This article is authored by Nidhi Bajaj, pursuing BA.LLB from Guru Nanak Dev University, Punjab. In this article, the author has provided various precautionary steps that an individual can take to avoid falling victim to a cybercrime. Along with the major types of cyber crimes, we will also be looking at the various legal remedies for the same.
This article has been published by Sneha Mahawar.
Table of Contents
In simple words, cyber crime means any criminal activity related to the use of a computer. Lately, there has been increased and rapid digitisation in the economic, commercial and other spheres due to which the dependence on the internet and technology has become a necessity- a condition that we cannot ignore anymore. While this could mean ease of doing business and a comfortable and convenient way of living, it also means increased risk to one’s privacy and other things including confidential information and secrets which we hold dear. Someone might trace your location or other personal information from your social media(whether you intend it or not) and then use it to blackmail or threaten you to do something, for instance transferring funds to some remote account. Cybercrimes such as hacking, cyber terrorism and online frauds have the potential of shaking economies and ruining individual lives. The question arises as to what one can do to avoid becoming a victim of cyber crimes. In this article, I will be taking you through the various steps and precautions that you can take to avoid cyber crimes. While there is no full-proof way to avoid these crimes, it is noteworthy that the Information Technology Act, 2000 and the Indian Penal Code, 1860, and other laws provide for the mechanism to punish and penalise cyber criminals. Therefore, whenever you find yourself in the trap of a cybercriminal, you must report the crime to the appropriate authorities.
What is cybercrime
Cybercrime involves the use of a computer to further illegal ends. In other words, cybercrime refers to any criminal activity that either targets or uses a computer, a computer network, or a networked device. Thus, a computer may be used in the execution of the crime or it may be the target. One may say that cybercrime is an extension of traditional criminal behaviour. Cybercrime does not attack you physically and its non-local character makes it different from other types of crimes. A person sitting in the U.S.A may commit a cyber crime through his computer by accessing another computer in India. The scope of cybercrime usually extends to more than one jurisdiction which creates problems for law enforcement thereby calling for international cooperation.
Major types of cyber crimes
Cybercrime may be committed:
- Against an individual (For example, threatening emails, cyber stalking, defamation, cheating, email spoofing, cyber fraud, etc.);
- Against property (For example, internet thefts, software piracy, copyright infringement, internet thefts, computer vandalism, etc.);
- Against governments or organizations (For example, cyber terrorism, distributing pirated software, unauthorized control over computer systems);
- Crime against society (For example, child pornography, online gambling, web jacking, forgery, trafficking, sale of banned products online, and financial crimes).
Following is a list of the major types of cyber crimes:
As the name suggests, identity theft means stealing someone’s identity to make unlawful gains. It happens when someone uses your personal identifying information to commit fraud, make unauthorised purchases in your name, uses your credit card, and the like. Section 66C of the Information Technology Act, 2000 provides the punishment for identity theft.
Phishing attacks attempt to steal your money by getting you to disclose your personal information such as bank details and passwords. The cybercriminal sends you a message or an email containing the link to a phishing website. These messages appear to be from a legitimate source and the cyber criminal pretends to be from a reputed company, bank, etc. A typical feature of a phishing attack is the urgent call to action or threat. Phishing emails create a false sense of urgency by telling the target that he must click, open the link, and attach it immediately. Once you’re on the phishing website, you are asked to update your information such as a password or fill in your account details, etc. Phishing can be of various types such as vishing(voice phishing), smishing(SMS phishing), URL phishing, email phishing, etc. Sections 43 and 66 provide punishments for phishing and related offences.
Social engineering attacks are conducted by exploiting human errors and behaviours to perpetrate a cyber attack. Social engineering means manipulating someone to reveal confidential or sensitive information, usually through digital communication and using the same for fraudulent purposes. Since it takes advantage of human vulnerabilities for unlawful ends, it is also called human hacking. For example, a cybercriminal impersonating an IT professional contacts you under the guise of updating your security software. Such cyber criminals build trust with their targets, collect their personal information, commit the attack, and depart. Some of the common social engineering attacks include baiting, too good to be true schemes, phishing, email hacking, etc.
