<![CDATA[Phishing is a type of cybercrime that continues to develop with diverse methods, aiming to manipulate victims for the perpetrators’ personal gain. Its complexity raises legal issues, particularly regarding the alignment of phishing definitions within the framework of cybercrime and the applicable legal norms in Indonesia. This study seeks to analyze the concept of phishing from a cybercrime perspective and to evaluate the extent to which Indonesian legal norms—particularly the Electronic Information and Transactions Law (UU ITE)—accommodate phishing practices. It also examines the effectiveness of existing regulations, including the Criminal Code (KUHP), the Personal Data Protection Law (UU PDP), and sectoral regulations issued by the Financial Services Authority (OJK), the Ministry of Communication and Information Technology (Kominfo), and Bank Indonesia (BI). The research method employed is a literature study, drawing on primary legal sources such as legislation, secondary sources such as scholarly works, and court rulings, including Decision No. 28/Pid.Sus/2021/PN Semapura. The findings indicate that the regulation of phishing in Indonesia is still fragmented and lacks comprehensiveness. Provisions in the ITE Law, such as Article 28(1), are often used to prosecute offenders but do not adequately cover the full scope of modern phishing practices. Similarly, the KUHP, PDP Law, and sectoral regulations focus more on system and consumer protection but do not provide clear legal certainty in addressing phishing. Therefore, regulatory reform—particularly amendments to the ITE Law—is necessary to explicitly and comprehensively regulate phishing in order to ensure legal certainty and stronger protection for society.]]>
Copyrights © 2026
