This article written by Gaurav Raj Grover, a fifth year law student at Lloyd Law College, Greater Noida. This article discusses about the growth in Identity Theft in India.
Identity theft has become a global issue. It is an area of major concern. Identity theft is termed as a crime of the new millennium. However, the fact prevails that due to the revolution in Information Technology there are certain outcomes that have led to a positive growth while others have become a matter of serious concern and identity theft is one of them.
Is Identity theft escalating to alarming threats? How is it detrimental to society at large? How can it be dealt with? The issue invokes related questions that need to be addressed.
What is Identity theft?
Identity theft also known as identity fraud is a crime in which the accused obtains the key pieces of personally identifiable information. Identity theft refers to the fraudulent use of someone’s name and personal information in order to obtain credit, loans, etc. Identity theft is using someone else’s identity intentionally to gain a financial advantage or any other benefit in the person’s name. It is when thieves steal your personal information to gain access to your bank account or use the information for committing fraud or a crime.
Identity theft Statistics
According to the research conducted by experts:
- 50 percent of businesses surveyed in Asia-Pacific has seen an increase in fraud losses over the past 12 months from account origination and account takeovers – both potentially damaging to brand reputation.
- Fraud losses were particularly prominent in India at a reported 65 percent.
- In India, 87 percent of the businesses expressed heightened concern about the potentially damaging impact of fraud on their businesses.
- 71 percent of the people in India say that security is their number one priority during their online experience, followed by convenience and personalization, at 15 percent and 14 percent.
- 64 percent of the consumers in India have complete confidence in the ability of the businesses that they protect them and they use the most up to date security measures.
- Identity theft contributes to 28 percent of overall frauds in India
- The fraud rates are highest for credit cards whereas two-wheelers have the lowest fraud rates.
- Delhi and West Bengal have the highest fraud rates followed by Punjab, Uttar Pradesh, and Haryana.
Types of Identity theft
Criminal Identity theft
Criminal Identity theft occurs when someone who has been arrested for committing a crime presents himself as another person, by using that person’s details and information. This results in the filing of criminal record against the victim who may have no idea about the crime committed or may not learn about the crime until it’s too late or when the court summons.
It must be difficult for the victim to clear their records as the jurisdiction for every crime is different and it will be very hard to find the true identity of the criminal. might need to find the police officers and they will identify the victim and the Court after an investigation will clear the charges.
Financial Identity theft
Financial Identity theft refers to the taking over of the victim’s account by the criminal by stealing his personal information. Thus, financial identity theft is the outcome of Identity theft. The ultimate goal of the criminals is to obtain the credit card in the name of the victim or to withdraw the amount from the victim’s account.
This includes taking a loan on the victim’s name, writing the cheques on the victim’s name or transferring money from the victim’s account. Also, using goods and services by claiming to be someone else come into financial identity theft.
Synthetic Identity theft
Synthetic Identity theft is the most common identity theft in which original identities are completely or partly forged. It is committed by the criminals by combining the fake credentials and the legitimate personal information of the victim in order to create a fake document. This false document can be used by the criminal to apply for a loan, obtain a duplicate license, apply for credit, etc.
This majorly harms the creditors who granted credit to the fraud. Victims are minorly affected if their names are confused with the synthetic identity or negative ratings can affect their credit score.
Identity cloning and concealment
Identity cloning and concealment are committed when someone uses the identity of someone else in order to conceal his identity. It is mostly used by immigrants. A person may apply for the visa by using false information and thus, concealing the identity. Terrorists use Identity cloning to impersonate someone else.
Thus, instead of using someone else’s identity for financial gains or committing crimes, it is used by the person the criminal to live the life of the person whose information is obtained.
Medical Identity theft
Medical Identity theft occurs when the criminal uses the information of someone else to get prescription drugs, see the doctor or claim the insurance benefit. The result is, the medical records of the criminal are added to the victim’s record. Thus, this has serious consequences on the medical records of the victim.
Child Identity theft
The theft in which a child’s identity is used by another person for illegal gain is known as child identity theft. The imposter can be anyone, an unknown, a friend or even a family member who targets children.
How does identity theft happen
There are various methods by which the thieves steal an identity. Some of them are as discussed below.
Phishing refers to the gathering of personal information by sending deceptive emails to the recipient. The recipient is made to believe that the email is sent by some authorized source or is the one that is needed by the recipient. For Example, a bank or a company in which the recipient works.
‘Smishing’ and ‘Vishing’
‘Smishing’ and ‘Vishing’ are two hybrid versions of ‘Phishing’.
Smishing: In Smishing, the cybercriminals use text messages to gain the personal information of the victims. Cybercriminals often use social engineering techniques to attract victims to obtain sensitive information. Those cyber criminals usually direct the victims to move on to a link or to either make a telephone call on a particular number. They request an instant action to avoid damage or take advantage of the offer and this finally leads to the stealing of the information.
Vishing: Vishing is the combination of two words “Voice” and “Phishing”. In Vishing the cybercriminals use Voice over Internet Protocol (VOIP) or make phone calls to extract the information. Vishers often create fake Caller ID or profiles so that they may seem legitimate.
Pharming refers to the scamming practice in which the cybercriminal installs a malicious code on the personal computer or server, misdirecting users to a fraudulent website without their consent or knowledge. Pharming disguises fake, fraud, data grabbing websites as legitimate and trusted ones.
Credit Card Skimming
The victims of credit card skimming find fraudulent withdrawal of money and charges on their account. It is surprising to note that all this happens while the victim is in possession of the credit card.
It is a type of credit card theft where crooks often use a small device to steal the credit card information which includes credit card number, the expiry date of the card, full name of the cardholder, etc. The information is stolen with the help of a small device called a “skimmer”, when a person swipes his credit card on the skimmer then all his data which was stored in the card’s magnetic strip is captured by the skimmer. Thieves use this information to make fraudulent transactions and to withdraw the money.
Once the information is stolen, the thief can make a cloned credit card to make n number of transactions. Victims of credit card skimming are often unaware of the theft. Thieves can also place a hidden camera to steal the PIN of the ATM card.
Cybercriminals often hack the computer of the victim and then control the activities of the victim. Hacking refers to the authorized access to someone’s computer.
Malicious software or malware refers to any program or software that is designed to harm the computer of the victim.
Malicious software is installed on the victim’s computer without his consent or knowledge. The user is directed to move on to a malicious site by clicking on a malicious link. Malicious software is often installed on the victim’s computer when he tries to download the movie for free or downloads online games for free from an unauthorized website. These websites often steal the information of the victim by gaining access to the victim’s computer.
A user should always ensure that the website is secure before making any transactions. An unsecured website may lead to the stealing of personal information of the user. A user should ensure that the website is “https” and not “http”, “s” means the website is secure. This will reduce the chances that the user ID and password will be compromised.
People often use weak passwords for their social media accounts and ATMs PIN. It becomes easier for hackers to break such passwords and steal the information of the victim. Thus, it is always advisable to use a longer password a combination of alphabets, numbers and special characters. It is also advised to not share passwords with others.
By targeting children online
Children can easily share their passwords without realizing its consequences. Therefore, the parents must remain vigilant and instruct their children to not share the password with anyone.
Identity theft examples
A cyber thief may steal the information of victims in many ways. Some of them are discussed below:
There are a variety of ways in which cybercriminals may steal the identity of the victim. One of the most common among them is the Stolen Cheques. The victims may steal the blank cheque or wash the ink of the cheque. To protect oneself from such fraud one must watch on his bank account and regularly check the emails received from the bank. If something suspicious is found then one must inform the bank immediately to stop any kind of transactions and investigate the matter.
A thief can steal the information of ATM cards.
Fraudulent Change of Address
Inform the nearby post office in the event that you speculate a fraud has recorded a difference in a location with the mail station or has utilized the mail to submit credit or bank extortion. Discover where the false charge cards were sent. Tell the nearby post office for the location to advance all mail in your name to your very own location. You may likewise need to converse with the mail carrier.
Social Security Number Misuse
Call the Government managed savings Organization to report fake utilization of your standardized savings number. If all else fails, you should need to change the number. The SSA will possibly change it on the off chance that you fit their misrepresentation injured individual criteria. Likewise, request a duplicate of your Profit and Advantages proclamation and check it for exactness.
On the off chance that you have an international ID, inform the identification office recorded as a hard copy to be watchful for anybody requesting another visa falsely.
On the off chance that your long separation calling card has been stolen or you find deceitful charges on your bill, drop the record and open another one. Give a secret word, which must be utilized whenever the record is charged.
