Final Project Part3 and 4

1rt2rtrtr3h4gg5hgf6gh7g8g9bhnghghnhjg10hj11hg12jghghfghfhf
hfjfghjk13ki14kj15hh16n17hjj18hjhjjh19h20hjhhj
10
11
12
13
14
15
16
17
18
19
20
PART III
GROUP PROJECT WORK
CSI INSTITUTE OF LEGAL STUDIES
PARASSALA
CERTIFICATE
This is to certify that this project entitled CYBER LAW WITH CRITICAL
ANALYSIS is an authentic record of research carried out by,
1. Abinesh N
2. Adlin Alan N
3. Bonson C J
4. Jenish J
5. Lijoevin S Sam
6. Selgin B
7. Vijith J
8. Viswaram V
Under my guidance and supervision and that no part of it has been presented before
my degree, diploma or title for any other university before.
Place: Parassala Faculty in charge
Date:
DECLARATION
I hereby declare that this project titled CYBER CRIME WITH CRITICAL
ANALYSIS has been done by me for the Unitary LL.B Degree under the guidance of
Assistant Professor Mrs. Arunima, CSI Institute Of Legal Studies,
Cheruvarakonam, Parassala, Thiruvananthapuram. I further declare that this
report is not partly or wholly submitted for other purpose and that the data included in
this report, collected from various sources and true to the best of my knowledge and
belief.
Place: Parassala
Date:
ACKNOWLEDGEMENT
I wish to acknowledge my Gratitude to the Principal, Dr Bijoy M S Raj and my

teacher and guide, Asst. Professor. Mrs. Arunima for the valuable guidance and
advice. It is their illuminating comments and suggestions, which have enabled me to
successfully complete my work. I also express my profound sense of gratitude and
sincere thanks towards my guide and the principal of this collage for their committed
involvement and for the different outlook of the subject and its proper direction. I also
thank my colleague and friends who have supported me.
INDEX
 ABBREVATIONS
 TABLE OF CASES
 ABSTRACT
CHAPTER I INTRODUCTION
1.1 INTRODUCTION
1.2 DEFINITION AND MEANING
1.3 NATURE AND SCOPE OF THE STUDY
1.4 OBJECTIVES OF THE STUDY
1.5 RESEARCH HYPOTHESIS
1.6 RESEARCH METHODOLOGY
1.7 SCHEME OF STUDY
CHAPTER II OVERVIEW OF CYBER CRIMES AND

CYBER LAW
2.1 WHAT IS CYBER CRIME
2.2 TYPES OF CYBER CRIMES
2.2.1 Child Pornography or Child Sexually Abusive Material (CSAM):
2.2.1.1 Introduction
2.2.1.2 Defining Child Pornography
2.2.1.3 Reasons of Increasing Child Pornography

2.2.1.4 Impact of Child Pornography
2.2.1.5 Legislative Provisions Combating Child Pornography in India
2.2.1.6 Effect of COVID Lockdown on Child Pornography Market
2.2.1.7 Conclusion
2.2.2 Cyberbulling:
2.2.2.2 Cyberbullying or Online Bullying
2.2.2.3 Legal Remedies
2.2.2.4 Procedure to Follow When You Are Bullied Online
2.2.2.5 Case Laws
2.2.2.6 Conclusion
2.2.3 Cyberstalking:
2.2.3.2 Recent Cases of Cyberstalking in India
2.2.3.3 What is Cyberstalking?
2.2.3.4 What does Cyberstalking Includes?
2.2.3.5 Reasons for Cyberstalking
2.2.3.6 Kinds of Cyberstalking
2.2.3.7 Types of Cyberstalkers
2.2.3.8 What is the Procedure for Filing a Complaint?
2.2.3.9 The Indian Laws that Deal with Cyberstalking Along with their
Loopholes
2.2.3.10 Information Technology Act, 2000

2.2.3.11 Conclusion
2.2.4 Cyber Grooming:
2.2.4.2 Distorted Attachment
2.2.4.3 Adaptable Offenders
2.2.4.4 Hyper Sexual Offender
2.2.4.5 Prevention and Protection from Cyber Grooming
2.2.4.6 Conclusion
2.2.5 Online Job Fraud:
2.2.5.2 Types of Online Recruitment Fraud
2.2.5.3 How to Save Yourself from Recruitment Fraud
2.2.5.4 How to Report Fake Online Job Scam
2.2.5.5 Conclusion
2.2.6 Online Sextortion:
2.2.6.2 Definition of Sextortion
2.2.6.3Types of Sextortion
2.2.6.4 How to Lodge a Complaint Against Sextortion Offline
2.2.6.5 How to Lodge a Complaint Against Sextortion Online
2.2.6.6 Documents Required During Registration of a Complaint
2.2.6.7 Laws Governing Sextortion in India
2.2.6.8 The International Scenario on Sextortion

2.2.6.9 How can one Protect Oneself Against Sextortion
2.2.6.10 What to do if you have been Sextorted
2.2.6.11 Conclusion
2.2.7 Phishing:
2.2.7.2 Defining Phishing
2.2.7.3 How does Phishing Work?
2.2.7.4 How can a Person Recognize Phishing?
2.2.7.5 Different Techniques of Phishing
2.2.7.6 Major Factors for the Increase in Phishing Attacks
2.2.7.7 Provisions for Phishing Under the Indian Laws
2.2.7.8 Conclusion
2.2.8 Vishing:
2.2.8.2 Vishing is used to Attack Both Individual and Organization
2.2.8.3 What is Social Engineering
2.2.8.4 How to Recognize and Prevent Vishing
2.2.8.5 What is a Phishing Simulation
2.2.8.6 How can Phishing Simulation Help Prevent Vishing Attacks
2.2.8.7 Conclusion
2.2.9 Smishing:
2.2.9.2 Smishing Risk can only be Reduced by Focusing on your End
User
2.2.9.4 How to Prevent Smishing Attacks
2.2.9.5 How can Phishing Simulation Help Prevent Smishing Attacks
2.2.9.6 Conclusion
2.2.10 Credit Card Fraud or Debit Card Fraud
2.2.10.1Introduction
2.2.10.2 Types of Credit Card Fraud
2.2.10.3 What to do if you’re a Victim?
2.2.10.4 How to Prevent Credit Card Fraud?
2.2.10.5 Laws and Punishment
2.2.10.6 Conclusion
2.2.11 Impersonation and Identity Theft
2.2.11.2 What is “ID Theft”?
2.2.11.3 Modes of Identity Thefts
2.2.11.4 Identity Theft in the Modern Era
2.2.11.5 The Pandemic Effect of Identity Theft in India
2.2.11.6 Legal Analysis of Identity Theft in India
2.2.11.7 Laws Protecting Identity Theft
2.2.11.8 Protection From Identity Theft
2.2.11.9 Conclusion
2.3 PREVENTION OF CYBER CRIMES
2.3.1 Analyze your Risk Exposure
2.3.2 Preventive Measures
CHAPTER III CYBER CRIME LAWS IN INDIA
3.1 INFORMATION TECHNOLOGY ACT, 2000 (IT Act)
3.1.1 Overview of the Act
3.1.2 The Important Provisions of the Act
3.1.3 Positive and Negative Aspects of the IT Act
3.2 INDIAN PENAL CODE, 1860 (IPC)
3.3 INFORMATION TECHNOLOGY RULES (IT Rules)
3.4 COMPANIES ACT, 2013
3.5 CYBERSECURITY FRAMEWORK (NCFS)
3.5.1Why Cyber Crime Laws in India
3.5.2 Importance of Cyber Crime Laws
3.5.3 Need for Cyber Crime Laws in India
CHAPTER IV CYBER CRIME AND SECURITY
4.1 CYBER SECURITY STRATEGIES
4.1.1 Ecosystem:
4.1.2 Framework:
4.1.3 Open standards:

4.1.4 IT mechanisms:
4.1.5 E-governance:
4.1.6 Infrastructure:
4.2 DIFFERENCES BETWEEN CYBER CRIMES AND CYBER SECURITY
CHAPTER V CONCLUSION AND SUGGESTIONS
 BIBLIOGRAPHY………………………………………
ABBREVIATIONS
A.I.R All India Report
A.P Andra Pradesh High Court
All Allahabad High Court
And Another
Art Article
Bom Bombay High Court
C.B.I Central Bureau Of Investigation
Cal. Calcutta High Court
F.I.R First Information Report
Gau. Gauhati High Court
H.C High Court
H.P Himachal Pradesh High Court
I.C.J International Court of Justice
i.e. That is
I.P.C Indian Penal Code
I.T Information Technology
J&K Jammu & Kashmir High Court
Mad. Madras High Court
N.G.O Non Governmental Organization
Ori. Orissa High Court
P&H Punjab and Haryana High Court

Pat Patna High Court
PC Privy Council
PIL Public Interest Litigation
Raj. Rajasthan High Court
S.C Supreme Court
S.C.C Supreme Court Cases
S.C.R Supreme Court Reporter
S.P Superintendent of Police
Sec Section
U.J Unreported Judgment
U.K United Kingdom
U.N United Nations
U.P Utterly Pradesh High Court
U.S.A United States of America.
v. Versus
Viz Namely
Vol. Volume
W.L.R Weekly Law Reports

TABLE OF CASES
1. Vishaka v. State of Rajasthan AIR 1997 SC 3011
2. Shibani Barik v. State of Odisha 2020 SCC OnLine Ori 425,
3. State of West Bengal v. Animesh Boxi GR NO. 1587 OF 2017
4. Janhit Manch and Ors v. Union of India PIL NO.155 OF 2009.
5. Kalandi charan Lenka v. State of Odisha BLAPL No. 7596 of 2016
6. Gagan Harsh Sharma v. State of Maharashtra 2018 SCC Bom 17705;
7. State of Tamil Nadu v. Dr. L Prakash (W.P.M.P.No. 10120 of 2002)
8. Amar Singh v. Union of India [(2011) 4 AWC 3726 SC]
9. Nirmaljit Singh Narula v. Indijobs at Hubpages.Com [CS (OS) 871 / 2012]
10. Vyakti Vikas Kendra, India Public v. Jitender Bagga [CS (OS) No. 1340 / 2012]
11. Super Cassettes Industries Ltd. v. Myspace Inc. [CS (OS) No. 2682/2008]
12. Banyan Tree v. A. Murali Krishna Reddy & Anr, [2010 (42) PTC 361 (Del)]
13. Shreya Singhal v. Union of India [AIR 2015 SC 1523]
14. M/s Gujarat Petrosynthese Ltd &Anr.v. Union of India [2014 (1) Kar L J 121]
15. CBI v. Arif Azim (Sony Sambandh case) [(2008) 150 DLT 769]
16. State of Tamil Nadu v. Suhas Katti [CC No. 4680 of 2004]
17. SMC Pneumatics (India) Pvt Ltd v.Jogesh Kwatra[CM APPL No. 33474 of 2016]
18. Avnish Bajaj v. State (NCT) of Delhi[(2008) 150 DLT 769]
19. Christian Louboutin SAS v. Nakul Bajaj &Ors [(2018) 253 DLT 728]
20. Nasscom v. Ajay Sood & Ors. [119 (2005) DLT 596]
21. Department of Electronics and Information Technology v. Star India Pvt. Ltd.
[R.P. 131/2016 in FAO(OS) 57/2015]
22. Kent Systems Ltd. and Ors. v. Amit Kotak and Ors. 2017 (69) PTC 551 (Del)
23. Google India Pvt. Ltd. v. M/S Vishaka Industries Limited [Second Appeal No.
505 of 2016]
24. State v. Mohd. Afzal & Ors. [2003 (71) DRJ 178]
25. Syed Asifuddin& Ors. v. State of Andhra Pradesh & Anr. [2005 Cr LJ 4314]
26. Dharamvir v. Central Bureau of Investigation [148 (2008) DLT 289]
27. P.R Transport Agency v. Union of India & Ors. [AIR 2006 All 23]
28. Umashankar Sivasubramanian v. ICICI Bank (Petition No. 2462 of 2008)

