Phishing Berbasis AI sebagai Serangan Social Engineering: Ancaman Baru di Dunia Keamanan Siber

Abstract

AI-based phishing is a relatively new digital crime in the dangerous and difficult-to-recognize cyber world that utilizes artificial intelligence (AI) as its attack. Phishing is also part of a social engineering attack that has a mode of manipulating victims. The existence of phishing has been regulated in the Criminal Code, the ITE Law, and the PDP Law, although the regulations are still complex and not specific. This study uses a normative legal method with a legislative approach, case studies, and accompanied by literature studies. The results of the analysis show that AI-based phishing is able to imitate human communication realistically by utilizing machine learning and natural language processing and the psychological weaknesses of the victim. Although phishing already has regulations, these regulations still do not explicitly regulate phishing as a criminal act. The Criminal Code is still general in nature, while the ITE Law and the PDP Law only regulate it implicitly. Therefore, criminal law reform is needed through revision of relevant articles, strengthening digital literacy in society, and expanding international cooperation, as well as adaptive legal policy arrangements.