Cyberstalking is the same as stalking, the only difference being that cyberstalking is committed online. It is the persistence, unwanted contact with a person on the internet through social media, email, etc. The crime of cyberstalking often involves other criminal acts including harassment, blackmail, defamation, and threats. Section 354D of the Indian Penal Code, 1860 deals with the offence of stalking and is invoked in cases of cyberstalking as well. The various types of cyberstalking include:
Sending unsolicited emails persistently is one of the most common forms of cyber stalking. The cyber criminal sends obscene or threatening emails to the victim and these mails may also include viruses and links to fake or harmful websites. In order to constitute the offence of stalking, the element of persistent unwanted communication which has the potential to intimidate the victim should be there.
This means stalking on the internet. The cyber criminal stalks your social media by creating a fake profile and might send you messages persistently or create a fake ID in your name on any social media platform along with your contact details. Cyber criminals take advantage of the anonymity of the internet to slander their victims and threaten them.
Here, the cyber criminal exploits the working of the internet and operating system to assume control over the computer of the targeted victim. As soon as the target computer connects to the internet, the cybercriminal can communicate directly with his victim.
Cyber fraud means any fraud committed by using a computer as a means or a target to gain an unlawful financial advantage. Internet fraud is any fraud committed through or with the aid of computer programming or internet-related communication such as websites, emails, and chat rooms. In today’s digital world, all payments and other financial transactions take place online. Thus, cyber fraud has become a lucrative business for cybercriminals. These frauds include misuse of credit cards by obtaining passwords through hacking, bogus investment, and misappropriation and transfer of funds. The various legal provisions invoked in case of cyber fraud include Section 420 and Section 408 etc.
Forms of computer fraud
- Input fraud: It involves the falsification of data before or at the moment of its entry into the computer. For example, misuse of cash dispensing cards.
- Output fraud: This involves the fraudulent manipulation of data at the point it is outputted from the computer. For example, forging paychecks.
- Programme fraud: It involves either the creation of a program with a view to fraud or the alteration or amendment of a program to such ends. For example, Salami fraud.
Hacking and Cracking
Hacking refers to unauthorised access to or control over a computer network for illegal purposes. Hacking is committed by releasing viruses, distributing Denial of Service(DoS) attacks, email hacking, web hijacking, etc. Section 43 of the IT Act, 2000 deals with the offence of hacking. Typical features of the offence of hacking are as follows:
- The hacker gains unauthorised access to the target computer.
- Such unauthorised access or control is for illegal purposes such as making unlawful gains or causing wrongful loss or damage to any person.
- The hacker intends to cause wrongful loss and damage or he has the knowledge that he is likely to cause such loss or damage.
- The hacker deletes, destroys or misuses, or alters any information residing in the target computer.
- The hacker destroys or diminishes the value or utility of the information residing in any computer resource.
Cracking is a technique used to breach computer software or a device’s security system with malicious intent. Cracking is simply malicious hacking. It involves password cracking, software cracking, network cracking etc. for stealing data, damaging a system, spreading malware and for committing corporate espionage.
Cyber defamation can be broadly defined as any act, deed, word, gesture, or thing on the internet or concerning cyberspace that is designed to harm a person’s reputation or goodwill on the internet with a malafide intention so that others in the community, whether online or offline would view the person with ridicule, hatred, contempt, indifference or any other negative attribute. For example, posting vulgar pictures of a person on social media without his consent, creating fake accounts in someone’s name, sending obscene messages to his friends and relatives, etc. Thus, cyber defamation refers to defaming a person online or in cyberspace. It is noteworthy that word travels like light in cyberspace and the defamatory content reaches millions in a matter of seconds. Hence, defamation in the context of cyberspace has become a serious concern. Sections 499 and 500 of I.P.C. deals with defamation.
Section 66A of the Information Technology Act, 2000 provides punishment for sending offensive messages through communication services, etc. However, the said Section was struck down as unconstitutional by the Supreme Court in the case of Shreya Singhal v. Union of India(2015) on the ground that it violates the right to free speech and expression.
Cyber pornography and cyber obscenity
Cyber pornography is a serious offense that is punishable under the Information Technology Act, 2000. Cyber pornography is the publication, distribution, or designing of pornography through cyberspace. The IT Act, 2000 provides punishment for publishing or transmitting material containing sexually explicit acts or conduct or depicting children in sexually explicit acts or conduct under Sections 67A and 67B respectively.
