User Tools

Site Tools


legal_aspects_of_phishing_spoofing_etc

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
legal_aspects_of_phishing_spoofing_etc [2018/12/17 14:23]
lucy
legal_aspects_of_phishing_spoofing_etc [2019/03/06 13:15] (current)
lucy
Line 6: Line 6:
 ===== What is a copyright? ===== ===== What is a copyright? =====
    
-From the legal point of view, Copyright in Web is often considered as the grey area. But in the English law everything created privately ​ is copyrighted “automatically”. Explicit copyright is not necessary. The default you should assume for other people’s works is that they are copyrighted and may not be copied unless you know otherwise. Example: you are contracted to test the company "​example"​. In that case you can copy their webpage www.example.com for a phishing simulation.+From the legal point of view, Copyright in Web is often considered as the grey area. But in the English law everything created privately is copyrighted “automatically”. Explicit copyright is not necessary. The default you should assume for other people’s works is that they are copyrighted and may not be copied unless you know otherwise. Example: you are contracted to test the company "​example"​. In that caseyou can copy their webpage www.example.com for a phishing simulation.
  
-In English law, permissions to use copyright works (also known as licences) do NOT need to be in writing. For instance, when you make a website available to the world, you grant an implied ​licence ​to internet users to copy that website for the purpose of viewing it on a web browser. Therefore we recommend using the website cloner and logo's only from your own corporate site.+In English law, permissions to use copyright works (also known as licenses) do NOT need to be in writing. For instance, when you make a website available to the world, you grant an implied ​license ​to internet users to copy that website for the purpose of viewing it on a web browser. Therefore we recommend using the website cloner and logo's only from your own corporate site.
  
  
Line 15: Line 15:
 When our customers incorporate another company’s logo in a simulated phishing email, that logo is not used in a way that confuses customers into believing that their goods or services originate with, are related to, or are sponsored by the company whose logo is displayed. ​ As the customers are actually not branding goods or services with anyone else’s logo; rather they are engaged in security awareness training. ​ Potential confusion is mitigated by a corrective landing page and/or instructional video that launches at the conclusion of a simulated phishing attack, advising users to be more wary of phishing scams.  ​ When our customers incorporate another company’s logo in a simulated phishing email, that logo is not used in a way that confuses customers into believing that their goods or services originate with, are related to, or are sponsored by the company whose logo is displayed. ​ As the customers are actually not branding goods or services with anyone else’s logo; rather they are engaged in security awareness training. ​ Potential confusion is mitigated by a corrective landing page and/or instructional video that launches at the conclusion of a simulated phishing attack, advising users to be more wary of phishing scams.  ​
  
-So as long as the clients ​ are reinforcing,​ that any third party logo is for illustrative or instructional purposes only and there is no affiliation or relationship between the mark owner and LUCY or LUCY's customer, there is no legal issue. But customers should not omit this important information when customizing landing pages. So from a copyright perspective,​ incorporating a third party logo in a simulated phishing email serves an entirely new, transformative purpose, and as such, constitutes ​fair use. The logo is employed in a different manner (unrelated to the offering or sale of goods or services) and for a different purpose (aimed at security awareness and educating the public about how to avoid phishing scams). This transformative use does not undermine the copyright holder or any market that the copyright holder would reasonably exploit.+So as long as the clients are reinforcing,​ that any third party logo is for illustrative or instructional purposes only and there is no affiliation or relationship between the mark owner and LUCY or LUCY's customer, there is no legal issue. But customers should not omit this important information when customizing landing pages. So from a copyright perspective,​ incorporating a third party logo in a simulated phishing email serves an entirely new, transformative purpose, and as such, constitutes fair use. The logo is employed in a different manner (unrelated to the offering or sale of goods or services) and for a different purpose (aimed at security awareness and educating the public about how to avoid phishing scams). This transformative use does not undermine the copyright holder or any market that the copyright holder would reasonably exploit.
  
 ===== Example legal disclaimer ===== ===== Example legal disclaimer =====
Line 26: Line 26:
 ===== Is impersonating an email even allowed? ===== ===== Is impersonating an email even allowed? =====
  
-If you are hired to test another company you should have the proper writen ​contract in place. When testing your own company mail spoofing is allowed in most countries. Spoofing (mail or SMS) is only illegal in cases where it’s used to commit fraud or otherwise perpetrate a crime.+If you are hired to test another company you should have the properly written ​contract in place. When testing your own company mail spoofing is allowed in most countries. Spoofing (mail or SMS) is only illegal in cases where it’s used to commit fraud or otherwise perpetrate a crime.
  
 ===== Is SMS spoofing legal? ===== ===== Is SMS spoofing legal? =====
legal_aspects_of_phishing_spoofing_etc.txt · Last modified: 2019/03/06 13:15 by lucy