This article has been written by Rachit Garg from the University of Petroleum and Energy Studies, Dehradun. This article aims to describe the various instances of cybercrimes that have been taking place in India and also explain the laws to prevent it.
With the spread of the Coronavirus (COVID-19) pandemic all over the world, the fear amongst the people is being exponentially created. However, the health risks are not the only bane that is the result of this catastrophic event. It has been noticed that as people are practising social distancing, this has given an opportunity to the dark elements of the society. Uniken, a cybersecurity firm revealed that there is a two to three times increase in the cybercrime in India after the lockdown was announced.
Every organization, either big or small, have been made to work from home due to the lockdown. This increases the risk of breach of data from the laptops or home PCs as they all may or may not have the same level of firewall and security as in the office setup.
A man’s life has become dependent on the internet with the further advancement of technology. It is used in almost all the spheres. However, it also enhanced the growth of cybercrimes whose rate of incidence is increasing day by day.
According to the Black’s Law Dictionary, cybercrime is defined as ‘a crime that takes place through the use of computers, computer technology or the Internet’. Different types of cybercrimes are:
It means when the computer is accessed without the permission of the rightful person who is the in-charge of it. Hacking refers to the illegal activity of breaching into a computer system and/or network.
It refers to repeated acts of using technology to harass or threaten the victim, which can be a person, group, or an organisation. It can involve false accusations, vandalism, identity theft, etc.
Virus are those infectious programs that are capable of making a copy of itself and spread into other programs capable of harming it. They often affect the data on the computer. They either alter the data present in the system or delete it. It can be sent via an email, once the person opens the mail the device is attacked by the virus.
It refers to an act in which the cybercriminal sets up a bogus website which is capable of extracting personal information such as passwords, credit card details and bank account number of the victim. The victim is directed to the website through an e-mail generally. Once the victim accesses the website, they become vulnerable and their personal information can be obtained by the cyber-criminal.
In this case, the criminal sets a fake set and lists merchandise or services for the sale of the auction. After the purchase has been made by the victim, the item is never delivered.
Laws preventing cybercrime in India
With the motive of creating an enabling environment for the commercial use of the I.T. and to combat the problem of crimes related to the internet, the Information Technology Act, 2000 was enacted. The acts which are punishable have been defined under the IT Act.
Offences related to the internet that have been made punishable under the IT Act, 2000 are:
- Section 65– Tampering with computer source documents. The person can be made punishable with imprisonment for up to three years, or with a fine up to two lakh rupees, or both.
- Section 66– Hacking with computer systems and Data alteration. The person can be made punishable with imprisonment for up to three years, or with a fine up to two lakh rupees, or both.
- Section 67– Publishing obscene information. On the first conviction, the person can be punishable with imprisonment for up to five years and with a fine of up to one lakh rupees. However, in the case of subsequent conviction, the term of imprisonment can be up to ten years and with a fine up to two lakhs.
- Section 70– Unauthorised access to a protected system. The person can be made punishable with imprisonment for up to ten years and with a fine.
- Section 72– Breach of Confidentiality and Privacy. The person can be made punishable with imprisonment for up to two years, or with a fine of up to one lakh rupees, or both.
- Section 73– Publishing false digital signature certificates. The person can be punishable for imprisonment for up to two years, or with a fine of up to one lakh rupees or both.
Instances of Cybercrime during Pandemic
According to the Cyber Security Crime Wing of Maharashtra Police, fraudulent links about COVID-19 are being circulated on the internet through the social media posts and Whatsapp.
Through these fraudulent messages, fear and vulnerabilities of the people towards the coronavirus are being exploited. According to the officials, such messages are being circulated:
- Promising employment to the age group of people between 18-40 years, with a Class certificate and with a salary of Rs. 3,500 per month during the lockdown,
- Remedies and additional insurance for Coronavirus,
- Free recharge of Netflix or other video streaming services,
- Free internet data, and
- Sale of liquor offers.
However, these messages have malicious links. These links have been created for the purpose of collecting information, including sensitive and personal ones which are saved in the user’s devices. The links help in accomplishing various phishing and malware attacks and hence, compromising the safety of the device and the data within. People’s online presence has increased since the lockdown which makes them more vulnerable to such attacks.
The Cyber Division of New Delhi recently warned the public about the malicious coronavirus related websites. They released the URLs of the website and urged the people to not access them. Following is the list of websites marked as malicious:
- survive coronavirus[.]org
- Best Coronavirus Protect[.]tk
- coronavirus update[.]tkc
Keeping the shortage in supply of the mask and sanitizers during the lockdown, many scammers have made fake e-commerce websites selling these items. These criminals are preying on the fear of the people for the COVID-19. However, the items never get delivered and the website is shut down after some time.
Fake Applications on Android/iOS
An application on Google Play Store named- ‘Corona Lie 1.1’ claims itself to be a live tracker of the cases of Coronavirus. People who were using this app believed they were using the app to keep track of the pandemic. Instead, the app turned out to be malicious, invading its user’s privacy. The app can access the device’s location, photos, videos, and camera.
The information collected can be misused by compromising with the user’s bank account or can be sufficient enough to blackmail the user.
With the intention to curb the rise of fake apps, the Android Playstore has removed many such apps from their platform. Moreover, they have set rules for these types of apps and categorised them under the “sensitive events” category.
