Recommendation: according to all the analyzes above, both phishing and
Spamming are violations of the digital world, which is sure to harm the user. Both violations have the same nature, that is, the activities they carry out as if they were not an offense and they use persuasion efforts in which the victims seem to agree with what they do or we can call it "Subtle Coercion". Therefore, we suggest several things that can reduce both violations and we think that, this will be able to protect users from those violations. For spamming, although this problem has been covered by the mcmc act (1998), but there are still problems that cannot be overcome by this law. Such as the lack of countermeasures for spamming which is very common in emails or sms or even all social media, there are no provisions to avoid this spamming, and even based on the official page of the MCMC, they directly say that there is really no requirement to send messages with the detailed message which makes this problem more complicated to overcome.1 Therefore, we are of the opinion that mcmc should make new provisions or clarify the provisions of article 233 (1) (b) of the MCMC act, so that spam actions can be clearly included and make it easy for users or law enforcement to identify such actions. Such as making a definition along with its general designation, examples of cca articles 3 and 4 (hacking and cracking), it will make the public or internet users in general know that this violates the provisions in the law or make an example after the definition of the violation is mentioned in the article as in the example of the dutch criminal code, there is an explanatory article at the end of the law on the law For phishing, we know that in the penal code there are provisions that can be used to anticipate, reduce and enforce justice for this violation. The most important provisions are in article 415 of the penal code, which is continued by articles 416, 418, 420 of this law. But in the penal code it is very difficult to implement and even quite vague. It becomes difficult for law enforcement to act against this kind of violation. Therefore, judging from the increase in phishing crime data in malaysia in 2008,2009 and 2010 which are increasing rapidly each year, this is only overcome by using cca.2 even in some cases, victims suffered significant losses because the cca did not serve the problem of "cheating". In this case, we believe that there is a very dangerous legal vacuum here. To overcome the above problems, the first solution we will provide in this case. Legislators should imitate the european council convention on cyber crime, especially in article 8. This has great benefits because it can reach cross-border departments, states and companies. Although malaysia is not a party to this convention, it can be used to fill the existing legal vacuum. In its application, we can see the fraud act in english3 , and in this case contained in article 2 of this law and in this act, interpretation of violations can be implied or explicit, this makes it easier for law enforcers to determine the abuses committed by the perpetrators. The second solution we can provide is to expand the explanation of the penal code which can only indicate violations originating from legal subjects "people" to "anything".4 because the problem why the violations that occur now is only covered by the cca is that in the penal code only limits the perpetrators of crimes as "people", this minimizes the interpretation of the public prosecutor or other law enforcers, because the perpetrators of these actions which often occur now are scareware or 1 “Spam Laws.“ Malaysian Communications And Multimedia Commission.” 4 july 2020, www.mcmc.gov.my/en/faqs/spam/spam-laws/spam-laws. 2 Rahman, Rizal. “Malware and The Law of Deception in Malaysia.” Malayan Law Journal Article 3, No.36 (2018), p 18 3 D Bainbridge, “Criminal Law Tackles Computer Fraud and Misuse.” 23 Computer Law & Security Report 276, 2007 4 F Kennedy et al, “Swarm Intelligence” San Francisco, Morgan Kaufmann Publishers (2001) at p 32 malware. This creates a legal loophole that can be read by cyber criminals to abuse this opportunity.