Criminal Analysis of Phishing in Iran's Legal System

Phishing is a cyberscam progressively committed by hackers in social media to fraudulently deceive victims into revealing their sensitive information. The hackers involved in phishing are called phishers, as they emulate fishing by alluring users and waiting for them to be betrayed for revealing their data intended in cyberattacks. Overall, phishing manifests into sending fake links via text messages under the title of judicial notifications, stock dividends, fake bank payment portals, and fake emails, among others. By these means, the phisher betrays the user to unwittingly reveal their critical data such as credit card information, passwords, and so forth, thereby pocketing from the victim's account. Importantly, phishing is not specifically criminalized in Iran’s criminal laws. The Iranian criminal system protects the rights of both victims and society based on the phisher’s action(s) and follows the Law of Computer Crimes to punish the phisher for being accused of illegal access, computer fraud, and computer theft. The measures taken so far to fight phishing include enhancing public awareness and compelling the user to use one-time passwords (PINs). However, this crime can be stringently prohibited by taking further actions such as criminalizing phishing as a defined crime deserving deterrent penalties, hiring cyberspace experts to propose solutions for diminishing cybercrimes (particularly phishing), strict control by the Iranian Cyber Police (FATA), preventive measures to protect vulnerable users, and so forth.