Cyber Crime against Women
Cybercrime against women has been increasing due to the lockdown. According to the National Commission for Women (NCW) stats of cybercrime complaints received in 2020:
- February- 21
- March- 37
- April- 54
Moreover, according to the founder of a public care NGO, Akanksha Foundation, 20-25 complaints were received by them on a daily basis. The complaints are mainly about:
- Abuse and threats;
- Indecent exposure and unsolicited obscene pictures;
- Malicious emails claiming their account is hacked;
- Ransom demands and blackmail;
- Sextortion, that is, extorting money or sexual favours with the threat of revealing evidence of their sexual activity.
PM CARES Fund Fraud
The Prime Minister’s Citizen Assistance and Relief in Emergency Situation ( PM Care) Fund is receiving a lot of donations from the people. The Fund’s UPI ID is [email protected] However, it has come under the notice of the authorities that scammers have made similar UPI IDs such as [email protected], [email protected], [email protected], and so on, to defraud people. The Indian Computer Emergency Response Team (CERT-In) along with banks, ministries and police departments issued warnings to curb fraudulent activities.
EMI Moratorium Fraud
Alerted by the scammers tactics to exploit the EMI Moratorium Scheme, the indian banks have reached out to their customers and strongly advised them not to share personal information like OTP and ATM PIN with imposters, who started contacting people and promised for help with postponing the EMI payment.
Scammer listed Statue of Unity for Sale
The Indian authorities have filed a case against the person who listed the world’s largest Statue for $4 Billion on OLX, a consumer to consumer (C2C) platform. According to the advertisement, the money which was going to be generated by the sale of the statute would be used by the government to meet its medical expenses amidst the coronavirus pandemic.
Advanced Persistent Threat (APT) groups are referred to as organizations that attack on a foreign nation’s information related to national security or economic importance either through cyberespionage or cybersabotage. These groups continue to evolve and exploit during the pandemic. They have been targeting the Critical National Infrastructure which includes Hospitals with ransomware, malware, and distributed denial of service(DDoS) attacks. Not only the attacks are done with the intention of making profits, but also to extract and get access to login credentials and sensitive information of intelligence value.
Naikon, a chinese APT group, has been targeting the countries of Asia Pacific region. According to the IT security firms, their method of attacking is to infiltrate a government body and extract confidential information to launch a phishing attack on other government targets.
Zoom, a video conferencing app, enables professionals and students to have online meetings and attend online classes, respectively. However, recently, issues were raised about the security of the app. Zoombombing refers to an activity where hackers can secure access to a particular meeting and bombard it with objectionable content. There have been recent instances where objectionable material like a pornographic film was played during an online classroom session or a meeting. Actions have been taken by the company to prevent zoombombing instances by disabling Personal Meeting IDs for scheduling or starting a meeting and a password will be required for all meetings. Moreover, screen sharing privileges will be for the host only by default.
Attack on the WHO
The World Health Organization (WHO) has noticed a drastic increase in the number of cyberattacks directed towards its staff since the beginning of the COVID-19 pandemic. According to the reports of the WHO, 450 active email addresses and passwords of WHO were leaked online along with other thousands belonging to those working on the novel coronavirus response. However, the leaked information did not put the WHO system at risk as the data was old but the attack did affect the older extranet system which is used by the current and retired staff along with the partners.
The number of cyberattacks against the organization is five times more than the same period in 2019.
How to be safe
One can keep themselves safe from such scam and frauds with the help of vigilance and diligence. Here are some pointers that you can keep in mind:
- Before downloading any app from the Playstore, check the detail of the App, this includes details of the developer, reviews, rating given by other users, and their website, if any.
- Refrain from downloading an app from the third-party stores of websites and only download them from Apple Store for iOS devices and Google Playstore for android devices.
- In order to prevent fake and malicious apps from being installed, use effective and reliable antivirus for mobile and desktop.
The Delhi Police and WHO have issued some guidelines considering the imminent threat of cybercrimes. Some DO’s and DON’Ts are as follows:
- In case of receiving any attachments on mail that you have not asked for, refrain from accessing them.
- Pay close attention to the type of personal information you share when asked for it as there is always a reason for it. Under no circumstances, should you share your passwords.
- Do not trust any emails that come with a sense of panic as any legitimate organization will never want the people to panic and take processes step by step.
- Do not believe that WHO or any other organizations give lotteries or offer prices, certificates or grants on the email.
How to check the authenticity of a website?
- HTTP = Bad, HTTPS = Good. in https://, the ‘S’ stands for ‘secure’. It indicates that the website uses encryption to transfer data and provides protection from a potential hacker.
- Check for visible signs such as spelling errors or broken links. The legitimate websites domain name generally does not have these mistakes.
- Look for domain age. Often the age of such domain names is not more than a few months, it can be checked on search engines like Whois.com to check the details of the date of registration of the domain name.
Since the beginning of the pandemic of the coronavirus, a significant increase in the number of cybercrime cases has been noticed. The fact that the people are made to work remotely is one of the contributing factors as this lowered the security of their system. Various instances have taken place and the cybercriminal has left no stone unturned to exploit the vulnerable user by extracting their information for personal gains. However, various efforts are being made by the cybersecurity firms to solve the problem and provide security to the people. Various organizations like WHO or the Interpol, along with Delhi Police have issued guidelines for the people to safeguard themselves.
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: