This article has been written by Priyanka Jain, pursuing a Diploma in Legal English Communication – oratory, writing, listening and accuracy, and has been edited by Shashwat Kaushik.

It has been published by Rachit Garg.


The growing era of technology is driven by data and information. This information can be regarding banking, accounting, or personal biometrics. So there are higher chances of identity theft and cybercrime in today’s society. In this article, the impact of identity theft and cybercrime will be scrutinised, and we will canvass the types and patterns of identity theft and cybercrime. How do we safeguard ourselves from this threat, and what are the legal backups to curb this menace?

Download Now

What is identity theft

Identity theft is a form of fraud or simply deceit that is done by using the personal information of someone else whose information is not authorised to be used by someone other than him under the law.

It is the criminal use of anyone’s name, security number, personal identification number, or combination of any such primary information that is unique to the victim to gain an undue advantage, preferably financial. The theft is said to have been committed the moment the thief used this information to commit a crime. The thief portrays the victim, i.e., the person whose information has been stolen, to enjoy funds and services, preferably monetary or insurance benefits. This does not end with just one attempt. It becomes a phenomenon unless it comes under the scanner of investigation agencies or experts. So there is repeated victimisation.

Identity thieves use different ways to shell out private information about bank customers; they misuse it to obtain credit cards in the customer’s name and use it for their own needs. Cybercrime affects both a virtual and a human body, but its impact is different on both. This is easily seen in the case of identity theft. Credit card information can be used to pay huge bills, and credit card companies have to suffer the losses.

Types of identity theft

Medical identity theft: In this type of theft, the health insurance policy number of the victim is stolen and is used to reimburse someone else’s medical bill, whom the policy does not cover.

Tax identity theft: It is the theft of a PAN or SSN to receive a refund from the Tax Department of the State in the name of the holder. Here, a change of email address is also initiated so that notification is not sent to the victim whose information is being stolen.

ATM fraud: In this theft, the security number or PIN of the Debit Card is stolen from its holder and used to withdraw funds from the holder’s bank account without his consent in order to fraud him.

Social networking sites: In today’s realm, the use of social networking sites is excessive. It is also a place to get anyone’s personal information regarding name, occupation, profession, family members, and their professions. Profession shows the financial status of individuals. So these can be victimised through mail or phone calls.

Identity theft using a QR (Quick Response) Code: This is a newly adopted method of information theft. Cyber attackers are targeting these devices through the internet or Bluetooth to gain an undue advantage. This is online identity theft. These barcodes can handle a lot of information, from plain text to geolocations. Marketing and online payments rely on QR codes, which contain sensitive financial information. QR codes originated in Japan to track automotive components in the industry. But with its popularity among various industries, it also made rapid progress in marketing. It provides quicker access than typing a URL. Even businesses can track their users by locating them online. This way, cyberattackers also get the chance to target their victims.

Sim swap: SIM swap is a cyber fraud using a duplicate SIM card issued by the mobile service provider. Bank customers use online banking services using mobile numbers and email addresses. With this duplicate SIM   OTP sent by the bank, the offender operates as a genuine customer of the Bank. So SIM swapping is also a kind of identity theft as it involves using another person’s digital information to gain financial benefits.

How is this information extracted

There are several ways in which such information can be extracted:

  1. By calling and pretending to be a banker or insurance agent and asking for information by way of confirming it.
  2. Stealing laptops, iPads, and wallets to get bank details or any identity-related information.
  3. Sending fake forms to fill out to get a free credit card or car loan.
  4. Purchasing personal information from a past employee of any company.
  5. Skimming information from an ATM by attaching a device to the ATM that can steal information from the Debit Card after inserting it in the machine.
  6. Flashing fraudulent links on any webpage with attractive titles to lure people with such a feature that if anyone clicks on it, his location or email address can be known.
  7. By affixing the poster with a QR code outside the restaurant or any conspicuous place to lure anyone for a discount, once they scan it through their smartphone, information is exchanged.

Legal provisions related to identity theft

Constitutional perspective

The Constitution of India is the guide for all the laws applicable within the Territory of India. It encompasses various checks to provide a framework for lawful execution. The Constitution of India, under Part III, enshrines Fundamental Rights. One of such rights is the ‘Right to Life and Personal Liberty’ under Article 21. The scope of this Article is very wide. It includes the ‘Right to Privacy’ as well. So data privacy also comes under the ambit of Article 21. One’s digital information is personal in nature, and it can be misused by the perpetrator to cause loss to one’s personality, property, or anything in which the victim is interested. In the case of Justice K.S. Puttaswamy vs. Union of India (2017), the Hon’ble Supreme Court unanimously held that “the right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution”. The  case also laid out the need for new laws relating to data privacy and protection. 

Under the Indian Penal Code, 1860

Section 416

As per Section 416 of the Indian Penal Code, 1860 identity theft is shown as cheating by personation. In this Section, identity theft is not directly mentioned but is somehow related to it. Identity refers to how we are perceived by others. Whether the world recognises us as professionals, students, homemakers, scientists, etc. When someone poses as someone else, it usually means that they are acting like someone else for an ulterior motive while hiding their true identity.

Section 418

According to Section 418 of the IPC, if someone intentionally cheats to harm someone who has an interest in the transaction or something to which the cheating relates, they can be imprisoned for a maximum of three years, fined, or both.

Section 419

Section 419 of the IPC provides for punishment for cheating by personation with imprisonment of either a simple or rigorous description for a maximum of three years along with a fine.

Under the Information Act, 2000

Section 66

Section 66C of the Information Technology Act, 2000 provides for punishment for identity theft. It says if anyone fraudulently or dishonestly uses any electronic signature, password, or unique identification feature of any other person, they are guilty of identity theft and liable for imprisonment of either description for a maximum of three years and a fine up to one lakh rupees.

What can be done to stay safe from this victimisation

Criminal litigation

We should use a strong password and not share personal information without assuring the credibility of the other person on or off the call. Passwords should not be relatable; they should be different in spelling or a mix up of alphabets, digits, and symbols. One must not not use the same password for every login ID. If someone gets the password, he or she can open any file or folder or email address to fetch the commercial or financial information of the victim.

Two-factor authentication, sometimes also referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different facts to verify themselves. He provides a phone number as well as his date of birth. Two factor authentication is implemented to better protect both a user’s credentials and the resources the user can access. Two-factor authentication provides a much higher level of security than single-factor authentication, in which the user provides only one factor — typically a password or passcode. Two-factor authentication methods rely on a user providing a password as the first factor and any other information peculiar to him only. Two-factor authentication adds one more  layer of security to the authentication process by making it harder for attackers to gain access to a person’s devices or online accounts because, even if the victim’s password is hacked, a password alone is not enough to pass the authentication check.

One must not click on any random link just to see what is there, as it may lead to the hacker’s webpage. Also, by not  installing any app or  software, preferably a gaming app or software just for entertainment, as it may have viruses or any other malicious programmes that may be threatening for the user’s device. Don’t share every single detail, like location, photographs showing any address, on Facebook or any social media or dating sites, and don’t carry all documents or leave them in your car while shopping in a mall. As a precautionary measure, one should keep changing its  PIN/security code, and password every three months. Don’t disclose personal information to strangers while touring, etc. Never share your AADHAAR/PAN driving licence number carelessly, and keep it safe by sending an OTP message.


Information is the core of cyberspace. Technology has changed our lifestyle by providing fast, accurate online transactions. They save big piles of paper, a bunch of time, and provide virtual space for business transactions. But just as the physical world cannot be crime-free, neither can any of the virtual spaces. Information refers to processed or useful data. It may be about identity in terms of personal, financial, or professional matters. Cybercrimes are not restricted to the commission of hacking and damaging websites. Any information can be used to commit further crimes, and the real perpetrator hides himself in the guise of the victim.


Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.


Please enter your comment!
Please enter your name here