Cyber obscenity refers to the publishing or transmission of obscene material in electronic form. Section 67 of the IT Act, 2000 punishes the publication or transmission of any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it.
Cyber vandalism refers to a cyber attack without any rational, criminal or political or other motive. It is usually done to show off the hacker’s prowess and involves hacking into or defacing a website, intentional destruction of digital objects, posting fake reviews, adding content and removing content, etc.
Protecting yourself from cybercrime
Mentioned below is a comprehensive list of tips and measures that an individual can take to protect themselves from cybercrime:
Use strong passwords
One of the simplest ways to prevent cyber crimes is to use strong passwords. Don’t go for 123456…and other simple passwords that are too easy to guess. Don’t use the names of your partners or dear ones or your birth date as your password. Instead, use a unique password that is a combination of alphabets, numerals, and special characters/symbols. Another trick is to use different passwords for different sites and change your passwords frequently.
Keeping your software updated
Keep checking for the updates for your operating system and internet security software. Generally, cybercriminals take advantage of the glitches and flaws in your software for gaining access to your systems and devices. Thus, keeping your software updated to the latest version takes you one step closer to preventing cyber crimes.
Manage your social media settings
The next easy thing that you can do is keep your personal information private. Social media platforms usually have a feature where that allows you to hide your phone numbers and other contact/personal information. It might be a reasonable choice to hide such information and keep it locked down from the public eye for if you disclose your pet’s name in your public profile, you are giving away the answer to one of the most basic security questions.
Strengthening your network
Use strong encryption passwords to protect your home network from hackers and unwanted interceptions. If you are someone who uses public WI-FI, you must use a VPN(Virtual Private Network). A VPN encrypts all traffic until it reaches your computer. Thus, even if hackers can hack your communication line, they won’t intercept anything but encrypted data.
Keep yourself up to date on major security breaches
We often read about security breaches and theft of user information stored by various websites. If you have an account on any of these websites which have been impacted by the breach, you should check out what information the hackers have accessed and change your passwords immediately.
Talk to children about the internet
Even before the pandemic happened, children were already using the internet and mobile, and computer devices to a great extent and the pandemic only intensified it. The internet and technology have become a necessity in a student’s life. But do we teach our kids about the pros and cons of the internet? Every parent must talk to their child about the cautious use of the internet and the risks that come with it. Essentially, you must make sure that your child comes to you if he or she is experiencing any form of online harassment, abuse, or any other cyber-criminal activity.
Protect yourself from identity theft
You can protect yourself from identity theft by taking the following precautions:
- Beware of shoulder surfing.
- Do not reply to spam emails or open URLs or click on links in unsolicited mails.
- Use robust passwords and practise safe clicking.
- Always verify the identity of the person asking for your personal information.
Install anti-virus software
Installing reputed anti-virus software or internet security solutions can go a long way in protecting you from cyber crimes. These softwares such as avast provides you maximum protection and contains features such as virus cleaner, VPN, app locks, monitoring leaked passwords, etc. Anti-virus software allows you to scan, detect and remove threats before they become a problem. Also, please make sure that your antivirus software is kept updated.
Check your bank statements
It is advised that you should regularly check your bank account statements and in case you notice some unfamiliar transactions, or unauthorised withdrawals, you can report the same to the bank.
Protect yourself from phishing
The first thing you can do to avoid a phishing attack is to learn to recognize it. Here’s how-typically, phishing attacks call for an urgent action prompting you to click some link or act immediately to claim this lucrative reward and so on. Here are the other things that you can do to avoid becoming a victim of phishing attacks:
- A mail from a first-time sender might be a sign of phishing. Therefore, be extra cautious when you receive mail from an unknown person.
- If the mail you got has bad grammar and obvious spelling errors, there is a good chance that it is a scam. This is because these emails are usually translated into foreign languages. Also, reputed organisations do not generally send emails with spelling errors.
- Beware of generic greetings. In the time we live in, organisations that you deal with know your details and they usually address you with your name. Thus, if you receive a letter with a generic greeting ‘Dear mam or sir’ from your bank, there is a chance that it is not your bank after all.
