Spoofing and phishing in Polish law – current regulations and proposed changes

What is spoofing and phishing?

Both spoofing and phishing are methods of fraud using telecommunications and the Internet, but they differ in how they are used. Spoofing involves broadly impersonating the IP address of another device, telephone number, email address or DNS server. Everything is camouflaged in such a way that the identification of the real user or caller is impossible. The easiest to recognise is email spoofing. The content of the message sent by someone impersonating a chosen e-mail address indicates the intention of spoofing confidential information from the addressee of the message. Phone number spoofing is carried out using easily accessible websites that, for a fee, allow you to make a call from any phone number and change the voice or convert the text into a voice that the person answering the phone will hear. Detection of such spoofing is only possible after the fact, when checking the billing of the number called and impersonated. IP address and DNS server spoofing is the most difficult to detect, as it may differ only slightly from the real one. The essence of phishing is reflected in its pronunciation, which is similar to the word “fishing”. It consists in preparing a “lure” for the user, e.g. by means of a link sent in an e-mail message, SMS or via instant messenger, and then either installing malicious software on the device or phishing for login data. The fraudster may impersonate e.g. a bank, government agency, courier company or a friend of the victim. Phishing emails are usually designed to look as authentic as possible. One form of phishing is spear-phishing, which involves a targeted attack on, for example, a specific company and impersonation of a business partner.

Polish legal regulations on spoofing and phishing