Driver License Number Misuse
You may need to change your driver’s permit number in the event that somebody is utilizing yours as distinguishing proof on awful checks. Call the state or Locale of the Columbia office of the Branch of Engine Vehicles (DMV) to check whether another permit was issued in your name. Put an extortion alert on your permit. Go to your nearby DMV to demand another number. Likewise, round out the DMV’s objection structure to start the extortion examination process. Send supporting archives with the objection structure to the closest DMV examination office.
False Civil and Criminal Judgements
Now and again casualties of fraud are unfairly blamed for violations submitted by the sham. On the off chance that a common judgment has been entered in your name for moves made by your faker, contact the court where the judgment was entered and report that you are a casualty of data fraud. On the off chance that you are improperly indicted for criminal accusations, contact the state Branch of Equity and the FBI. Request that demonstrates your innocence.
Whether Identity theft is theft within the meaning of IPC, 1860
Although by its name, identity theft is a kind of theft of specific kind involving user data, it is not governed by Section 378 (theft) of the IPC. This is because it caters to only movable property or such property which is capable of being severed from the earth and is tangible in nature (Section 22 of IPC).
Electricity has been included within the ambit of theft but in the case of Avtar Singh v. the State of Punjab, the Supreme Court held that it is because of Section 39 of the Electricity Act and there was no intention of widening the scope of Section 378 of the IPC.
Hence, although identity information is in the form of binary data signals of zeros and ones, governed by streams of electronic waves like electricity, Section 378 cannot be read to include data or identity theft.
Provisions of the IPC dealing with Identity theft
Certain arrangements in the IPC, similar to fabrication and misrepresentation, which prior to administered such wrongdoings as for false archives, were altered by the Information Technology Act, 2000 to incorporate electronic records. Subsequently, the ambit of such wrongdoings was broadened to incorporate PC information related violations also. Subsequently forgery and making false documents (Section 464 of IPC) and its punishment in Section 465 of IPC, falsification for motivation behind tricking (Segment 468), phony for reason for hurting notoriety (Segment 469), utilizing as authentic a produced record (Area 471) and ownership of a report known to be manufactured and aiming to utilize it as certified (Segment 474) can be combined with those in the IT . For example, Segment 468 and Area 471 can be activated when an individual produces a site in nature of electronic record so as to bait the unfortunate casualties into disclosing their delicate data with the aim to swindle them. Further, Area 419 can be utilized in situations where the blamed has utilized the individual character data of the person in question and imitates such unfortunate casualty to submit misrepresentation or conning. Segment 420 can be utilized on the off chance that “anything fit for being changed over into an important security” inside the significance of the demonstration is perused to incorporate novel distinguishing proof data of a person. Further, the Master Board of trustees on Changes to the IT Act, 2000 had prescribed certain revisions in the IPC to incorporate Segment 417 A which would give as long as three years of discipline for tricking utilizing any one of a kind distinguishing proof component of another person. It likewise made swindling by pantomime by method for a system or PC asset culpable with as long as five years detainment and a fine, under Area 419 A.30 These proposals have not been joined into the IPC so far, yet would have given a progressively thorough law on wholesale fraud.
Identity theft punishments
Under Section 66C of the IT Act, 2000, whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.
Provisions in the Information Technology Act, 2000
The IT Act, 2000 is the main legislation in India governing cybercrimes. Although, its aim was to mainly recognize e-commerce in India and it did not define cybercrimes as such. Before its amendment in 2008, Section 43 of the Act could be used to impose civil liability by way of compensation not exceeding one Crore for unauthorized access to a computer system or network (Subsection a) and for providing assistance to facilitate such illegal act (Subsection g). Section 66 of the Act only pertained to cybercrime of hacking wherein some destruction, deletion, alteration or reduction in the value of computer resource attracted penal sanctions. If a person obtained identity information from the computer stealthily without causing any changes in it whatsoever, this provision could not be used. The term identity theft itself was used for the first time in the amended version of the IT Act in 2008. Section 66 criminalizes any fraudulent and dishonest conduct with respect to Section 43 of the same Act. Section 66 (A) which is now held to be unconstitutional, covered the crimes of Phishing. Section 66 B pertains to dishonestly receiving any stolen computer resources. Section 66 C specifically provides for punishment for identity theft and is the only place where it is defined. Section 66 D, on the other hand, was inserted to punish cheating by impersonation using computer resources. This provision can be seen to be similar to Section 419 (A) recommendations of the expert committee as mentioned earlier. Several other provisions inserted in the amendment include punishment for violation of privacy and for cyber terrorism. Women and children have also been provided protection under Section 67 A and 67 B of the Act. Further, stronger laws have been formulated with respect to the protection of “sensitive personal data” in the hands of intermediaries and service providers (body corporate) thereby ensuring data protection and privacy. Only exceptional cases where such data can be revealed is to an agency authorized by the State or Central government for surveillance, monitoring or interception, under Section 69 of the IT Act. The ambit of sensitive personal data is defined by the IT Rules, 2011 to mean password, financial information, physical, physiological and mental health condition, sexual orientation, medical records and history, and biometric information. Hence, depending upon the method using which identity theft has been committed, the aforementioned laws can be applied.
Impact of Identity theft
Identity theft or identity fraud happens when a thief gains access to personal information like your name, address, credit card or bank account numbers, Social Security number, phone or utility account numbers, passwords, or medical insurance numbers and uses that information for their economic gain.
The actions you need to take, the length of recovery time, and the consequences of having your personal information stolen will depend largely on what kind of identity theft you’ve experienced. In extreme cases, some people have spent more than six months resolving financial and credit problems associated with identity theft.
Identity theft’s negative impacts often involve finances, but there can be other consequences, as well, including an emotional toll. For example, if a thief commits a crime and provides your name to the police is known as criminal identity theft and authorities arrest you as a result, well, you can imagine the resulting stress, as well as disruption to your life until you’re able to resolve the situation.
In this article, we’ll discuss the four different ways victims can be affected by identity theft:
The financial difficulties that may be caused because of identity theft can last for months or even years after your personal information is exhibited. The hurdles faced by people depend upon the type of data collected by the criminals.
- Debating an identity thief’s activity in your credit files and working to restore your good credit
- Cleaning up and closing bank accounts, and opening new accounts
- Changing passwords
Through account takeover, identity thieves can also take over your property and other financial accounts, the impacts of which could affect your retirement, your mortgage, and your child’s education.
And identity theft isn’t necessarily something you can forget about, especially when it involves sensitive personally identifiable information like your Social Security number. Thieves may not use your information for months or even years—waiting for a time when you may not be as attentive to the risk. Thieves can also sell personal information on the dark web. You may have to stay alert and watch for red flags indefinitely.
If your identity theft issue is so complicated that it requires expert advice, legal fees could add to the financial impact.
In fact, some victims end up reaching out to the government for assistance while recovering, which shows the potential magnitude of identity theft hardship.
Possibly a less visible consequence of having your identity stolen is the emotional toll that can follow it. Identity theft is usually a faceless crime that can trigger a host of sensitive feelings. The first feeling that victims may encounter is anger. But after the primary shock, other challenging and long-term effects may come into play.
For example, someone who lifts your identity can perpetrate crimes in your name, which can instantly harm your status and be stressful to establish. If you’re asking for a job and a criminal record pops up in your background check, it may harm not only your job but also your perceptions of self-worth. Not only that, criminal identity theft could lead to your arrest before you’re able to clear up the trouble.
Victims could accuse themselves or their family members for not being concerned enough with their personal information.
As identity theft can be anonymous, victims may experience feelings of failure. A 2016 Identity Theft Resource Center survey of identity theft victims shed light on the prevalence of this emotional suffering caused by identity theft:
- 74% of the people reported feeling stressed
- 69 percent reported feelings of fear associated with personal financial safety
- 60 percent reported anxiety
- 42 percent reported fearing for the financial security of family members
- 8 reported feeling suicidal
While you clean up the disordered trail of ID theft, the emotional stress can affect your sleep and appetite, and lead to depression and isolation.
And what about the emotional stress of receiving calls from debt collectors? When someone else makes debt in your name, it can be challenging to prove that the debt isn’t yours. Further, you are required to take steps so that the businesses and collections agencies stop reporting the debt as yours.
Identity theft problems can also exhibit physical symptoms.
If someone is using your name or identity to perpetrate crimes and law enforcement agencies arrests you, that’s a very stressful situation. And before you clear your name, your arrest record may yet pop up on past analyses, influencing everything from profession to your housing choices down the road. For example, you could lose your home if your credit and debt are affected. You could lose your job if your work is affected, and you could also miss getting new business proposals.
Clearing your name of criminal charges can take a lot of effort, as you have to do everything from figuring out where the thief was arrested and providing law enforcement with identifying documents and your fingerprints, to changing all incorrect records from your name to the thief’s name.