- If you suspect that you have received spam mail, or that the email message is a scam, avoid clicking any links that may be inside it.
- Don’t share your location on social media publicly
- While making online purchases, ensure that the website is legitimate and uses a secure e-payment facility or portal.
- Do not share your OTP, and CVV codes with anyone. Trusted banks and financial institutions will never ask for this information.
- Always follow the industry best practices and government recommended practices and measures on cyber security.
- Keep your company’s software, hardware, and digital assets up to date using proper IT security asset management.
- Do not accept all the cookies from all websites that you visit. Read the terms and conditions carefully before accessing a website.
- Make an effort to check the credibility of an app before downloading it.
- Do not permit apps and websites access to your location unless necessary.
- Understand the nature and importance of the data that you store on your devices. Creating a backup of your data and files is a good option to mitigate the loss in case of a malware attack etc.
- Enabling multi-factor authentication is another option that you can explore to level up your security.
- Setting and modifying transaction limits on your accounts and cards.
- Be careful while you make payments on the internet. Enter your Card Verification Value(CVV) only on secure payment websites.
- Don’t fall into the trap of fake lotteries scams or get-rich-quick schemes.
What to do if you become a victim : reporting a cybercrime
If you find yourself in the clutches of a cybercrime, you must report it to the cybercrime cell. You can register a complaint with the cyber crime cell, both in physical and online mode. In case you don’t have access to a cyber crime cell, then you can lodge an FIR in the nearest police station.
National cyber crime reporting portal
You can file a cyber complaint through the National Cyber Crime Reporting Portal i.e. https://cybercrime.gov.in. The portal also provides the facility of filing anonymous complaints regarding cybercrime related to child pornography and sexually explicit content. To file a complaint, you have to give details of the incident such as the category of cybercrime, date and time, a platform where it occurred, upload evidence and details of the suspect, etc.
Legal remedies for cyber crimes
Provisions under the Information Technology Act, 2000
The Information Technology Act, 2000 provides for the penalty by way of damages that shall be paid in case of damage to a computer, computer system, etc. Furthermore, Chapter XI of the said Act contains provisions regarding the punishment for various cyber crimes.
|Section 43||Penalty and compensation for damage to a computer, computer system, etc.|
|Section 65||Tampering with computer source documents.|
|Section 66||Computer-related offences.|
|Section 66B||Punishment for dishonestly receiving stolen computer resources or communication devices.|
|Section 66C||Punishment for identity theft.|
|Section 66D||Punishment for cheating by personation by using computer resources.|
|Section 66E||Punishment for violation of privacy.|
|Section 66F||Punishment for cyber terrorism.|
|Section 67||Punishment for publishing or transmitting obscene material in electronic form.|
|Section 67A||Punishment for publishing or transmitting of material containing sexually explicit act, etc., in electronic form.|
|Section 67B||Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc., in electronic form.|
Relevant provisions under the Indian Penal Code, 1860
Often, the provisions of the Indian Penal Code, 1860 also get attracted in a cybercrime case. These provisions are enumerated below:
|Section 292||Sale, etc., of obscene books, etc.|
|Section 379||Punishment for theft|
|Section 408||Criminal breach of trust by clerk or servant|
|Section 411||Dishonestly receiving stolen property|
|Section 419||Punishment for cheating by personation|
|Section 420||Cheating and dishonestly inducing delivery of property.|
|Section 465||Punishment for forgery|
|Section 468||Forgery for the purpose of cheating.|
|Section 469||Forgery for the purpose of harming reputation.|
|Section 500||Punishment for defamation|
|Section 506||Punishment for criminal intimidation|
|Section 509||Word, gesture or act intended to insult the modesty of a woman.|
The Information Technology Act, 2000, along with the I.P.C. provides stringent punishments for committing various categories of cybercrimes. Various initiatives have been taken by the government such as issuing advisories regarding cyber threats and setting up of Cyber Swacchta Kendra, etc. Cyberspace is very vast and knows no bounds. The internet offers anonymity to offenders and often it is very difficult to impossible to trace a skilled cyber offender. Thus, people have to be aware of their digital surroundings just as they are in the real world. This article has provided tips and measures that an individual can take to protect himself from cyber crimes and mitigate the risks associated with them.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: