With technological advancements, scams involving phishing, smishing, spoofing, and CLI spoofing are gaining popularity. While they are not a new phenomenon, AI technologies certainly allow for increasingly faster and more effective image and voice impersonation, making impersonation easier. Furthermore, the latest tools help perpetrators tailor their manipulation techniques to specific individuals. Such activities serve a variety of purposes, from extorting personal data or stealing logins and passwords to persuading or intimidating victims into unfavorable financial transactions. The Polish Act on Combating Abuse in Electronic Communications aims to create mechanisms to limit these harmful phenomena. It aims to increase user protection against harmful activities carried out via communication technologies, such as text message fraud, data theft, and unfavorable financial transactions.
Both spoofing and phishing are methods of fraud using telecommunications and the Internet, but they differ in how they are used. Spoofing involves broadly impersonating the IP address of another device, telephone number, email address or DNS server. Everything is camouflaged in such a way that the identification of the real user or caller is impossible. The easiest to recognise is email spoofing. The content of the message sent by someone impersonating a chosen e-mail address indicates the intention of spoofing confidential information from the addressee of the message. Phone number spoofing is carried out using easily accessible websites that, for a fee, allow you to make a call from any phone number and change the voice or convert the text into a voice that the person answering the phone will hear. Detection of such spoofing is only possible after the fact, when checking the billing of the number called and impersonated. IP address and DNS server spoofing is the most difficult to detect, as it may differ only slightly from the real one. The essence of phishing is reflected in its pronunciation, which is similar to the word “fishing”. It consists in preparing a “lure” for the user, e.g. by means of a link sent in an e-mail message, SMS or via instant messenger, and then either installing malicious software on the device or phishing for login data. The fraudster may impersonate e.g. a bank, government agency, courier company or a friend of the victim. Phishing emails are usually designed to look as authentic as possible. One form of phishing is spear-phishing, which involves a targeted attack on, for example, a specific company and impersonation of a business partner.
