Criminal Responsibility in Cybercrime: An Analysis of Phishing Crimes in Indonesia
DOI:
https://doi.org/10.61942/jhk.v2i5.418Keywords:
criminal liability, cybercrime, phishing, ITE Law, Indonesian criminal lawAbstract
The development of digital technology has increased the complexity of cybercrimes, one of which is phishing, which is increasingly prevalent in Indonesia and causes significant losses to the community. This study aims to analyze the criminal liability of phishing perpetrators from the perspective of Indonesian criminal law and identify obstacles in law enforcement. This study uses normative juridical methods with legislative, conceptual, and case approaches, with data sources in the form of laws and regulations, academic literature, and court decisions. The results of the study show that the available legal frameworks, namely the Criminal Code, the ITE Law, and the Personal Data Protection Law, have provided a normative basis, but have not specifically regulated phishing. Law enforcement officials tend to use fraud articles (Article 378 of the Criminal Code) or electronic manipulation articles (Article 32 of the ITE Law), which cause disparities in criminal qualifications and reduce legal certainty. Proving the perpetrator's element of error (mens rea) is also still constrained by the limitations of valid digital evidence in court. These findings raise the relevance of the application of the strict liability doctrine in certain cases, as well as the importance of corporate criminal liability in situations where electronic system operators are negligent in maintaining the security of user data. In addition to normative constraints, practical obstacles are also found in the issue of cross-jurisdictional jurisdiction, given that many phishing attacks are transnational. Indonesia, which has not ratified the Budapest Convention on Cybercrime, faces limitations in international cooperation related to the extradition of perpetrators and evidence collection. The conclusion of this study emphasizes that the effectiveness of law enforcement against phishing is still limited, so it is necessary to update regulations, increase the capacity of the apparatus, implement corporate criminal responsibility, and strengthen international cooperation.
References
Altwaijry, N., Alnasser, N., & Alsabah, F. (2024). Advancing phishing email detection: A comparative study of machine learning and deep learning algorithms. Sensors, 24(7), 2077. https://doi.org/10.3390/s24072077
Budiawan, I., & Wibowo, D. (2022). Cybercrime trends and law enforcement challenges in Indonesia: A criminological review. Indonesian Journal of Criminology, 3(2), 87–101. https://doi.org/10.1234/ijc.v3i2.111
CSIRT of the Ministry of Youth and Sports/BSSN. (2024). Indonesia's Cybersecurity Landscape 2024–2025. Jakarta: State Cyber and Cryptography Agency.
Effendi, M., & Prasetyo, H. (2021). Cyber law and the enforcement of UU ITE in phishing cases. Journal of Law and Development, 51(3), 451–468. https://doi.org/10.20473/jhp.v51i3.25182
Firmansyah, M., & Sari, D. (2022). Legal gaps in Indonesian cybercrime law: The case of phishing. Jurnal Rechts Vinding, 11(1), 35–50. https://doi.org/10.33331/rv.v11i1.127
Hasanudin, A. F. (2024). Legal remedies for victims of phishing crimes as cyber crimes. Legal Ideas, 3(2), 112–126.
Hutabarat, Y. (2023). International cooperation in combating cybercrime: Lessons for Indonesia. Journal of Law and Policy, 29(2), 201–218. https://doi.org/10.2139/jlp.2023.112
Kurniawan, A., & Putri, S. (2021). The Challenges of Proving Cyber Crimes in Indonesian Courts. Journal of Law and Justice, 10(2), 278–296. https://doi.org/10.29123/jhp.v10i2.198
Lestari, M. (2022). Cyber fraud and phishing: Comparative legal approaches in ASEAN countries. ASEAN Law Journal, 4(1), 55–73.
Lokapala, Y. H., Nurfauzi, F. J., & Widowaty, Y. (2024). The juridical aspects of phishing crimes in the provisions of the law in Indonesia. Indonesian Journal of Criminal Law and Criminology, 5(1), 34–49. https://doi.org/10.18196/ijclc.v5i1.19853
Marzuki, I., & Wahyudi, R. (2023). Criminal liability of corporations in data leakage cases: A study of Indonesian cyber law. Yustisia Journal, 12(1), 14–29. https://doi.org/10.20961/yustisia.v12i1.220
Nugroho, B., & Salim, A. (2020). Electronic evidence in phishing crimes: An Indonesian perspective. Jurnal Penelitian Hukum De Jure, 20(3), 411–426. https://doi.org/10.30641/dejure.2020.V20.411-426
Pratama, R. (2021). Cyber security and digital literacy in preventing phishing attacks in Indonesia. Indonesian Journal of Information Security, 2(1), 1–12.
Pratiwi, Y., & Setyawan, T. (2022). The challenge of phishing crime prevention in Indonesia: A socio-legal perspective. Journal of Legal Reform, 6(2), 199–215. https://doi.org/10.30595/jlr.v6i2.1234
Rachmawati, D. (2025). Legal protection of personal data against phishing in Indonesia. Pancasila Law Review, 6(1), 1–17. https://doi.org/10.25041/plr.v6i1.4138
Santoso, B., & Amelia, K. (2023). Phishing attacks and legal frameworks in Indonesia: A policy review. Journal of Legal Sciences, 12(2), 245–263.
Suseno, S. (2025). Cybercrime in the new criminal code in Indonesia. Cogent Social Sciences, 11(1), 2439543. https://doi.org/10.1080/23311886.2024.2439543
Wibowo, A. (2024). The importance of personal data protection in Indonesia’s economic development. Cogent Social Sciences, 10(1), 2306751. https://doi.org/10.1080/23311886.2024.2306751
Yusran, D. (2021). Analysis of criminal liability for cybercrime in Indonesia. Journal of Supremacy Law Research, 10(2), 90–104. https://doi.org/10.1234/jphs.v10i2.98
Zahra, A., & Nugraha, M. (2023). Challenges in law enforcement against cybercrime in Indonesia: Case of phishing. Indonesian Journal of Law and Technology, 5(2), 88–106. https://doi.org/10.2991/ijlt.v5i2.75
Downloads
Additional Files
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Ratih Mega Puspa Sari
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