ABSTRACT
Cyber crime is whether myth or reality? Nothing is crime unless prescribe by law. But
most of the categories of cyber crime is still beyond the reach of law. Even there is
lack of unanimous consensus over the commonly agreed definition of cyber crime.
Present article has attempted to conceptualize the ‘cyber crime’. The analysis is from
legal point of view and various aspects are touched upon. A cursory glace has been
given to whether cyber crime can be accommodated within the existing legal
framework or does it require a complete new approach? This article has analyzed the
operational modality to combat cyber crime and its probable difficulties in the
traditional system which is based on different principles, which in cyberspace hardly
respect and difficult to govern. The objective of these analyses is to verify the
compatibility of legal system to coupe up with such techno-sophisticated criminality.
CHAPTER I
INTRODUCTION
According to a general cyber law definition, Cyber law is a legal system that
deals with the internet, computer systems, cyberspace, and all matters related to
cyberspace or information technology. Cyberspace law covers a wide range of topics
including aspects of contract law, privacy laws, and intellectual property laws. It
directs the electronic circulation of software, information, and data security as well as
electronic commerce. E-documents are given legal recognition under cyber law.
Moreover, the system provides a structure for electronic commerce transactions and
electronic filing of forms. To put it simply, it is a law that deals with cyber crimes. As
e-commerce has increased in popularity, it has become important to ensure there are
proper regulations in place to prevent malpractices.
There are many different laws governing cybersecurity, largely depending on each
country’s territorial extent. The punishments for the same also vary according to the
offence committed, ranging from fines to imprisonment. The Computer Fraud and
Abuse Act of 1986 was the first cyber law that was ever to be enacted. It prohibits
unauthorized access to computers and the illegal use of digital information.
Internet usage has increased, and so has cyber crimes. There are several stories
of cyber crimes in the media today ranging from identity theft, cryptojacking, child
pornography, cyber terrorism etc. In cyber crimes, the computer is used either as a
tool or a target, or both, in order to commit unlawful conduct. In our fast-moving
digital age, there has been a phenomenal surge in electronic commerce (e-commerce)
and online stock trading, leading to more cyber crimes.
1.1 INTRODUCTION
According to a general cyber law definition, Cyber law is a legal system that
deals with the internet, computer systems, cyberspace, and all matters related to
cyberspace or information technology. Cyberspace law covers a wide range of topics
including aspects of contract law, privacy laws, and intellectual property laws.
19
It directs the electronic circulation of software, information, and data security as well
as electronic commerce. 21E-documents are given legal recognition under cyber law.
Moreover, the system provides a structure for electronic commerce transactions and
electronic filing of forms. To put it simply, it is a law that deals with cyber crimes. As
e-commerce has increased in popularity, it has become important to ensure there are
proper regulations in place to prevent malpractices.
There are many different laws governing cybersecurity, largely depending on

each country’s territorial extent. The punishments for the same also vary according to
the offence committed, ranging from fines to imprisonment. The Computer Fraud and
Abuse Act of 1986 was the first cyber law that was ever to be enacted. It prohibits
unauthorized access to computers and the illegal use of digital information.
22 Internet usage has increased, and so has cyber crimes. There are several
stories of cyber crimes in the media today ranging from identity theft, cryptojacking,
child pornography, cyber terrorism etc. In cyber crimes, the computer is used either as
a tool or a target, or both, in order to commit unlawful conduct. In our fast-moving
digital age, there has been a phenomenal surge in electronic commerce (e-commerce)
and online stock trading, leading to more cyber crimes.
1.2 DEFINITION AND MEANING
23 Cybercrime is defined as the systematic criminal activity occurring

digitallyand done by attackers. There are many examples of cybercrime, including
fraud,malware viruses, cyberstalking and others. Due to these, government agencies
andcompanies are investing more in the maintenance and hiring of cybercrime
experts. Earlier, cybercrime was committed only by individuals or by small groups.
However, now a highly complex cybercriminals network work on attacking the
system for datacollection.
21
blog.ipleaders.in Cyber crime laws
22
https://www.legalserviceindia.com › Cyber Law In India
23
https://www.techtarget.com/searchsecurity/definition/
20
1.3 NATURE AND SCOPE OF THE STUDY
Cybercrime is Transnational in nature. These crimes are committed without

being physically present at the crime location. These crimes are committed in the
impalpable world of computer networks.
24To commit such crimes the only thing a person needs is a computer which is
connected with the internet. With the advent of lightning fast internet, the time needed
for committing the cybercrime is decreasing. The cyberspace, being a
boundaryless world has become a playground of the perpetrators where they commit
crimes and remain conspicuously absent from the site of crime. It is an Open
challenge to the law which derives its lifeblood from physical proofs and evidence.
The cybercrime has spread to such proportion that a formal categorization of

this crime is no more possible. Every single day gives birth to a new kind of
cybercrime making every single effort to stop it almost a futile exercise. Identification
possesses major challenge for cybercrime.
1.4 OBJECTIVES OF THE STUDY
To protect the users of the internet from falling prey to cybercrimes. The
credibility of the internet has become susceptible due to cybercrimes. Users from all
the sections are victimized due to cybercrimes. To overcome this situation, it is
essential to have cyber laws to drive away from the panic among technology users.
25To create awareness among the users about the cybercrimes and cyber laws
framed to protect the victims of cybercrime. The objective of framing the cyber law is
to build the confidence in the users that the victims of the cyber crimes will be legally
protected and the guilty will be severely punished. This removes the obstacles in the
way of smooth conduct of business and other activities.
To shield the financial and other transactions done electronically from

unauthorized use by providing legality to the transactions. The use of plastic money in
24
https://www.wefinder24.com/2023/01/nature-and-scope-of-cyber-crime.html
25
https://intellipaat.com/blog/what-is-cyber-law/%23:~:text%3DObjectives
21
debit and credit cards has become the order of the day. Financial crimes involving
debit and credit cards are also rising. Many people are losing money, and they have to
bear with formalities in proving the online fraud and to recover the amount. These
hurdles are expected to be done away with because of the implementation of cyber
laws.
26 Assigning legal recognition to the digital signatures for authentication.

Unless legal recognition is given, the digital signature cannot be recognized, and
hence it will block the online transactions. To overcome this, cyber law has legally
recognized digital signatures.
1.5 RESEARCH HYPOTHESIS
cybercrime hypothesis remains a matter of substitution—such that, as

offenders expend their finite resources to exploit increasing cybercrime opportunities,
they necessarily must devote less resources to those associated with traditional
crimes—and thus an increase in cybercrime causes a reduction in traditional crime.
In considering this cybercrime hypothesis, we offered argument and evidence

to conclude that physical crime such as burglary and car theft did not decline because
offenders shifted to online crimes. Our principal supposition was that the spread of the
Internet occurred too late to account for the major declines in crime experienced
across high income countries. We supplemented this with the argument that while
some crimes such as fraud may have adopted online modus operandi in more recent
years, this would be years after the start of the major crime declines.
1.6 RESEARCH METHODOLOGY
The present study comprehend doctrinal method along with comparative

approaches. The case study method were also applied to obtain the Objectives of the
present study. The present study is more of value based study, hence doctrinal method
is more beneficial than any other method, as in this there is no need of collection of
statistical data from the field. The empirical research method is based more on
experimentation and observation, which is inappropriate in the study of Cyber Crime.
26
https://www.tutorialspoint.com › Cyber Law Objectives
22
Hence for the present work, Doctrinal method is suitable more than empirical method.
Even though at some point it too has played its role, but most of the work is done
according to the doctrinal research method.
1.7 SCHEME OF STUDY
The present study has been divided into the following chapters :
1. Chapter I : Introduction ; The first chapter is the introductory chapter. This

chapter mainly deals with definition, scope, objectives, hypothesis, research
methodology and scheme of study
2. Chapter II : Overview of Cyber Crimes and Cyber law ; The second chapter
deals with the general meaning, types and prevention of cyber crimes
3. Chapter III : Cyber Law in India ; The third chapter deals with Law relating to
the Cyber crime in India
4. Chapter IV : Cyber Crime and Security ; The fourth chapter deals with the
strategies of cyber security in cyber Law
5. Chapter V : Conclusion and Suggestions ; The fifth chapter deals with

Conclusion and suggestions
23
CHAPTER II
OVERVIEW OF CYBER CRIMES AND CYBER LAW
2.1 WHAT IS CYBER CRIME
Any criminal activity that involves a computer, networked device, or any other
related device can be considered a cyber crime. There are some instances when cyber
crimes are carried out with the intention of generating profit for the cybercriminals,
whereas other times a cyber crime is carried out directly to damage or disable the
computer or device. It is also possible that others use computers or networks to spread
malware, illegal information, images, or any other kind of material.
As a result of cyber crime, many types of profit-driven criminal activities can

be perpetrated, such as ransomware attacks, email and internet fraud, identity theft,
and frauds involving financial accounts, credit cards or any other payment card. The
theft and resale of personal and corporate data could be the goal of cybercriminals.
27 In India, cyber crimes are covered by the Information Technology Act,

2000 and the Indian Penal Code, 1860. It is the Information Technology Act, 2000,
which deals with issues related to cyber crimes and electronic commerce. However, in
the year 2008, the Act was amended and outlined the definition and punishment of
cyber crime. Several amendments to the Indian Penal Code 1860 and the Reserve
Bank of India Act were also made.
2.2 TYPES OF CYBER CRIMES
2.2.1 Child Pornography or Child Sexually Abusive Material (CSAM):
`In its simplest sense, child sexual abuse materials (CSAMs) include any
material containing sexual images in any form, wherein both the child being exploited
or abused may be seen. 28There is a provision in Section 67(B) of the Information
Technology Act which states that the publication or transmission of material depicting
children in sexually explicit acts in an electronic form is punishable.
27
https://www.techtarget.com/definition/cybercrime
28
https://www.jurist.org/commentary/2020/05/milind-rajratnam-combating-child-pornography/
24
By pornography we generally mean the depiction of any content, whether

printed or visual, that contains manifest narration, demonstration or display of sexual
activities, sexual organs or any other obscene material with an intention to trigger the
sexual excitement of the viewers. We call it child pornography when children are
included in the said activity. Although, merely a prefix has been added to the term
‘pornography’ in this case, but this little prefix increases the dreadfulness of this term
horrendously.
29The words ‘child’ and ‘sexual activity’ together already sound so wicked,
and then displaying it to people who are watching it to arouse their sexual desires only
make it worse. Consequently, such deeds provoke the exploitation, trafficking and
violence towards children. This is the reason that child pornography is considered so
heinous.
Now, the question is why such a horrible practice is being popular in today’s
time? What are its effects? Have any legislative actions been taken against it? Does
any law provide remedies for it? Has COVID-19 had any influence on its number?
This article aims to focus on areas that the above-mentioned questions are dealing
with.
2.2.1.2 Defining Child Pornography
In India, the term ‘child pornography’ has been defined under the Protection
of Children from Sexual Offences Act, 2012 (POCSO). According to section 2(da) of
the POCSO Act, child pornography is any kind of visual display of overt sexual
activity that engages a child. Such content may be an image, a video or any computer-
generated picture which cannot easily be differentiated from a real child. It includes
all those images which shows a child to be involved in such activities whether it is
created, adapted or modified.
To be very specific, section 2(d) of the POCSO Act defines a ‘child’ to be any
person who has not attained the age of eighteen years.
29
https://www.justice.gov/criminal-ceos/child-pornography
25
On an international level, there is one Optional Protocol on the sale of children,
child prostitution and child pornography (OPSC) that deals with the issue of child
pornography. According to Article 2 of the OPSC, child pornography includes the
depiction of a child involved in either real or simulated explicit sexual conduct as well
as revealing of sexual body parts of a child mainly with sexual motives.
2.2.1.3 Reasons of Increasing Child Pornography
There has been a rapid increase in the sharing of child porn over the years all
around the world. In 1998, the total reported cases of child sexual abuse imagery were
over three thousand and merely after a decade, it turned into more than one lakh cases.
This number crossed one million for the first time in the year 2014. Later in 2018, the
number of cases that were reported increased to 18.4 million which was found to be
more than one-third of the total cases ever reported. In 2020, 21.7 million were
reported which was estimated to be a 28% increase over 2019. The high demand of
child porn can clearly be acknowledged from these horrific statistics, but the question
is why is it so?
The reasons for high demand of child porn are different for different age
groups. 30The primary viewers among the adolescents are those who are nearly 18 to
21 years of age and have sexual dysfunction which means they have difficulty in
maintaining erections and achieving orgasms. On the other hand, many children or
adolescents watch it merely to fulfil their curiosities or fantasies.
However, in case of older people, the majority of the persons watching child
porn are either paedophiles or hebephiles or ephebophiles. These are the people
attracted or sexually oriented or interested towards children or mid to late adolescents.
It is surprising to know that in the view of many of them, it is their love towards those
children. Other than these, there are also many sadists who just take pleasure in
watching those children in pain while they are being molested.
All these rising demands of child porn from these people would be ineffective
if there was no means to fulfil them in the first place. Here comes the role of the
3030
https://enough.org/stats_exploitation
26
internet which has become the nucleus of sharing such materials making them more
popular. The advancement of digital technology and internet expansion has
contributed a lot in shooting up of the child pornography market. The videos are
easily available, easily affordable and they even conceal the identity of the viewer,
hence increasing the number of people watching the same.
2.2.1.4 Impact of Child Pornography
It is quite rare that sexual activity in child porn is consensual. So, if any image,
video or any other content showing sexually explicit conduct involving a child is
created, it is very likely that real sexual abuse or harassment was caused while making
such material. Also, there are high possibilities that such abuse has been done more
than just once. More the demand for child porn increases, more such content is
created, and hence, more crimes against children increases.
This not only deteriorates the child victim’s mental and physical well-being,
but also leaves a grave impact on society. 31When such an abuse or molestation is
committed with a child, he/she goes through a huge trauma and it takes a lot to come
out of it, but the act of pornography, i.e., posting or distributing that recording online
aggravates the situation and makes it impossible for that child to move on ever. Fear,
humiliation, helplessness, lack of confidence are some of the things that would follow
that child forever because he/she knows that somewhere on the internet those pictures
or videos are circulating.
2.2.1.5 Legislative Provisions Combating Child Pornography in India
 Under Protection of Children from Sexual Offences Act, 2012 (POCSO)
The POCSO Act makes the act of using a child for pornographic purposes
punishable. Now what all acts constitute to be usage of a child for pornographic
purposes have been explained in section 13 of the Act. According to the said section,
any person who uses a child for the purpose of sexual gratification through any kind
of media either printed or electronic, no matter whether it was aimed for distribution
31
https://blog.ipleaders.in/child-pornography-reasons-impact-and-
regulation/#Impact_Of_Growing_Popularity_Of_Child_Pornography
27
or just personal use is said to have used the child for pornographic purposes. It
includes the display of a child’s sexual organs, indecent representation of a child, and
engaging a child in true or simulated sexual activity where penetration is not a
mandatory condition.
Section 14 of the POCSO Act punishes any person committing an offence u/s 13
with an imprisonment for at least 5 years and fine. 32And if the person is convicted for
the same offence again, then he would be punishable with imprisonment for a
minimum of 7 years and fine. It further provides that if a person is committing the
offence of using child for pornography along with offence given under sections 3 or 5
or 7 or 9 by getting himself involved in the pornographic act, then such a person shall
be punished under section 4 or 6 or 8 or 10 respectively in addition to section 14 of
the POCSO Act.
Furthermore, section 15 of the POCSO Act provides punishment for storing or

possessing pornographic material that involves a child in three different situations.
Firstly, if it has been done to share such material so as to commit child pornography
then it is punishable with a minimum fine of Rs. 5000, and if such an act is repeated
then with a fine not less than Rs. 10,000. Secondly, if such storage or possession has
been done to display or distribute it, then the punishment is imprisonment for a term
which may extend to 3 years, or with fine, or both.
However, the storage would be exempted from this offence if it was done for the
purpose of reporting or using it as evidence in court. Lastly, if the said pornographic
material is possessed with an intention to use it for commercial purposes, then the
person would be punishable with imprisonment, the term of which would be between
3 years to 5 years, or fine, or both. And if the same is committed again, the
punishment would be between 5 years to 7 years of imprisonment and fine.
 Under the Indian Penal Code, 1860
The Indian Penal Code does not deal with child pornography directly, however, it
prohibits the display of obscene material to young persons under section 293. In this
32
https://www.indiacode.nic.in/handle/123456789/2079?locale=en
28
context, a young person would be a person who is under 20 years of age. So, a person
would be punishable u/s 293 of the Code if he/she shares, disperses, exhibits, sells or
lets to hire any obscene material (as explained in section 292 IPC) to any young
person. The offender would be punishable with an imprisonment up to 3 years and a
fine of Rs. 2000 on first conviction, however, he would be punishable with an
imprisonment up to 7 years and Rs. 5000 fine in case of second conviction.
 Under the Information Technology Act, 2000
Section 67B of the IT Act punishes the act of publishing, transmitting, creating,
collecting, browsing, downloading, advertising, promoting, exchanging, distributing,
recording, etc. of any material in electronic form which shows a sexually explicit
activity engaging a child.33 It also punishes the formation of online relationships with
any child for sexually explicit act and abusing the child online. The punishment
provided u/s 67B is imprisonment of 5 years and ten lakh rupees fine on first
conviction, and in case of second conviction, it is 7 years of imprisonment and fine of
Rs. ten lakhs.
2.2.1.6 Effect of COVID Lockdown on Child Pornography Market
The India Child Protection Fund (ICPF) report outed in April 2020 reported
that there has been an escalation of 95% in consumption of child pornography
material in India. This data has been cited from ‘Pornhub’, which is one of the biggest
pornography websites all over the world.
In the period of lockdown due to the spread of COVID-19, almost all schools,
colleges and offices were closed down. All the works and studies were being
conducted online due to which the number of hours people spent on the internet
increased to a large extent. There is no doubt that apart from the usage of the internet
for academic purposes, children would get exposed to all the aspects of this advanced
digital technology if they spend so much time on it. But while exploring the internet,
these innocent children have no idea about the sexual predators who are roaming out
33
https://www.indiacode.nic.in/handle/123456789/2263?locale=en
29
there to hunt them. And the reason these people are targeting children is none other
than the rising demand of child porn as we have already discussed.
In the lockdown period, all kinds of people including paedophiles, child

molesters, child rapists, etc. spent their time browsing the internet way more than they
usually do. It is evident from the fact that there has been a shoot up in searching of
words such as ‘teen sex’, ‘sexy child’, etc. in this period according to the ICPF report.
Such actions lead to the increase in demand of child sexual abuse content, and in
order to fulfil the same the controllers of child pornography network go to any extent
to provide updated material to their customers and fill their pockets with billions.
34 This demand encourages the masters of pornography market to do child sexual
abuse, child molestation, child trafficking, etc., hence, giving rise to more and more
crimes.
Moreover, a recent Childline India Helpline’s report revealed that they had
received more than ninety thousand calls regarding the request to protect children
from abuse during the national lockdown. This fact clearly indicates that the risk of
child abuse in this lockdown had been much higher and is expected to increase further.
2.2.1.7 Conclusion
The offence of child pornography is not just one offence, rather it is a series of
offences and harsh consequences. It begins with the sexual abuse of child who
probably don’t even understand as to what is happening with him, and even if he
knows about it, that doesn’t make it any better. Then such abuse is recorded and
distributed among certain horrible people who take intense pleasure in watching those
children suffering in pain owing to their exploitation, which provokes them to do it
themselves. This is how the desire to do such heinous acts evolves among people, and
many of them even succeed to do it, hence more crimes.
A child is someone who is at the very beginning of his/her life and have many
years to live ahead, however, when he/she becomes a victim of an offence as brutal as
34
https://www.livelaw.in/columns/child-pornography-in-india-during-the-lockdown-are-our-children-
safe-158778
30
child pornography, it becomes very difficult for that child to live normally
afterwards. Such an incident would leave a stigma in the mind of such a child forever.
It has also been found that in a significant number of cases of child sexual
abuse, the children know their offenders, they might be relatives, family friends,
teachers, etc. Such types of cases are even more disheartening because here the child
would have trusted that person and would never have expected it to happen. What
could be more disappointing than the fact that the children are not safe even in their
own homes?
There is no doubt that government has taken various actions to combat this
evil such as enactment of legislations like POCSO, IT Act which specifically deal
with the issue of child pornography. The government has even banned the websites
providing the said indecent stuff from time to time but we still see no drop in the
statistics of child abuse. Looking at the present scenario, it is obvious that more and
more actions would be taken by the government against this issue, but can anything
be done to help with this matter at an individual level?
One of the major problems in such crimes is that they get unnoticed because
they are not talked about. So maybe, it is high time that we start talking about it, make
our children aware about the things that they might come across with, and when they
do they come to talk to us without any hesitation. It is very important to provide
proper sex education to each and every individual so that they do not get incomplete
learning from outside and move towards some foolish path.
2.2.2 Cyberbulling:
A cyberbully is someone who harasses or bullies others using electronic

devices like computers, mobile phones, laptops, etc. Cyberbullying refers to bullying
conducted through the use of digital technology. The use of social media, messaging
platforms, gaming platforms, and mobile devices may be involved. Oftentimes, this
involves repeated behaviour that is intended to scare, anger, or shame those being
targeted.
31
The development of technology has resulted in the relocation of many

significant real-world activities to the digital world. Increasing reliance on the internet
for projects, school, work, colleges, and social purposes also functions as a forum for
venting one’s anguish and hostility, which would otherwise be impossible to do in a
more formal environment. The virtual space is inundated with traffic, necessitating
the adoption of legislation to regulate and rigor the online growing threat that is
unleashing chaos and destruction on the lives of children and teenagers. 35The internet
and cyberspace can, without a question, be used for findings and creative endeavors,
but the probability of using the internet for illegal activities cannot be ignored or
dismissed. Bullies can harass their helpless prey with little or no liability and without
fear of repercussions because they have access to the internet on their mobile devices
24 hours a day and seven days a week.
Bullying, no matter what kind it is, has the effect of bringing people down. It
can occur at any time and from any location, including school, college, work, home,
and even over the internet, to name a few examples. A distinction should be made
between bullying that occurs in front of you and bullying that occurs online, as you
have less control and no way to run away from online bullying, whereas you do have
an option to evade bullying that occurs in front of you in the physical world.
2.2.2.2 Cyberbullying or Online Bullying
In the broad definition of cybercrime, cyberbullying or cyberharassment is

also identified as online bullying. As a result, it is critical to comprehend what
constitutes cyberbullying and harassment to prevent it from happening to someone
else. Bullying can be defined as an act “actively sought to harm or harass (someone
considered to be resilient)”. As a result, any individual or group of individuals who
attempt to harm, manipulate, harass, or intimidate another is referred to as bullying
the latter.
35
https://www.mondaq.com/india/crime/989624/anti-cyber-bullying-laws-in-india–an-analysis
32
‘Cyberbullying’, according to cybercrime experts, is defined as “a hostile,
deliberate act or an omission that is performed out by a particular person or group
utilizing electronic forms of contact against a sufferer who is unable to safeguard
himself or herself, repetitively and overtime.” When an individual or group of people
bully or intimidate any other individual through the use of digital technologies,
whether on the internet or in another virtual realm, this is referred to as cyberbullying
or cyber harassment. Sharing personal photos and videos without permission,
phishing groups, spam groups, or a particular person, making fake accounts, body
shaming, making memes and videos of people making mistakes, especially celebrities,
and so on are examples of this. Such conduct or actions are most commonly seen on
social networking platforms such as Youtube, Instagram, Twitter, Facebook, and
others, as well as through SMS, Instant Messages (IM) services such as iMessage, FB
Messenger, WhatsApp, and others, as well as via e-mail, discussion groups, and even
gaming sites, among other places.
Cyberbullying can occur for a variety of reasons, including enmity, envy, the
feeling of insecurity, and a variety of other reasons. It takes place on social media
sites in various forms such as messages or e-mail, by making comments on someone’s
post or video on social media sites in a pessimistic or aggressive way, which injures
the feelings of an individual about whom they are written. It can also occur when
someone degrades, writes, or posts something hurtful, which can be in the form of
sound, video, or text. Cyberbullying is the term used to describe the act of posting
such information on the internet.
 Different types of cyberbullying
Different methods are used by bullies to trouble people by their negative thoughts
in different situations. Cyberbullying, like social media, is a varied and prevalent
phenomenon with many different forms and manifestations. It is, therefore, necessary
to understand the different types of cyberbullying to empower parents and adolescents
to report cyberbullying and take preventative measures against cyberbullying.
Cyberbullying can take place in a variety of ways, including:
33
 Exclusion
Exclusion is the intentional act of abandoning somebody out of something.

Exclusion is common in in-person bullying instances, but it can also be used to attack
and bully a victim over the internet. It is possible that your child will be excluded
from or refused entry into social gatherings, even though they see other mates being
welcomed, or that they will be excluded from message posts or chats that constitute
friends in common.
 Harassment
Although cyberbullying is a wide definition that encompasses many kinds of

behavior, harassment is generally defined as an ongoing structure of hurtful or
endangering online messages sent to cause injury to another person.
 Outing/doxing
An outing also referred to as doxing, is the act of publicly disclosing sensitive or

private data about someone without their permission with the intent of embarrassment
or humiliation of that person. 36 From the dissemination of private pictures or
documents of public figures to the sharing of a person’s saved private chats in an
online private group, this can take many different forms. The crucial factor is the
victim’s refusal to give consent.
 Trickery
Trickery is related to an outing, but with the addition of deceit as a component. In

this scenario, the bully will make friends with their victim to entice them into a
fictitious sense of confidence. Once a bully has acquired the trust of their attacker,
they will take advantage of that trust by disclosing the victim’s secret information and
personal data to third parties.
36
http://docs.manupatra.in/newsline/articles/Upload/FDF5EB3E-2BB1-44BB-8F1D-
9CA06D965AA9.pdf
34
 Fraping
A bully may use your child’s social networking accounts to post unsuitable content
under their name, which is known as fraping. When friends post hilarious messages
on each other’s social media profiles, it can be considered harmless, but it has the
potential to be extremely harmful. For example, a bully posting racial insults through
someone else’s profile to tarnish their public image is considered harassment.
 Masquerading
A bully uses masquerading when he or she creates an entirely fictitious profile or

identity for the sole purpose of cyberbullying another person. This could include
creating a fictitious email account and social media profile, as well as selecting a
novel identity and photos to deceive the victim. In these situations, the bully is usually
someone who the victim is familiar with and trusts.
 Dissing
Dissing is the act of a bully disseminating inhumane details about any person
through public posts or personal messages to either spoil any person’s public image or
their interpersonal relationships with other people. Typically, in these circumstances,
the bully and the victim have a personal relationship with one another, either as a
casual familiarity or as a friendship.
 Trolling
Trolling is when a bully goes out of his or her way to deliberately frustrate
others by posting incendiary remarks on social media platforms. Although trolling
is not always considered a form of cyberbullying, when done with deceptive and
detrimental intent, it can be used as a weapon for cyberbullying. Bullies who are
more detached from their victims and who do not have a close connection with
them are the ones who commonly troll.
 Flaming
When someone engages in online bullying, they either post about it or explicitly
send personal attacks and vulgarities to the victim(s). The act of flaming is almost
35
equivalent to trolling, but it is usually a more direct attack on a victim with the intent
of provoking them into an online battle.
2.2.2.3 Legal Remedies

Even though there is no particular law that criminalizes cyber-bullying in India,
some sections of the Information Technology Act, 2000, as well as the Indian Penal
Code, 1860, deal with these issues and can be considered to fall within the broad
definition of cyber-bullying.
 Legal remedy under Information Technology Act, 2000
The Information Technology Act was enacted solely to deal with issues relating to
e-commerce, as is apparent from its preamble. However, it has been construed by the
courts to deal with issues relating to cyberbullying, cyberstalking, and other forms of
cyber harassment. Chapter 11 of the Information Technology Amendment Act, 2000,
includes offences where there is no specific definition of the crime of cyberbullying in
this chapter. Although the act provides legal remedies against the same under Sections
66 and 67, they are not always effective. 37Some of the most important provisions of
the IT Act that deal with cyberbullying are as follows:
 Section 66A of the Information Technology Act, 2000, deals with the transfer
of offensive messages through communication services, etc. This Section
provided genuine victims of cyber harassment with a possible chance to
acquire instant relief against subject matter that may be demeaning or harmful.
Its repeal has left police authorities powerless in the face of the growing threat
of cyberbullying, which is on the rise.
 Section 66C defines the punishment for identity theft.
 Section 66D of the IT Act deals with personation and the use of a computer
resource to cheat.
 Section 66E of the IT Act deals with the punishment for violating someone’s
privacy.
37
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3554114
36
 Section 67 deals address the punishment for publishing or transferring obscene
material via electronic means.
 Section 67A deals with the punishment for publishing or transferring material
comprising sexually explicit acts, images, or other content through electronic
means.
 Section 67B deals with the punishment for publishing or transferring material
comprising sexually explicit acts, images, or other content which portrays
children through electronic means.
 Legal remedy under Indian Penal Code, 1860
According to the Indian Penal Code, remedies were available in the event of
defamatory conduct or an act that was offensive to the modesty of women. The Act
was amended in 2013, and new offences were added, including cyberstalking, which
was made a criminal offence. The following sections of the Indian Penal Code (IPC)
deals with cyberbullying in one way or another:
 Section 292, which deals with the printing of inappropriate matter or matter
for blackmail, states that the matter must be harmful to morality or measured
to injure a person and that the perpetrator will be imprisoned for a maximum
of two years, as well as be subjected to a fine.
 According to Section 354A, making or insisting sexually colored remarks, as

well as being guilty of the crime of sexual harassment, as well as displaying
pornography against the will of the women, are all subjected to punishment.
 Section 354C provides that a cyberbully can be prosecuted for taking

photographs and can be held liable under this Section and other sections if he
distributes or publishes the photographs.
 As per Section 354D, if a woman is stalked or attempted to be stalked by

another person, such person can be held liable for three years for the first
attempt and a maximum of five years for any later attempts.
37
 Section 499 addresses defamation, which is defined as, when a person,
through verbal words or signs, creates or publishes something with the intent
of harming the public image of another person. Defamation can be committed
through electronic means as well and Section 500 talks about the punishment
for defamation.
 Section 503 talks about the offence, where the person sends threatening
messages through the mail.
 According to Section 507, criminal intimidation through any unidentified

communication or means is prohibited, and the offender will be liable for up to
two years in prison if he or she is found guilty.
 According to Section 509 of the Indian Penal Code, offenders who intend to
disrespect the modesty of a woman by words or gestures, which can also be
done through electronic means, by invading the privacy of the woman, will be
punished with imprisonment for one year or a fine or both.
2.2.2.4 Procedure to Follow When You Are Bullied Online
A cybercrime of online bullying can be reported to the cybercrime units in any

city, regardless of where it occurred.
Cyber Cells:
Cyber Cells were created to help aggrieved persons of cybercrime get

compensation. These units are part of a criminal investigation unit and are tasked with
investigating Internet-related criminal activities. The person can register an FIR at the
nearest police station if your home does not have a cyber cell. If anyone is helpless to
file an FIR for any cause, that individual can still contact the judicial magistrate or
commissioner in his city. Regardless of jurisdiction, every police station is required to
file an FIR.
Online grievance redressal:
When it comes to handling female victims, the police are the most well-
known law administration body in India. Even if they have instant access to a police
38
station, women are hesitant to report an event for fear of being questioned and
subjected to more suffering. As a consequence, crimes against women remain to go
unpunished, and women have to bear the burden of online bullying. Women who do
not wish to come forward can submit a complaint with the National Commission for
Women. The Commission contacts the police and requests that the investigation be
hastened. In the case of major crimes, the Commission can appoint an investigative
committee to look into the situation and undertake a field investigation, gather
evidence, question witnesses, call the accused, and get police records, etc. At present,
there is a centralized cybercrime reporting portal that is governed by the Ministry of
Home Affairs.
Report to CERT:
Under the Information Technology Amendment Act of 2008, the

Indian Computer Emergency Response Team (CERT-IN) has been established as the
national regulatory authority for dealing with computer safety concerns. They give
guidance on cyber incident protocol, protection, reporting, and reaction, among other
things.
Report to the websites:
38Most social media platforms that allow users to create accounts include a
reporting feature. Under the IT (Intermediary Guidelines) Rules, 2011, these websites
must respond within 36 hours to remove information connected to infringing content.
For the sake of investigation, the intermediary must keep such information and related
documents for at least 90 days. Any objectionable content that is kept, saved, or
disseminated on the aggrieved person’s computer system can be brought to the
intermediary’s attention in writing or via email signed with an electronic signature.
38
Dr. J. P. Mishra, An Introduction to Cyber Law, Central Law Publication, 2014
39
2.2.2.5 Case Laws
Cyberbullying for the first time was addressed as an issue by the Supreme
Court in the landmark case of Vishaka vs.State of Rajasthan (1997). In this case, the
Supreme Court issued policies and procedures to safeguard women from sexual
harassment when it came to coping with the issue of bullying.
In India, the provision that protected cyberbullying, Section 66A of the

Information Technology Act, 2000, was struck down in the case of Shreya Singhal vs.
Union of India, 2015.
39 In the case of Shibani Barik v. the State of Odisha (2020), the Court
observed that cyberbullying was on the rise through Tik Tok and it emphasized the
importance of strict regulation to protect the youngsters and children from being
bullied. The above-quoted decision perfectly summarizes the flaws in the current
legislative framework. The pressing issues pertaining to cybercrimes either necessitate
a significant overhaul of the Information Technology Act, 2000, in order to keep up
with recent trends in online predator behavior, victim specific requirements, and
technological developments, or the formation of new provisions that would deal
specifically with cyber offences, the method for enforcing them, the collection of
evidence, and the punishment thereafter.
Concerning the government’s responsibility to regulate the misappropriation

of Tik Tok, the Court found that: “the effective government has social accountability
to impose reasonable burdensome regulations on the companies that are proliferating
such applications, and the appropriate government should do so. In some cases, such
as Sections 66E, 67, and 67A, which specify punishment for breach of privacy,
publication, and circulation of what the Act calls “obscene” or “seductive” content,
the Information Technology Act by other laws in force can be effective in bringing
such offenders to justice, but this is woefully inadequate. India lacks a specialized law
to address crimes like cyberbullying, although the Information Technology Act, 2000
imposes a responsibility on such companies to remove content and exercise caution
before posting any content.”
39
Dr.S.R.Myneni,Information Technology Law, Asia Law House Hyderabad, Second Edition
40
2.2.2.6 Conclusion
Indian laws are proficient and well-drafted when it comes to punishing

traditional offences that take place in the physical territory. Some laws to punish
offences committed in cyberspace have been carefully drafted to achieve the goals of
justice. The important feature of cyberspace is that, in contrast to physical space, it is
constantly expanding and developing. Because of the same reason, it is still difficult
to predict how crimes will manifest themselves; cyberbullying is one example

of such
a crime. It can take many distinct structures and be prosecuted under various
regulations of current legislation, but doing so will have an impact on the
development of cyber laws in India in the long run. There is a need to define different
laws for cyber-crime offences because the mode, implications, gravity, and likely
targets are all different from those of traditional criminal offences. Cyberbullying is
one of the offences that have the potential to develop into something more serious in
the future and should be acknowledged as soon as possible.
2.2.3 Cyberstalking:
Cyberstalking is the act of harassing or stalking another person online using

the internet and other technologies. Cyberstalking is done through texts, emails, social
media posts, and other forms and is often persistent, methodical, and deliberate.
Physical stalking has surely been replaced by virtual stalking as a result of the
pandemic. As there are so many applications, stalker-ware, spyware, social
networking tools, and other technologies available, stalking people has never been
easier.
The internet has opened up a medium for quicker communication and data
sharing. People may interact with each other and access one another’s information
with a simple click on social media sites. On the other hand, technology includes
41
loopholes that allow criminals to abuse this freedom of access, leading to an increase
in cybercrime in India
40Cyberstalking, also known as online stalking or internet stalking, is one such

cybercrime. Simply described, cyberstalking is the harassment of a person through the
use of technology, particularly the internet. Monitoring someone’s online activity,
threats, identity theft, data theft, forging their data, and other forms of harassment are
all examples of harassment.
Cyberstalking is a form of obsessive behaviour in which a person obsessively

and unlawfully monitors another person’s online activities.
2.2.3.2 Recent Cases of Cyberstalking in India
Seema Khanna (name changed), an embassy employee in New Delhi, wasn’t

aware that using the internet will result in an invasion of her privacy. Khanna (32)
received a series of emails from a man demanding her to either appear naked for him
or pay him Rs 1 lakh in an apparent case of cyberstalking. The woman stated in her
statement to Delhi Police that she began receiving these emails in the third week of
November 2020.
Khanna was threatened by the accused, who said he would post her altered
photographs, as well as her phone number and address, on sex websites. He also
allegedly threatened to display the photos in her south-west Delhi neighbourhood.
“She initially ignored the emails, but she soon began receiving letters through
posts, all of which had the same threat. She was compelled to report the incident to
the authorities “stated an officer of the cybercrime cell.
Her struggle, however, was far from over. The accused sent the woman her
photos over email. The woman said that these were the exact photos she had saved in
her mail. The accused allegedly hacked her email password, allowing him access to
the photos, according to the police.
40
https://www.myadvo.in/blog/the-virtual-reality-of-cyber-stalking-in-india/
42
According to a preliminary investigation into the complaint, the emails were
sent to the victim from a cyber cafe in South Delhi. “We aim to find the accused as
quickly as possible,” said Dependra Pathak, Deputy Commissioner of Police (crime).
The offender appeared to know a lot about the victim, which led the
authorities to believe he knew her.
During the last year, 2020, Divya Sharma noticed that a random Instagram
user liked nearly 200 of her photos. She disregarded it as harmless until he began
making inappropriate remarks. “He then started sending me DMs asking if I wanted to
go on a date with him, which I continued to ignore,” the Pune-based Archeology
student recalls. He became enraged and started abusing me, threatening to make me
his wife by force.” That’s when Divya filed an online complaint with the cyber police,
which resulted in the abuser’s account being suspended and the abuser being punished.
She believes that, “no one has the right to threaten you in DMs or comments.”
The cyberstalker could be charged under Section 509 of the IPC for invading a
woman’s modesty, as well as the Information Technology Act of 2000.
According to the National Crime Records Bureau’s most recent data,

Maharashtra has reported the greatest number of cases of cyberstalking/bullying of
women for the third year in a row – 1,126.
Maharashtra was also responsible for one-third of the total 2,051 cyber
stalking/bullying instances registered in India between 2017 and 2019. With 184 cases,
Andhra Pradesh came in second, followed by Haryana with 97 cases.
Maharashtra placed second among states in terms of cybercrime against

women, with 1,503 cases reported in 2019 compared to 1,262 in 2018, a 19% increase.
Karnataka topped the list, with a 50 per cent increase in cases — 2,698 in 2019 versus
1,374 in 2018. In Maharashtra, the conviction rate for cybercrime has been extremely
low over the last three years, with only 56 of the 4,500 plus detained offenders being
imprisoned.
43
2.2.3.3 What is Cyberstalking?
Cyberstalking is the practice of stalking or harassing someone over the
internet. It can be directed towards individuals, groups, or even organisations,

and can include slander, defamation, and threats. The goal could be to control or
threaten the victim, or to obtain information for other crimes such as identity theft or
online stalking. It occurs via the internet, in places like social media, forums, and
email. It’s usually planned out and carried out over a while. Other forms of
cyberstalking might be used to frighten victims or make their lives unpleasant.
Cyberstalkers may, for example, stalk their victims on social media, trolling
and sending threatening comments; they may even hack email accounts to connect
with the victim’s connections, including friends and employers. 41Faking photos on
social media or sending threatening private messages are examples of social media
stalking. Cyberstalkers are known for spreading harmful rumours and making false
charges, as well as creating and publishing revenge pornography. They may even
commit identity theft by creating false social media profiles or blogs in the victim’s
name.
Cyberstalking does not always require direct conversation, and some victims
are unaware that they are being followed online. Perpetrators might utilise numerous
tactics to monitor victims and utilise the information acquired for crimes such as
identity theft. The barrier between the internet and real life might get blurred in some
circumstances. Attackers can gather personal information, contact their associates,
and try to harass offline.
Cyberstalkers employ a variety of tactics to track a person over the internet,

including SMS, phone calls, emails, and social networking platforms. Users’ personal
information, such as images, addresses, contacts, and whereabouts, are accessible via
social networking websites and mobile apps. This information can be used by stalkers
to threaten, blackmail, or physically contact the victim.
41
https://www.tripwire.com/state-of-security/security-awareness/what-cyberstalking-prevent/
44
Emails are also used by cyberstalkers to track down a target. Hacking can give
a stalker access to a person’s email account, which they can then use to send
threatening or obscene messages. Some emails are infected with computer malware or
viruses, rendering the email useless to the sender.
2.2.3.4 What does Cyberstalking Includes?
 False accusations of a defamatory character.
 Hacking or vandalising the victim’s website.
 Making sexual comments.
 Publishing things that are intended to defame a person.
 Personally targeting the victims of crime.
 Making fun of or humiliating someone to form a gang against them.
2.2.3.5 Reasons for Cyberstalking
Severe narcissism, anger, fury, retribution, envy, obsession, psychiatric

disorder, power and control, sadomasochistic fantasies, sexual deviance, internet
addiction, or religious fanaticism are among the psychological causes for stalking.
The following are a few of them:
Jealousy: It is a negative emotion. Stalking can be motivated by jealousy,

especially when it involves ex-partners and present partners.
Obsession and attraction: Obsession and attraction could be another reason for
stalking. The stalker may be sexually or mentally attracted to the victim. The line
between admiring and stalking is thin.
Erotomania: It is a type of stalking belief in which the stalker believes the

victim, who is usually a stranger or a well-known person, is in love with him. It
always entails having a sexual attraction to someone.
Sexual harassment: Cyberstalking is said to be mostly motivated by sexual

harassment. This is so because the internet reflects real life.
45
Revenge and hate: Sometimes the victim is not the reason for the feeling of
hatred and revenge in the mind of the stalker yet he/she becomes the target of the
stalker. The stalker appears to find the internet to be the most convenient medium for
expressing their hatred and vengeance.
2.2.3.6 Kinds of Cyberstalking
Cyberstalking can be classified into three different types, that are as follows:
 Email stalking:
42 Email stalking is one of the most common types of stalking in the physical
world, which includes telephoning, sending mail, and actual surveillance.
Cyberstalking, on the other hand, can take many different forms. Unsolicited e-mail,
such as hate, obscene, or threatening messages, is one of the most common forms of
harassment. Sending the victim viruses or a significant amount of electronic junk mail
are examples of other sorts of harassment. It’s vital to note that simply distributing
viruses or sending sales calls isn’t considered stalking.
However, if these communications are sent repeatedly in an attempt to frighten (e.g.,

in the same way, that stalkers in the physical world mail subscriptions to pornographic
magazines), they may be considered stalking.
 Internet stalking
In this instance, stalkers might make extensive use of the internet to slander
and put their victims at risk. Cyberstalking takes on a public rather than a private
component in such circumstances. This type of cyberstalking is particularly
concerning because it looks to be the most likely to break into physical space.
Traditional stalker practises such as threatening phone calls, property destruction,
threatening mail, and physical attacks are commonly associated with internet stalking.
There are significant distinctions between the situation of someone who is stalked
from a distance of two thousand miles and someone who is regularly within the
shooting range of their stalker.
42
https://www.kaspersky.co.in/resource-center/threats/how-to-avoid-cyberstalking
46
While most criminal penalties recognise emotional distress, it is not deemed as
dangerous as a genuine physical threat. Despite the fact that the connection between
stalking, domestic violence, and feticide have been experimentally shown in real life,
much internet stalking still focuses on causing emotional anguish, dread, and
apprehension. This is not to imply that instilling fear and generating concern should
not be criminalised.
 Computer stalking
The third type of cyberstalking is computer stalking, which takes advantage of

the Internet and the Windows operating system to get control of the targeted victim’s
computer. It’s unlikely that many people realise that a single Windows-based machine
linked to the Internet can be detected and connected to another computer over the
Internet. This connection is a computer-to-computer connection that allows the
interloper to take control of the target’s computer without the use of a third party.
As soon as the target computer connects to the Internet in any form, a

cyberstalker usually talks directly with them. The stalker can take control of the
victim’s computer, and the victim’s sole defence is to unplug from the Internet and
relinquish their current IP address.
2.2.3.7 Types of Cyberstalkers
A stalker could be obsessed, furious, psychotic, or deranged, depending on the

motivations for stalking described above. Stalkers are divided into three categories:
 Obsessional stalkers
This type involves a prior relationship between the victim and the perpetrator. The
perpetrator’s primary goal is to compel or re-enter into the relationship. This category
includes the majority of stalkers. This category includes 47 per cent of stalkers.
 Obsessive love stalkers
In this case, the perpetrator has a strong attachment or love for the victim, and they
are usually one-sided lovers. The offender could never accept his lover’s rejection.
47
The perpetrator is usually suffering from a mental illness like schizophrenia or bipolar
disorder. This group accounts for 43% of all perpetrators.
 Erotomanic stalkers
In this case, the stalker has the misconception that the victim’s actions are motivated
by love for him. Then he began to fall in love with her, and when it became known to
him, he became a stalker.
2.2.3.8 What is the Procedure for Filing a Complaint?
43According to the Information Technology Act, 2000 any police officer not
below the rank of Deputy Superintendent of Police, or any other officer of the Central
Government or a State Government authorised by the Central Government in this
regard, may enter any public place and search and arrest any person found there
without a warrant, notwithstanding anything in the Code of Criminal Procedure, 1973.
(Section 80)
Cybercrime does not have jurisdiction because it occurs without any

boundaries. As a result, you can report a cybercrime to the cybercrime department of
any city, regardless of where it occurred.
 Cyber cells
Cyber cells have been set up to provide redressal to cybercrime victims. These
cells are part of the criminal investigation department and are tasked with
investigating internet-related crimes. If your location does not have a cyber cell, you
can submit an FIR with a local police station. If you are unable to file an FIR for any
reason, you can still contact your city’s commissioner or judicial magistrate. Any
police station is bound to register an FIR, irrespective of its jurisdiction. One can
report the crime online at cybercrime.gov.in
43
https://timesofindia.indiatimes.com/life-style/spotlight/beware-cyberstalking-is-on-the-rise-during-
the-pandemic/articleshow/81924158.cms
48
You must submit your name, contact information, and mailing address when
registering a cybercrime report. The written complaint should be addressed to the
Head of the Cyber Crime Cell in the city where the cybercrime report is being filed.
If you are a victim of online harassment, you should seek legal advice to help you
report it to the police station. You may also be asked to submit specific documents
with your complaint. This, however, would be depending on the nature of the offence.
 Online grievance redressal
Women who are stalked can report the incident to the National Commission for
Women (NCW). Who would then contact the police? This complaint can be filed by
any woman in India. The Commission then requests that the police speed the probe. In
serious cases, the commission appoints an inquiry committee, which conducts an on-
the-spot investigation, interviews witnesses, gathers evidence, and so on. To aid the
investigation, the Commission has the authority to call the accused, witnesses, and
police documents. To register a complaint, the complainant must visit this website.
 Report to the websites
Most social media platforms that allow users to create accounts provide a
reporting feature. Under the IT (Intermediary Guidelines) Rules, 2011, these websites
must respond within 36 hours to remove information related to infringing content. For
investigation, the intermediary must keep such information and related records for at
least ninety days. Any objectionable content that is hosted, saved, or published on the
affected person’s computer system can be brought to the intermediary’s attention in
writing or via email signed with an electronic signature.
 Report to CERT
Under the Information Technology Amendment Act of 2008, the Indian Computer
Emergency Response Team (CERT-IN) has been established as the national nodal
agency for dealing with computer security concerns. They give guidance on cyber
incident protocol, prevention, reporting, and reaction, among other things.
 File an FIR
49
You can file a First Information Report (FIR) at the local police station if you
don’t have access to any of India’s cyber cells. If your complaint isn’t accepted there,
you can go to the Commissioner or the Judicial Magistrate of the city.
The Indian Penal Code covers a number of cybercrime offences. To report them,
you can file a cybercrime FIR with the nearest local police station. Every police
officer, regardless of the jurisdiction in which the crime was committed, is required
under Section 154 of the Code of Criminal Procedure to record the
information/complaint of an offence.
The majority of cybercrimes are recognised as cognizable offences under the

Indian Penal Code. A cognizable offence is one that does not require a warrant for an
arrest or inquiry. A police officer is required to record a Zero FIR from the
complainant in this scenario. He must then submit it to the police station in charge of
the jurisdiction where the crime occurred.
Zero FIR provides some relief to victims of crimes that require quick
attention/investigation because it saves time by not registering the crime on police
records.
2.2.3.9 The Indian Laws that Deal with Cyberstalking Along with their
Loopholes
 Section 354D of IPC
44 Following the gang-rape case in Delhi, the Criminal Amendment Act of

2013 introduced Section 354D of IPC. This section considers both physical stalking
and cyberstalking. The section’s scope is defined in terms of the activities that
constitute “stalking.” The Section expressly states that anyone who attempts to
monitor a woman’s online activities is guilty of stalking. As a result, if the stalker
engages in any of the offences listed in the section, he violates the Indian Penal Code
Section 354D.
44
https://www.thebetterindia.com/45671/stalking-india-women-complaint-online/
50
45Firstly, the section exclusively treats “women” as victims, ignoring the fact
that men can also be victims. According to the section, anyone who attempts to
monitor a woman’s use of the internet, e-mail, or any other form of electronic
communication is guilty of cyberstalking. We can see that it is solely focused on
women. As a result, the legislation is discriminatory against women. Second, the
“method of monitoring” has not been mentioned by the legislators. The guy may have
no purpose for stalking, but his behaviour does.
 Section 292 of IPC
46 Obscenity is defined in Section 292 of the IPC. The act of sending obscene
materials to the victim on a social networking site, or through emails or texts, falls
within the definition of cyberstalking. The stalker is guilty of an offence under
Section 292 of the Indian Penal Code if he tries to deprave the other person by
sending obscene material over the internet with the intent that the other person read,
see, or hear the content of such material.
This Section deals with “criminal intimidation through anonymous

communication.” This clause specifies that it is an offence if the stalker attempts to
conceal his identity so that the victim is uninformed of the source of the threat. As a
result, it ensures anonymity, which is a key feature of cyberstalking. If the stalker tries
to hide his or her identity, he or she will be charged under this section.
A stalker can be charged under this Section if the stalker’s actions infringe on
the privacy of a lady by making any gestures or sending words via e-mails, messaging,
or social media. If they engage in any of these activities, he would be charged under
Section 509 of the Indian Penal Code.
45
https://vidhisastras.com/cyber-stalking-in-india/
46
http://docs.manupatra.in/newsline/articles/Upload/455C1055-C2B6-4839-82AC-
5AB08CBA7489.pdf
51
Loopholes:
It is a gender-biased provision since it focuses solely on a woman’s modesty

and thus overlooks the reality that cyberstalking is a gender-neutral offence in which
males can also be victims.
The words, voice, or gesture must be said, heard, and observed, respectively,
in this section. Because words cannot be spoken, gestures cannot be seen, and sound
cannot be heard via the internet, cyber-stalkers can easily avoid the penalty imposed
by this clause. Finally, the intention of insulting the modesty of the woman cannot be
assumed through communication on the internet.
2.2.3.10 Information Technology Act, 2000

 Section 67 of the IT Act
This Section is a copy of Section 292A of the Indian Penal Code. This section
deals with the “electronic form” of obscene material. As a result, this section deals
with online stalking. If the stalker tries to publish obscene material about the victim
on social media, i.e, in electronic form, to bully the victim, he will be charged under
Section 67 of the Information Technology Act.
 Section 67A of the IT Act
This Section is related to cyberstalking. This section was added after the 2008
amendment. It stipulates that if a stalker tries to publish any “sexually explicit”
material in electronic forms, such as through emails, messages, or social media, he
will be charged with an offence under Section 67A of the IT Act and will be punished
as a result.
 Section 67B of the IT Act
47This Section was added by Amendment Act 2008 for the first time. The section
focuses on stalkers who target children under the age of 18 and disseminate content
depicting youngsters engaging in sexual behaviour to terrify them.
47
https://www.indiaforensic.com/cyberstalking.htm
52
 Section 66E of IT Act, 2000 and Section 354C of IPC
Section 66E of Information Technology Act, 2000 and Section 354C of the Indian
Penal Code deal with “voyeurism.”
48To generate despair and a sense of insecurity in the victim’s mind, the stalker
may hack the victim’s account and post private images of the victim on social
networking sites. Both of the above-mentioned sections attempt to make it illegal to
publish or take images of a person’s private act without their consent.
Section 66E is more generic in that it refers to the victim as “any person,” whereas
Section 345C is gender-specific. The victim must be a “woman,” according to section
354C.
“What is remarkable here is that, while all offline regulations apply to digital
media, the penalties under the IT Act are significantly more severe.”
“It is worth noting that the IT Act places a strong emphasis on women’s bodies
and sexualities: Section 66A of the Act deals with a broad category of ‘offensive
messages.’”
The act of voyeurism is covered by Section 354C of the Indian Penal Code. It has
a limited reach because the victim must be a “woman” to be eligible for this clause.
On the other hand, voyeurism is covered by Section 66E of the Information
Technology Act, which has a broader scope than Section 354C of the Indian Penal
Code. The victim is referred to as “any individual” in Section 66E. As a result, the
victim does not have to be a “woman” to receive justice under this clause. If the
victim is a guy, he can use Section 66E of the Information Technology Act of 2000 to
sue.
2.2.3.11 Conclusion
The Information Technology Act of 2000 and the Indian Penal Code of 1860
do not specifically address the subject of cyberstalking and the defamatory or
48
https://www.latestlaws.com/articles/how-to-file-cyber-stalking-complaint-in-india-by-buelah-
pranathi-gollapudi/
53
threatening statements made by the stalker while stalking the victim through SMS,
phone calls, e-mails, or blogging under the victim’s name. Some of the provisions of
the above-mentioned Acts allow for the punishment of the offender. There is no
specific clause that deals with this offence. This crime is fairly simple to commit, but
the consequences are quite long-lasting. It can harm the victim’s mental and physical
well-being. The penalty provided under current provisions should be enhanced while
keeping the victim’s well-being in mind.
2.2.4 Cyber Grooming:
The phenomenon of cyber grooming involves a person building a relationship

with a teenager and having a strategy of luring, teasing, or even putting pressure on
them to perform a sexual act.
Cyber grooming is the process of ‘befriending’ a young person online “to

facilitate online sexual contact and/or a physical meeting with them with the goal of
committing sexual abuse”.
Cyber grooming is when someone (often an adult) befriends a child online and
builds an emotional connection with future intentions of sexual abuse, sexual
exploitation or trafficking. The main goals of cyber grooming are: to gain trust from
the child, to obtain intimate and personal data from the child (often sexual in nature—
such as sexual conversations, pictures, or videos) in order to threaten and blackmail
for further inappropriate material.
49Perpetrators often take on fake identities of a child or teen and approach their
victims in child-friendly websites, leaving children vulnerable and unaware of the fact
that they have been approached for purposes of cyber grooming. Perpetrators often
start conversations with inconspicuous and general questions about age, hobbies,
school, family. They also attract children with gifts, offers for gift or guidance and
favours to children. After gaining trust, they often ask the child to share nude photos
or videos and get involved in sexually abusive conversations. Many of them also want
49
https://biometrica.com/icmec-online-grooming/
54
to meet the child in a lonely place for the purpose of abuse. However, the children and
young people can also unknowingly initiate the grooming process when they partake
in websites or forums with lucrative offers such as money in exchange for contact
details or intimate photos of themselves.
The anonymity and accessibility of digital technology allows groomers to

approach multiple children at one time, therefore exponentially multiplying the cases
of cyber grooming. A 2012 UK-based survey revealed that 42 percent of children
(ages 11-16 years old) received online attachments by email from strangers. Similarly,
in a different study consisting of 264 grooming cases reported that: “suspects
requested sexual images in 93.4 percent of cases, in 24 percent of the cases the young
person was threatened with the distribution of existing images or other harm; the
young person actually sent sexual images in 30 percent of the cases; and in 35.5
percent of cases the suspect sent the victim sexual images of themselves or requested
the young person to interact by webcam” (ICMEC). On the contrary, there are only a
few cases of convictions for the crime of cyber grooming globally, as two-thirds of
the world’s countries have no specific laws regarding cyber grooming of children.
The cyber grooming process itself can happen quickly, however the negative
impact on the victim can be long-term. In addition to feeling violated and betrayed, a
child who has been groomed may feel responsible for or deserving of the abuse,
leading to self-blame and low self-esteem. Thus, it is crucial not only to raise
awareness about the dangers of cyber grooming and safe practices of internet
technologies but also for international legislations to criminalize all types of child
grooming. Cyber grooming is often considered to be a gateway to more serious
offenses of sexual exploitation of children.
At least three distinct types of groomer exist: 'Distorted Attachment';

'Adaptable Offender'; and 'Hyper-Sexual'.
2.2.4.2 Distorted Attachment
A groomer who believes he is in a romantic and consenting relationship with

the young person he is grooming. Unlike what most people think about groomers, this
55
particular offender reveals his identity to the victim and uses no indecent images of
children. He spends a great deal of time becoming friendly with his victim before they
meet face to face.
2.2.4.3 Adaptable Offenders

50Uses many identities online, adapting his grooming style to suit his purposes.
This offender may or may not use indecent images, but he will view the person he is
grooming as being appropriate for sexual abuse. It is not his objective to always meet
the young person in real life.
2.2.4.4 Hyper Sexual Offender:
Focuses on sharing and securing extensive numbers of indecent images of

children. This offender will be part of an online network of sexual offenders, but who
has very little, if no, interest at all to meet his victim face to face. The researchers say
this type of groomer will likely use various identities or a sexually explicit profile
name and photo to make fast contact with a young person.
2.2.4.5 Prevention and Protection from Cyber Grooming
Children, young people, parents and guardians can play important roles in
preventing cyber grooming and protecting children and young people online. They
can take the following measures for preventing and protecting children.
Children and Young People:
 Avoid interacting with online strangers or people not known very well to you.
 Do not accept friend requests from people not known very well.
 Do not share private and confidential information publicly.
 Check and set privacy settings on websites and platforms regularly accessed.
50
www.nspcc.org.uk/preventing-abuse/child-abuse-and-neglect/grooming/.
56
 Do not accept gifts or offers from strangers met online.
 Block and report anyone who tries to abuse you online.
 Tell parents, guardians or trusted adult/s about any bad experiences you have
online
 Do not visit untrusted sites or use anonymous video chat and live streaming
apps.
 Know where to report online abuse and exploitation
Parents and Guardians:
 Spend one-to-one time with children and help them to use the internet
safely.
 Teach children about online dangers. Share measures on safe internet use,
including avoiding providing personal information to unknown
sites/people online, frequently changing passwords, and being careful
while downloading online content.
51Monitor children's online activities and who they are communicating with.
Be alert to signs of distress. If children appear withdrawn, upset, secretive or obsessed
with their online activities, it could be an indication for an issue they are facing online
(e.g., online sexual abuse and exploitation and cyberbullying).
 Listen to children without judgment and guide them towards a better

solution, rather than blaming them.
 Report online abuse cases to the police, and block abusers on social media
platforms
51
Pavan Duggal, Cyber Law, Universal Law Publication, Second Edition
57
2.2.4.6 Conclusion
In the current scenario, identifying such highly advanced cybercrimes with the
help of conventional tools has become more difficult. It is high time to learn
sophisticated skills and machine learning to tackle all kinds of virtual attacks.
Furthermore, more R&D work can be carried out in the same field which would help
to generate more restraint techniques for future attacks and learnings. The balance has
to be maintained from both sides, including the government and parents in order to
prevent the children from such kinds of online attacks. This write-up has described all
the recent techniques, provisions, suggestions which could be useful to block various
risks.
2.2.5 Online Job Fraud:
An online job fraud scheme involves misleading people who require a job by
promising them a better job with higher wages while giving them false hope. On
March 21, 2022, the Reserve Bank of India (RBI) alerted people not to fall prey to job
scams. By this, the RBI has explained the way in which online job fraud is perpetrated,
as well as precautions the common man should take when applying for any job
opportunity, whether in India or abroad.
Amid lay-offs and job cuts after the nation-wide lockdown since March 2020,
many people have not been called back to their respective workplaces; most of the
working class has experienced salary cut, students who were offered placements
haven’t received their offer letters from companies, the labor class has migrated back
to their home-town with no signs of returning back and there is no work available
under MNREGA. A global employment crisis is already looming over and people are
aware about the efforts they need to put in to secure a job back. Students who have
graduated and wish to apply for foreign universities are now searching for remote
work from home to not waste the year and rather to add practical training experience
in their CVs. This has been a boon to fraudsters to take advantage of people’s anxiety
and worry regarding the grim future of job prospects to lure them into false high pay
promising jobs. Often in a state of anxiety and believing it to be a fate or destiny
58
calling, people end up subscribing at multiple platforms to get their CVs or resumes
recognized. However, it is a sad fact that your CVs or resumes are not protected the
way your bank account number, CVV, ATM PIN is protected. Despite having
personal information and in some cases sensitive personal information on the CVs it
is vulnerable to extraction of information and profiling. In this article, I will take you
to the most common ways the fraudsters use to commit online recruitment frauds,
how you can protect yourself from such frauds, and in case you are a victim to such
frauds, what legal remedies can you pursue to recover your money and claim
damages.
2.2.5.2 Types of Online Recruitment Fraud
52Email scam– Have you used LinkedIn, Facebook, Twitter or monster? Then
you sure would know their relevance to find job opportunities, and to locate job
openings available in your domain. Amidst the pandemic, LinkedIn has also come up
with catchy profile slogans such as Open to Work. It is important to know how
relevant job openings get posted on these platforms. Recruiters now-a-days use
Automated systems software that would create the catchy advertisement to scaffold
job advertisements and publish them. Potential employees or candidates submit or
upload their resumes for the opening they want to apply for.
For e.g. LinkedIn keeps posting job openings and Internship openings where
candidates can directly apply through LinkedIn ‘IN EASY APPLY’ and can upload
their resumes therein. By introducing malwares or by launching man in the middle of
attack, fraudsters can divert your resumes to them and can misuse your resumes to
filter out your personal details along-with educational qualifications and workplace
data. Thereupon, the fraudster will send you an email congratulating you for being
selected for the position. Often some people know that it is too good to be true.
However, they would neglect this thought and rather take a broad minded approach
since they wouldn’t want to miss out on the opportunity at a sheer thought of
suspicion. These fraud recruiters would then ask to pay for the background check, or
52
https://www.researchgate.net/publication/276525343_A_Study_of_Social_Engineering_in_Online_Fra
uds/link/5ac93866aca272abdc60f032/download
59
ask you to directly deposit a certain sum for receiving training materials, so on and
forth.
Phishing– Phishing is the most commonly employed recourse to steal your

sensitive personal data. Amidst the lockdown, banks have now started making
advertisements to educate the consumer to not share any of the details of the bank
account such as bank account number, password, OTP, PIN with any one over the
phone or any other media, who pretends to be a representative of the bank, but is not.
Phishing is basically where the attacker masks himself into the face of your trusted
source and lures you to reveal certain information.
Fake Job advertisements– Lockdown is the best scenario for work-from-home.

Fresher’s who have graduated and got a placement through recruitment drive on
campus, haven`t got an official call letter from the company. Hence, many of them are
struggling to find a job for themselves amidst uncertainty. Hence, students, fresher’s,
people who have lost jobs or are temporarily not given work end up signing and
subscribing at various job listings. Many times these job listings just pop up as an
advertisement and often people willingly share their email id and previous
organization details. This is the same for freelancing jobs. However, due to our
limited knowledge of automated systems responsible for recruitment, we expect a
response to our resumes and CVs sent for application. It is possible to corrupt this
system and direct your resumes or CVs somewhere else to extract your sensitive
personal data and personal data such as Address, Phone number, qualification details,
blood group(in certain cases), Institute and organization details which fraudsters can
easily filter out to target you.
53Advance fees scams– If you have received an email congratulating you for
being shortlisted for interview, or for being selected for job as trainee, or for a trial
period and the email asks you to credit certain amount on a given account number for
background check or certain administrative charges or in case of a abroad job, it asks
you to pay certain fees for visa purposes and travel agent, then hold on. First verify
the email address of the sender. Genuine offers wouldn’t be as straightforward as
53
Gagandeep Chander, Harish Kaur, Cyber Law and IT Protection, Second Edition, 2022
60
congratulating you for being selected for the position. It would include details of
departments, Head of department and would always ask you for a further round of
interview. Also, rarely any company would describe its pay package on the mail or
confirm a fresher for a job with a too good salary.
No interviews would be scheduled only over phone calls. If the recruiter or

company is real, they would schedule a video call with you and have a round of group
discussion for the interview. It would chart out very briefly about the details of the
scheduled interview.
When you receive such emails, you should verify the email address of the
recruiter from the website; check any notices for the recruitment. Where the recruiter
doesn’t own any website, you should try searching for the address of the recruiter
workplace and ask for inquiry about the recruiter`s work from the nearby people in
the area. Also, if the recruiter doesn’t own a website and the size of his business or
service is small, he wouldn’t offer you a lucrative salary and get involved in things
like background check, etc.
2.2.5.3 How to Save Yourself from Recruitment Fraud
Look out for job openings on websites– Avoid following job openings posted
as advertisements on pop-ups or advertisements which do not provide you with details
of company, contact number, job position, etc. Even if you find any such
advertisements and wish to apply, always go through the website and contact the
company upfront asking them about such advertisements and mention the name of the
recruitment agency.
Check MCA website– Certain times there can be some shell companies
created by someone from the core internal management of a reputed company. These
shell companies are used to commit employment fraud. Hence, it is best practice to
learn about incorporation of a company and check if the name is registered with the
Registrar of companies by following through the MCA
website http://www.mca.gov.in/mcafoportal/showCheckCompanyName.do.
Seek intervention of parent company– When you come across a subsidiary
61
company of a reputed company or a company on whose panel the director or any
other member is same as any other company, offering offer letters against sum, you
should directly talk to the parent’s company Human Resource department and ask
them about such company and offers made to you.
Lawful consideration– If there is any company asking to make a payment for