Criminals that have your Social Security number can also get access to your medical benefits and can even influence your medical records. This could lead to vital effects when you’re under a physician’s supervision or there is an emergency and providers don’t have the accurate health information or you no longer have medical benefits to cover you.
In today’s cyber-focused realm, the Internet is another method identity thieves can obtain access to the personal sensitive information such as passwords of your email and social media accounts. Whether you rely on social media for your business or use it to stay connected with your friends and family, hackers can damage your name or put your job on the line by using your current account details and even create new, false accounts on which they can post offending statements while pretending to be you.
On a more elementary level, healing from identity theft could harm personal relations as you feel all of these stressors and also if you request family and colleagues for aid and financial support while you get back on your feet.
Identity theft can have perpetual negative consequences on its victims. One of the best things to do is act immediately to limit its impact and ask for help.
How to prevent Identity Theft
There are different ways to prevent, detect and fight against identity theft. These will help you to reduce the risk of identity theft.
Discover the source
The first step to solve the problem is to find where it started. One must think about all the recent activities and investigate which could have led to it. Any new website, response to an unusual email, new software, or any registration on e-commerce site can probably cause this theft.
Change your passwords regularly
The most basic mistake people make is keeping the same password for a long period of time. Passwords must be changed once in a while and immediately after any identity theft. The new password must not closely relate to the old password.
Contact your institutions
Immediately after identity theft, one must their bank, lender or insurance company, etc. to protect your records. Closing the account which was accessed without permission must be closed and a new account must be opened.
Check computer for a virus
Identities can be stolen through viruses or malware, and it can still be hiding in your computer and can attack again. To avoid it you must update your antivirus program or approach an expert to help you.
There are some warning signs or indicators that people must know and should always keep in mind to prevent themselves from Identity theft:
- Unexpected verification call from the bank
- A warning or notice from the bank
- Unexplained entries in your credit report
- Small debits in the bank statement
- Unfamiliar purchases in the card statement
- Receiving any receipt or bill for a service you don’t have
These indicators might help you from identity fraud.
How to Report Identity Theft to the Police
Identity theft is the stealing and use of someone’s information for financial gain. Victims must immediately file a complaint in the nearest police station or cybercrime cell because it qualifies as a proof of identity theft. The proof can save you if the thief impersonates you while committing a crime. Police Complaint is also required to file compensation from banks. It can also help you in getting new accounts and renewing the insurance. Police Stations have given numbers so that they can provide immediate support to the people in need. It is mandatory under Section 154, Code of Criminal Procedure, for every police officer to record the complaint of an offense.
- For Security Solutions, Call: +91-9717495402
- For Background Verification, Call: +91-9978990585
Cyber Policing in India
In the present scenario, cybercrime is at its peak in our country. These crimes were increased after demonetization, as demonetization increased online banking transactions. Growth in these crimes led to the establishment of the Cyber and Information Security Division (C&IS) which deals with the matters related to Cyber Security, Cyber Crime, National Information Security Policy & Guidelines and implementation of NISPG and NATGRID, etc.
Crime and Criminal Tracking Network and Systems (CCTNS)
In 2009, this department was created under C&IS which is approved by the Cabinet Committee to create a nationwide networking infrastructure for an IT-enabled criminal tracking and crime detection system. It included around 15,000 police stations. Cyber Police Station includes a trained officer and equipment to track and analyze digital crimes.
Predictive Policing needs to use data mining, statistical modeling, and machine learning on datasets related to crimes to get to know about likely locations for police intervention. As in 2013, Jharkhand Police along with National Informatics Centre started to develop a data mining software that can help them to study criminal attempts by scanning online records.
The Delhi Police with the help of the Indian Space Research Organisation (ISRO) is trying to develop a predictive tool known as CMAPS or Crime Mapping, Analytics and Predictive System. This system will identify crime hotspots by merging Delhi Police’s data with ISRO’s satellite imagery and locating on the map. With the help of CMAPS, Delhi Police has reduced their analysis time from 15 days to 3 minutes.
The Hyderabad City Police is trying to build a database known as ‘Integrated People Information Hub’ which can provide a ‘360-degree view’ of the people of the state including their names, aliases, family details, addresses, and other document information including passports, aadhar card, and driver’s licenses.
