臺灣地區網路釣魚之防研究

 

A Study on Prevention and Investigation of Phishing in Taiwan

 

劉心玫

中市政府警察局資訊室

中市40708西屯區文心路二段588

r77719@tcpb.gov.tw

 

廖有祿

中央警察大學刑事警察學系

桃園市33304龜山區大崗里樹人路56

ylliaw@mail.cpu.edu.tw

 

摘要

網際網路與通訊科技的發達,加上智慧型手機的普及,人與人之間的溝通交流已不再受空間的侷限。正因通訊便利,使得以欺騙人類為主的釣魚網址透過網際網路通訊工具更加氾濫,讓使用者陷於錯誤而向加害者交付自己的機敏資料做為犯罪使用,本文針對臺灣地區網路釣魚犯罪進行研究,以期提供未來防相關案件時做為參考。本研究案例研究與深度訪談的質性分析方法,透過蒐集臺灣警方偵辦過的網路釣魚案件並對有經驗之偵查人員進行訪談,彙整出網路釣魚案例的釣餌類型、散布手法,並進而歸納出網路釣魚犯罪可分為偽冒機構網站、建立虛假網站以及散布惡意程式連結等三種型態;亦從訪談偵查人員分析了解實務上網路釣魚案件偵辦現況,以及此類案件共同遇到的偵查困難為境外來源與受害事證無法串聯;另針對網路釣魚犯罪偵查與防制等二方面提出有效對策與建議。

 

關鍵詞: 網路釣魚、釣魚網站、社交工程。

 

Abstract

Communication between people is no longer subject to the limitations of space with the popularity of Internet, communication technology, and smart phones. Because of convenient communication facilities, the increasing spread of phishing website based on deceiving human is more flooded through Internet communication tools. That makes users carelessly give away confidential personal information to perpetrators as another crime. The study focused on phishing crime in Taiwan and the purpose was to provide a reference to investigate and prevent such crimes in the future. The survey used qualitative analysis with case studies and in-depth interviews. The data that phishing case investigated by Taiwan police was collected and experienced detectives were interviewed. The phishing bait and spread technique was founded and further generalized to three phishing types: disguising agency website, setting up fake websites and spreading malware linkage. It was also acknowledged that the difficulties with investigation of phishing crime were cross-border link sources and unlinked victim evidences. The study findings may serves as effective countermeasures and recommendations in investigation and prevention on cyber phishing.

 

Keywords: cyber phishing, phishing website, social engineering