness. The attacker's own activity can then typically take two forms.

In the first case, an attacker tries to lure sensitive data (e.g. name, surname, delivery address, e-mail, telephone number and password) typically for the purpose of registration, delivery of goods, prizes, etc. All these data are entered by a user and voluntarily. An attacker thus accesses data that he can, as in the case of phishing, use for a wide range of activities. For example, based on the password entered and other information about a user, an attacker may try to gain access to other services that a user uses. [2]

In the other, much more common case, these are activities that consist in fraudulently luring funds from a user. Cars, motorcycles, tractors, other agricultural machinery and, above all, electronics of any kind are usually offered on the Internet at a very advantageous price.

With regard to fraudulent offers on the Internet, the European Consumer Centre [3] has issued a recommendation for users, which should enable them to identify fraudulent practices:

• Enter the company information (e.g. company name, website address, e-mail) in an Internet search engine.
• Think about how the merchant presents itself. Does the website where you are going to buy something look professional? E-mail addresses on free and anonymous servers such as yahoo.com, hotmail.com, gmail.com, live.com, seznam.cz, etc. will certainly not create a credible impression. Likewise, if the website is located on a free hosting server, it is sign of unprofessionalism.
• Pay only in advance if it is a truly trustworthy merchant. You certainly won't give money on the street to a stranger with the promise that he/she will deliver the thing to you in the future. However, many users do this on the Internet. Only make a payment in advance if you are sure you are dealing with a trusted supplier. In particular, payment card details need to be protected.
• A request for payment by Western Union is particularly suspicious. For bank transfers, never send money to private accounts unless it is the account of the selling company.
• The usual signs of fraud include poor language, the requirement to pay in advance in cash or by bank transfer, other requests for payments under a fictitious pretext (customs, insurance, packaging of a larger number of pieces of the product) and so on.Remember that if an offer seems too good to be true, it probably is not real!
• Check the country's business register to seeif the company is registered. (It also happens that someone misappropriates the name of an existing company and starts a website with a similar name.
• Check the website domain. It happens that a web address is the same as the address of a real and registered company. However, there is one difference – the domain, i.e. the suffix of the Internet address, is different (e.g. not “.co.uk” for Great Britain, but “.co.cc” for the Cocos Islands).
• Find the company's headquarters on an internet server offering street photography of cities, according to the address given in the advertisements and on the company's website.
• Value your personal information. Do not share information about yourself on untrusted or unknown sites. Only provide information that is really necessary.
• Do not respond to spam. Do not respond to unsolicited e-mails, in any case do not disclose your bank account details, payment card number or, for example, login details to internet banking by e-mail. Delete junk e-mail, never open unknown attachments. [4]

All of the above features are to be considered as mere indications that may lead to the detection of fraud. An attacker can modify his actions based on the success of his own attack. In addition to these tips, it is advisable to use the warnings published on other sites, such as www.podvodnefirmy.cz etc.

Possibilities of criminal sanctions in the Czech Republic

In the Czech Republic, it is possible to punish the conduct described above under Section 209 (Fraud) of the Criminal Code. The fraud is completed by enrichment. A creation of a replica of a website and the acquisition of login names and passwords could then be qualified as a preparation or attempt of a criminal offence according to Section 209 of the Criminal Code. If an attacker attmepted (Section 21 of the Criminal Code) unauthorised access to another user’s account using the obtained access data, such conduct could also qualify under Section 230 (Unauthorised access to the computer system and information carrier) of the Criminal Code.

Possibilities of criminal sanctions in Poland

In Poland this is regulated by Art. 286 (fraud), which says that:

§ 1. Whoever, in order to gain a material profit, leads another person to a disadvantageous disposal of his own or another person's property by means of deception or exploitation of an error or incapacity to grasp an intended action, shall be subject to the penalty of deprivation of liberty for a term of between 6 months and 8 years.

Possibilities of criminal sanctions in Portugal

Again, as explained regarding phishing in general, such acts would be punishable as Computer-related forgery (Art. 3 of the Cybercrime Law), as well as Computer-related fraud (Art. 221 of the Criminal Code).