Phishing: Legal Analysis Of A Digital Trap
"Rs 30,000 has been credited to your account. Click on the link below and
enter details to update the amount in your account". This is a typical malicious
claim devised by cyber fraudsters wherein their aim is to lure unsuspecting
victims into parting with crucial financial details. Using these details they
gain access to the victim's bank account and also the power to transfer or
withdraw money as per their wish.
The growing trend and grip of cyber crimes on the public at large is indeed
alarming and worrying. Cyber security firm Kaspersky has warned that cyber fraud
incidents may rise even further in the year 2021. The only way to avoid being a
victim of such internet/digital crimes is to be aware of the modus operandi
employed therein and also by spreading mass awareness regarding the usual
tactics employed by cyber criminals.
Under PM Narendra Modi's administration, India has been aggressively pushing for
a 'Digital India' ie digitalization of commercial activities and government
services. Unfortunately a large number of small business owners and traders are
not educated and do bot possess the technical know-how for digital banking or
e-commerce. It is common for them to prefer cash payments instead of the digital
option because it makes them feel insecure.
In this article, we will examine 'Phishing" - the most common type of cyber
crime in which unsuspecting victims themselves end up providing the fraudster
with sensitive financial information and eventually end up losing their hard
earned money. Although there are many other forms of cyber crimes like -
Stalking, Child Pornography, Virus attacks, Data Theft, Hacking etc, this
article shall deal specifically with Phishing.
What is Phishing, why is it named so?Similar to how fishermen cast their fishing nets into the sea and lure fishes by
attaching worms or bread, Phishing too works in a similar way. The cyber
criminal devices attractive and fake offers and throw them to the public at
large via bulk emails, smses, social media posts, web-links, WhatsApp messages
etc and circulate them in the cyber network.
Off-guard victims, attracted by the irresistible and unreal offers are tricked
into opening the web link provided in the fake messages and also into entering
personal and financially sensitive information like - Credit card numbers & CVV
numbers, OTP, Bank Details etc.
Examples of fake Phishing messages and offers:Congratulations !! You have won a lottery of Rs 1,00,000/- Click on the link
below to claim your prize.
Rs. 10,00,000/- is added in your account. Please enter details in below link to
complete processing to reflect in your account balance.
Your Credit Card has been blocked. Kindly click on the given link to unblock.
(Similar message is also commonly sent for fake blocking of Savings Bank account
, Debit Card, PAN Card etc.)
I am XYZ from (foreign country) with no legal heir and would like to transfer
all my wealth to the recipient of this email. Kindly provide your details for
What To Do If One Receives Such A Message:Recipients of such fake messages MUST NOT click on any link provided within the
email/sms/whatsapp message sent from unknown people. Also such fake or
suspicious messages must not be replied to. Additionally one can mark such
emails as spam or add them to blocked contacts.
Very often cyber criminals impersonate bank officials, RBI officials or credit
card department officials. But one must remember, no such official has the
authority to demand financially sensitive information like passwords, credit
card numbers, OTP etc. Rule of thumb is- no web link must be opened if the
sender is unknown.
Legal Provisions In India Which Address The Menace Of Phishing:The Information Technology Act of 2000 recognises and governs all electronic and
digital transactions and seeks to protect electronic data to its rightful
owners. Below are the specific sections which can be invoked against cyber
attackers in the form of phishing.
Sec 43 of I.T. Act:
This section penalises any person who accesses/modifies/downloads/copies/ a
computer or its data without the permission of its rightful owner.
Sec 66 of I.T. Act:
Section 66 mentions that offences mentioned in sec 43 are punishable with unto 3
years of imprisonment or with fine which may extend upto five lakh rupees or
Sec 66 A of I.T.Act:
This section in its sub sections (a), (b) and (c) mention that any person who
sends any communication via a computer which is grossly offensive or have a
menacing character or any information which the sender knows to be false which
is likely to cause annoyance, inconvenience, injury or which may lead to
deception or misleading of the recipient regarding the sender of such messages
shall be punishable with imprisonment which may extend unto three years with
Sec 66 C of I.T.Act:
prescribes punishment for identity theft ie anyone who fraudulently and
dishonestly makes use of a password or any other unique identification number of
another person shall be punished with imprisonment of a term which may extend
unto three years and shall also be liable to pay fine which may extend unto a
Sec 66 D of I.T. Act:
This section provides that any person who by means of communication via a
computer device or computer resource cheats another by personation shall be
liable for imprisonment which may extend unto three years and shall also be
liable to pay fine which may extend upto a lakh rupees.
Meaning Of "Computer" in legal sense of I.T. Act 2000:Section 2 (i) of the I.T. Act 2000 describes a computer as:
"Any electronic, magnetic, optical or other high-speed data processing device or
system which performs logical, arithmetic, and memory functions by manipulations
of electronic, magnetic or optical impulses, and includes all input, output,
processing, storage, computer software or communication facilities which are
connected or related to the computer in a computer system or computer network".
This is a very broad definition of the word 'computer' and going by this
definition, it would also include mobile smartphones, software applications,
hard drives, pen drives and even smart watches.
Authorities which an aggrieved person can approach for redressal:A victim of phishing or any other cyber crime can report the offences online on
the National Cyber Crime Reporting Portal - https://cybercrime.gov.in/ . This
portal is an initiative of government of India to facilitate reporting of cyber
crimes with special focus given to crimes against women and children.
Since cyber crimes often also encompasses the Indian Penal Code, they can also
be reported to the local police station. Some states in India have facility for
"E-FIRs" ie facility for lodging First Information Report to the local police
station via online mode.
Role of Cyber Police or Cyber Crime Cell:Each Indian state have set up Cyber Police or Cyber Crime cells whose main
function is to deal with cyber crime complaints and also to provide technical
assistance to the local police to deal with cyber crime complaints. It consists
of police personnel specifically trained in software technology and cyber
crimes. They also conduct periodical cyber crime awareness workshops and
programmes for awareness and safety of the public.
Indian ranks 3rd in terms of the highest number of internet users in the world
after USA and China. But it also ranked among the top 5 countries in the world
to be affected by cyber crime according to a report by online security firm
'Symantec Corp'. From the above article we can infer that in the present digital
age, being a technologically informed and aware citizen is of utmost importance.
Although there are ample provisions for punishment of those involved in cyber
crimes, precaution will always be the best measure. Awareness must be spread not
only by the authorities but also by every informed citizen so that vulnerable
people do not fall into the Phishing trap. We must collectively ensure that
information technology is put to only that use for which it is intended.
Written By: Parikshit Somani (BA, LLB, LLM)
Law Article in India
You May Like
Legal Question & Answers