Anyone can file a complaint through the online crime reporting system known as Digital Police controlled by the Ministry of Home Affairs, Government of India. This is a SMART police initiative that provides a platform for citizens to file complaints online. The portal also gives access to authorities permitted by the state to use the National Database of Crime Records for the purpose of the case-investigation, policy making, data analysis, research and providing citizen services.
The police also use different fake social media accounts to help their surveillance and investigations. People are surprised by seeing how people can commit identity theft using social media. So, the police are trying to understand the mechanics and trying to control the crime using social media.
Cyber Crime Identity Theft Cases
Social Media plays an important role in people’s life. It is a tool that helps people to stay in touch. Applications like Instagram, Facebook, Twitter, and Linkedin provides us ways through which we can remain plugged in all the time. Overusing or sharing of these applications is harmful as it might lead to identity theft.
There are different cases through which we can understand Cyber Crime:
Pune Citibank MphasiS Call Centre Fraud
In this case, ex-employees of MphasiS Ltd cheated US customers of Citibank with around Rs. 1.5 crores. Unauthorized access to the personal information in the Electronic Account Space of the customers was used to commit this fraud.
Under the Information Technology Act, 2000 use of electronic documents is considered a crime when there is the use of ‘written documents’, ‘breach of trust’, ‘cheating’, ‘conspiracy’, etc. So this is considered as an offense under Section 66 and 43 of the Information Technology Act, 2000 and the people are liable for imprisonment and fine and they must pay damages to the victims.
Sony Sambandh Case
In this case, Sony India Private Ltd filed a complaint against Non-Resident Indians. The website Sony Sambandh helped them to send Sony products to their friends and family in India after paying online.
It all started when Barbara Campa gifted a Sony Colour Television and a cordless headphone to Arif Azim in Noida. She completed the payment through a credit card, After the completion of all the procedures, the company delivered the items to Arif Azim. Later, the credit card company informed the company about the transaction. They told that the real owner of the credit card had declined about the purchase and claimed the transaction unauthorized.
The company filed a complaint at the Central Bureau of Investigation under Section 418, 419 and 420 of the IPC. After investigation, Arif Azim was arrested and he told that during his job at a call center he gained access to a credit card number and he misused it.
This was India’s first cybercrime conviction in 2013 and CBI recovered the headphones and television. The CBI proved the case with evidence and the accused admitted his guilt. The Court accused Arif under Section 418, 419 and 420 of the IPC and it showed leniency towards the boy as he was just a young boy of 24 years and a first-time convict by releasing him on probation for one year.
The Bank NSP Case
This is one of the leading cybercrime cases where a management trainee of a bank broke up with the girl he was about to get married. Later, the girl created a fraudulent email id and started sending emails to the boy’s foreign clients from the bank’s computer. This resulted in the loss of the clients of the company. The company took the bank to court and it was held liable for sending emails through the bank’s server.
Andhra Pradesh Tax Case
In Andhra Pradesh, government officials exposed a businessman. He was an owner of a plastics firm and was arrested by the Vigilance Department and the department recovered Rs. 22 crore cash from his house.
The accused used to submit vouchers to show the legitimacy of his trade, but the vigilance department operated his computer and found that the accused was running five businesses under the hood of one company and he also gave illegal or duplicate vouchers to represent his sales records and save tax.
SMC Pneumatics Pvt. Ltd. vs. Jogesh Kwatra
This is India’s first case of cyber defamation, the accused Jogesh Kwatra works in plaintiff’s company and he started sharing derogatory, demeaning, defamatory, obscene and abusive emails to other employees and employers and to other companies related to his company around the globe just to defame the company as well his MD Mr. R. K. Malhotra.
The plaintiff filed a suit in the Court and it was held that the emails sent by the accused were highly defamatory, obscene and abusive in nature. The counsel added that the accused only wanted to destroy the reputation of the plaintiff in India and the whole world. So, the accused is restricted to send those types of emails and anyone who indulge in this type of actions will be fired.
After all the arguments, the Court passes an ex-parte injunction to stop sending these types of emails and the judge also restrained him from publishing, transmitting or causing any type of thing which is defamatory or abusive.
In December 2004, the CEO of bazee.com was arrested because his website sells a CD with questionable content. The CD was also available in the markets of Delhi. This case leads to a question about who is liable here, the Internet Service Provider or the Content Provider. The CEO was later released on bail to prove that he was the Service Provider, not the Content Provider. This case raised a lot of questions on handling cybercrime cases.
State of Tamil Nadu vs. Suhas Katti
This case is important in cyberlaw cases as the judgement of this case arrived under 7 months. In this case, a man who was a known family friend of a divorced woman was posting obscene, defamatory and demeaning messages about the woman. He was sending emails to the woman to gather information through a fake account in the name of the victim. As a result, many unreasonable phone calls were received by the woman in the belief that she was soliciting.
In February 2004, the woman filed a complaint and the police found the man and arrested him in the next few days. The accused wanted to marry the lady rather she married another person which later ended up in a divorce. This made the accused trying to contact her again. She again rejected him which forced the accused to start harassment through the internet.
The accused was charged under Section 67 of the Informational Technology Act, 2000 and Sections 469 and 509 of the IPC. The argument of the defense stated that some of the documentary evidence present here are not qualified as evidence under Section 65B of the Indian Evidence Act and all the emails could be spread by her ex-husband and her ex-husband is trying to frame the accused. Rather, the Court hung on the main witness, the cybercafe owners, and all the evidence.
As a result, the Court found the man guilty and charged him with imprisonment and fine both. This is the first case ever convicted under Section 67 of the Information Technology Act, 2000.
Nasscom vs. Ajay Sood & Others
This case has a landmark judgment as this case defines ‘phishing’ on the internet as an illegal act, involving an injunction and recovery of damages. The plaintiff, in this case, is the National Association of Software and Service Companies (Nasscom) which is India’s premier software association. The accused were the placement agency hired by Nasscom to headhunt and recruitment.
The accused send emails to third parties in the name of Nasscom to receive confidential data that they could use in headhunting. So, phishing is an internet fraud where a person pretends to be an association to withdraw personal information from customers such as passwords or access codes, etc. So, phishing is collecting personal data by misrepresenting as a legitimate party and using it for own benefits.
The Court appointed a committee to look through the accused premises, through which they found two hard drives from which the emails were sent by the accused to customers. The offending emails were downloaded and counted as evidence. The accused used different fictitious identities to avoid recognition and legal action.
Later, the accused admitted that they are guilty and both the parties wanted to settle this dispute through compromise. The accused had to pay Rs. 1.6 million to the defendants for the damages and violation of their trademark rights.
This case is very important as it brings ‘phishing’ to our legal system and proves that any person who violates Intellectual Property Rights will pay the damages. This case brought faith in the Indian Judiciary as they can protect intangible property rights.
Cyber Attack on Cosmos Bank
In August 2018, there was a cyberattack on the Pune branch of Cosmos Bank which drained around Rs. 94 crores. The attackers hacked into the main server and transferred the money to a bank in Hong Kong and they also tracked the details of various Visa and Rupay debit cards.
The hackers found and used a link between the centralized system and the payment gateway was compromised, that means both bank and account holders were unaware of the money being transferred.
This attack was huge and one of its kind as the first malware which attacked ended all the communication between the payment gateway and the bank. This attack caused a lot of damage as there were 14,000 transactions across 28 countries using 450 cards and 2,800 transactions using 400 cards in India.
In this case, the Joint Academic Network (JANET) was hacked which restricted access to authorized users by changing their passwords and deleting/adding files to their account. The accused also made changes in the BSNL database in their internet user’s account.
The company filed a cybercrime case and CBI started its investigations and found out that the broadband internet was used without any permission. The accused different VPN’s to hack into the server from different cities.
The accused was later sent to prison for a year and paid a fine of Rs. 5,000 under Section 66 of the Information Technology Act, 2000 and Section 420 IPC.
How to Protect Yourself from Identity Theft
To protect yourself from identity theft, one must start some future thinking and try to minimize the odds of being victimized. The ultimate goal is to construct enough obstacles and enable protection to access your personal data. There are different steps a person can take to protect himself from identity theft:
Compulsory use of Passwords
This is the first step a person must follow to protect himself from identity theft. Mostly, people think setting up a password is not necessary or so much work to do for nothing. But in this present situation, not using passwords is not really safe as cybercrime is increasing gradually. A phone without a password is like a home without a door, anyone can access it. So, everyone must set up passwords for their phone, computer, and all their financial accounts to be safe from identity theft, and the password must be strong and unpredictable.
Mix up your Passwords
Always try to set every password different because if every password is the same, the fraudster can easily obtain access to all your accounts with only one password. So, mixing up passwords can actually stop an identity thief from accessing your data. Passwords must not be your name or your birthday because they are easily predicted and one must change the password once in a while or anytime you feel your account is compromised.
Keep a distance from Shady Websites and Links
Everyone must avoid shady websites or any suspicious-looking links in emails or text messages as they can be a trap of identity thief. Frauds generally use websites that are similar to your financial institution, moneylender, bank or your credit card company to get access to your details. So, no one should ever type their login credentials to an unfamiliar or suspicious websites.
Never Give Out Personal Information
Another way the frauds use is by calling people like credit card companies or banks and providing a situation to ask your personal information. As a matter of fact, no organization will ever call you and ask for your personal information such as account number or PIN or anything. So, no one should give their personal information over the phone to anyone.
Protect Documents with Personal Information
It is always a great idea to destroy all the physical private records and statements which contain any personal or financial information which can cause trouble in the future. They can also use receipts to collect your personal information, so people should carry them home and throw them away.
Limit Your Exposure
Everyone must carry a limited number of credit cards in their wallets to decrease the damages if stolen. Carrying original ID in the wallet is dangerous as well. People should carry duplicate ID proofs in their wallets.
How to Prevent Frauds in Business
Preventing fraud in business is very important because business affects the lives of many people. Unlike individuals, attacking a business can put livelihood in danger of many and their customers who are dependent on the company. So, there are certain ways through which people can prevent their business from fraud:
Switch to Digital Statements
In the present scenario, credit card bills, bank statements, confidential files, and other important documents can be used to attack the business. All these documents mostly come through the mail and to prevent the risk of stealing you can turn off the paperwork and switch to digital statements.
Although most businesses can not switch to the paperless situation, rather they can change their bank and other financial procedures to paperless which would just take a few minutes and can completely help in closing the risk. And switching to paperless saves both time as well as money.
Invest in a Quality Shredder
It can be humorous but stealing from dustbins and dumpsters is actually happening around the globe as well in movies. People can easily end that risk by buying a high-quality shredder for their office to cut documents.
Build a Secure Filing System
Every firm or business has their important documents that need to be kept safe. These documents can be used to attack your business, customers, or employees, so these documents must be somewhere safe and only higher authorities have access to it.
Best Digital Security
After securing all the paperwork, now it’s time to secure your digital data. A normal wireless internet router can not protect your digital assets, thus adding some other features will help in protecting:
- Strong Firewalls
- VPN for outside access
- Secure offsite data storage
- Scheduled malware and virus scans
- Automatic windows and other software updates
- Secured wireless networks
- Protection of physical access to the mainframe computer
Planned User Data Access
There must be multiple layers of system security for ensuring the safety of the company data. These data files must be accessed only by those who really need to and have the authority to do so. That is, everyone in the company must not have access to every file.
For daily use of computers, people must have their own login credentials which they can not share with anyone, also the user-id shall have access to a particular system.
Using Strong Passwords
Strong passwords are always necessary as passwords play a very important role in protection. Strong passwords like using random, long with some symbols will be impossible to guess by anyone.
How to Prevent Frauds in Banks
Identity theft is growing day by day in the past six years. It is necessary to protect the banks from identity theft. There are simple ways through which identity theft can be prevented:
This can be the best approach in the security structure. This multi-factor authentication helps as there will be a series of passwords or questions which will help in protecting the valuable information from fraud. Only the higher authorities will know the passwords, which will reduce the chances of fraud in the bank.
The bank must monitor all the transactions and should up limits in the mainframe computer which will detect anything which is suspicious in nature.
Controlling transactions with different people can help the situation. It means, for every transaction, one person initiates the transaction, another person approves it, and the third person actually completes the transaction.
Lack of staff is not an issue as the banks can set up an Automated Clearing House (ACH) transactions which can confirm the sending and receiving of the transactions through phone calls.
Raise Fraud Awareness
Educating customers about fraud is very important as this problem is increasing. Helping customers to understand the present situation and provide answers to their questions.
Encouraging customers towards digital Banking and helping them to understand the dynamics of digital banking.
How to Prevent Frauds in Social Media
There are certain ways people can prevent frauds in Social Media:
- Use every security settings provided by media platforms. They can be anything like captcha puzzles, privacy settings, or security settings. Everything is helping in protecting the account.
- Never share login credentials with anyone, not even with the people you trust. Even they can make you vulnerable while using your account.
- Be aware of every piece of information you share and do not share any personal or highly sensitive information on your social media.
- Never reuse your passwords. Always set a new password for every account.
- Always add known people.