anything related to the recruitment process, you should ask them to include such
particulars in the offer letters itself or any other document prescribing surcharges to
be borne by the candidate and reasoning of such levied charges should always justify
lawful consideration. Remember, even if the company is genuine and the offers are
genuine, but the charges levied for the recruitment process, if they are not lawful and
you are not aware of it, for e.g. if the company would hire the candidates against
payment made by candidates, and you agree to do so, you could be liable for abetment
to fraud. (see here)
Talk to placement officers of other colleges– If you receive offer letters from
reputed companies who distinctly hire only and mostly students from top institutes or
institutes that fall in the list of Institute of National importance, you should seek
intervention of placement cell at your college to help you in making informed
decisions. Mostly all reputed companies would hire freshers through on campus
recruitment drives. So it is better and advisable that if you get an offer letter from
54 prestigious companies, you should also seek help from placement cells of other
institutes who invite such reputed companies for on-campus recruitment drives. They
would guide you better regarding the process of recruitments of such companies and
put you in touch with the HR of such companies.
2.2.5.4 How to Report Fake Online Job Scam
Report your complaint online at cyber cell– Visit National Cyber Crime
Reporting Portal and you can follow the instructions. (Here)
If you are a new user, you will have to first register yourself through “Citizen
Login”
54
https://chargebacks911.com/chargebacks/
62
You can log in to the “Report other crimes” section and click on “File a
Complaint”. Click on “I accept” and then click on citizen login. You can create your
own user ID and then come back to “File a Complaint Section”. Now with this user
ID, you can log in to the portal and register your complaint.
You will be then asked to fill the form by choosing the nature of complaint or
incident or fraud from the dropdowns provided. The drop down would enlist various
categories of cyber-crimes such as social media related crime, Ransomware, Financial
fraud, hacking, Job fraud, crypto currency fraud, etc.
Insert the date, time and place of occurrence of incident.
In the “Provide Incident Details” you can upload details of the fraud by attaching
screenshots of the email, SMS, transcripts of the call, audio of the recorded call. Also,
mention the name of the person who mailed you, the name of the company, the email
address, date and time of the SMS or call or email. In case you have received the offer
on LinkedIn, then the LinkedIn profile of the person, the messages on LinkedIn, the
mutual connections, etc.
Similarly, once you are done with providing incident details, you can move on
to provide suspect details, complainant details and at last submit your complaint.
You can keep a track of your complaint and status of your complaint based on
the complaint ID generated.
Cyber-crime cell– You can as well register the complaint with the cyber-crime
cell of the police station where the crime has happened or an FIR at a police station
would also suffice in case there is no cyber cell. You can check the availability of
cyber cells here. (See here)
Remedy available under CRPC– In case the police refuses to lodge an FIR,
you can approach the magistrate of first class or second class directly under section
156(3) of crpc. Such power upon the magistrate is conferred under section 190 of crpc.
Under chapter 11 of IT act, 2000, appropriate criminal proceedings under relevant
section can be initiated.
63
Remedy under IT act, 2000– Under IT ACT, 2000, civil proceedings can be initiated
before adjudicating officer for unauthorized banking transactions under section 46 of
IT Act, 2000. The AO will then call the bank where the scammers account is
functional. under section 48 While adjudging the quantum of compensation, the
adjudicating officer shall have due regard to the following factors, namely: – (a) the
amount of gain of unfair advantage, wherever quantifiable, made as a result of the
default; (b) the amount of loss caused to any person as a result of the default; (c) the
repetitive nature of the default.
55The adjudicating officer has the powers of a civil court under the Code of
Civil Procedure while trying a suit, for the following matters:
(a) Summoning and enforcing the attendance of any person and examining him on
oath;
(b) Requiring the discovery and production of documents or other electronic records;
(c) Receiving evidence on affidavits;
(d) Issuing commissions for the examination of witnesses or documents;
(e) Reviewing its decisions.
Further, the adjudicating officer shall also be deemed to be a civil court for the
purposes of ORDER XXI of the Civil Procedure Code, which are powers of execution
of orders and decrees.
Charge back– You can file a consumer Dispute resolution form with your
bank asking for a chargeback. Using the chargeback mechanism you can mention the
transaction details and ask the bank to reverse the amount from the merchant account
to yours because the merchant has not provided you any goods or services which had
been promised. You can file a chargeback request within 45-120 days of the
transaction with the bank. Also, this is not the generic rule for all the banks. You will
have to check out the chargeback policy thoroughly with your bank as well.
55
https://timesofindia.indiatimes.com/city/chennai/job-fraud-victims-must-be-made-liable-for-
abetment/articleshow/68133501.cms
64
Upon initiating a request for chargeback, your bank will send intimation to the
merchant. If the merchant agrees that the service has not been provided, charge-back
will be initiated, whereas if the merchant agrees that the service is provided, he will
need to furnish additional proof. In the fraud cases, it is most likely that the account to
which you were asked to debit belonged to a neutral party or an account used for
money mulling in which case, either the merchant would not reply to the request or
would not have enough money in the account. However, once he/she is caught, it
could help to trace the fraudster. In case, the merchant does not respond within the
given timeline, the amount will be automatically reversed to the claimant`s account.
56Section 420 of IPC– You can as well file a complaint in a local police station
for the offence of cheating under section 420 of IPC. If you were cheated and
dishonestly induced to deliver any property to any person against the promises they
made, section 420 is the recourse where the culprit can be punished for a term which
may extend to 7 years with fine.
However, this is not the fastest remedy as investigation will take its own time,
knowing the limitations of the court in its aim of delivering speedy justice and
ensuring that the guilt is proved beyond reasonable doubt. The most effective and
speed remedy is to claim a chargeback with the bank. This would also add as evidence
in case the banks fail to retrieve the transaction.
2.2.5.5 Conclusion
Recruitment fraud can really come as a hope crushing moment in desperate

times when college placements cannot be of any help. However, you should always
be aware about the fact that no recruiter would ask you for any payments and any
reputed company would not offer you a skyrocket or median package just on a perusal
of your CV unless it is very outstanding and you come from any Institutes of National
importance. These fraudsters are able to survive and expand their operations more
rapidly because of the desperation to land a job and easy availability of your details as
an employable candidate on the Internet. It is never a good idea to click on
56
https://indianexpress.com/article/technology/opinion-technology/7-steps-for-recovering-money-if-
you-become-victim-of-an-online-recruitment-scam/
65
advertisements pop-ups that ask you to sign-up and to upload your resumes. It is
always a good idea to talk to your peers, and relatives, faculty, placement cell before
jumping to make any payment whatsoever. Do question yourself, if you are a
potential employer for the recruiter, and you are selected on the basis of your CV,
then why would a recruiter reject you for the job if you do not make the payments
specified under the recruitment process upfront? In case you are going by the
recruitment agency, they may ask you for some charges for the service, however, they
are merely a facilitator in taking your CV to the suitable employment as per your
profile. Even a recruitment agency cannot guarantee you about the job and where you
sign up with the recruitment agency, you should be receiving job offers from the
company via them and not directly. In case you are a victim of such frauds, do not
hesitate in reporting, thinking that you were fooled. Come out openly and report the
fraud.
2.2.6 Online Sextortion:
The act of online sextortion occurs when the cybercriminal threatens any
individual to publish sensitive and private material on an electronic medium. These
criminals threaten in order to get a sexual image, sexual favour, or money from such
individuals.
57 The term “Sextortion” is a blend of two words “sex” and “extortion”.

Sextortion is a dangerous crime in which someone threatens to reveal your private and
sensitive information if you do not offer them sexual photographs, sexual favours, or
money. Sexual extortion is a horrific and dehumanising assault that feeds on the
humiliation of victims. Sextortion is similar to online blackmails in that the
blackmailer demands the victim to participate in sexual activities, such as posing for
naked images or masturbating in front of a camera, or demanding a large sum of
money.
57
https://www.cagoldberglaw.com/5-steps-for-sextortion-victims/
66
The most popular method of sextortion is through social media. Through
online conversation and/or SMS, sextortonists form tight relations with their potential
victims. Once confidence has been established, they encourage their victims to
provide nude photos or videos. They then use those photographs as a kind of
blackmail to force their victims to generate additional film to their perverted standards.
The worst thing about sextortion is that the victim, who is generally a woman,
is filled with guilt and shame and is unwilling to seek treatment for fear of being
judged and humiliated. The perpetrator’s ability to control the victim is greatly
enhanced by the victim’s silence.
“Was I naive and oblivious enough? Was it a mistake to trust him/her? What
will be his/her next demand? What will happen now? Is there no way to get out of
this?” These are some of the common questions that a sextortion victim can have on
their mind.
2.2.6.2 Definition of Sextortion
58The definition of sextortion incorporates both components of sexual favour

and a corruption component. The former entails a request – whether implicit or
explicit – to engage in any type of unwelcome sexual action, but the latter occurs
when the individual demanding the sexual favour holds a position of power that is
abused. The fundamental concept is quid pro quo, in which a sexual favour is
demanded or accepted in exchange for a benefit that the offender has the authority to
withhold or give. Because of the power imbalance between the offender and the
victim, the perpetrator can use psychological coercion similar to that used in monetary
corruption. Thus, the concept of sextortion tries to create a new worldview of
corruption by looking at it from a different perspective. As a result, it calls into
question standard ideas of financial damages in anti-corruption laws, and it inserts
itself in the context of sexual harassment and corruption.
The accused is generally a person who has been entrusted with power, such as
judges, government officials, teachers, elders, doctors, and employers. These
58
https://www.minclaw.com/internet-sextortion/
67
individuals seek to coerce sexual favours in exchange for anything within their power
to grant or withhold, such as government officials requesting sexual favours in
exchange for permits or licences, interviewers requesting sexual favours in exchange
for a job, or teachers requesting sexual favours in exchange for grades.
Sextortion also involves blackmail in which the victim is threatened to share

sexual photographs or information in order to extort money or sexual pleasure. Texts,
movies, and photographs can all be used. The most prevalent form of blackmail is
through social media websites, for example, a boyfriend threatening to share an
intimate or nude photo of his online girlfriend. He can then force her to engage in
sexual acts or pose naked in front of a camera, resulting in nonconsensual hardcore
pornography.
In 2018, the case of the State of West Bengal v. Animesh Boxi was regarded
to be India’s first “revenge porn” conviction. In this case, the naked videos that were
sent to multiple persons were recorded by the girl herself on her phone. The accused
had access to the footage and decided to share it in a fit of rage. The culprit was
sentenced to five years in prison and a fine of Rs. 9000 in this case. This decision was
made based on equity, fairness, and good conscience by the Hon’ble Judges.
2.2.6.3Types of Sextortion
 59Sextortion through social media
Sextortion scams sometimes begin with seemingly innocuous contacts on social

media or dating services. The victim will eventually be forced to transmit obscene
photographs, get naked on camera, or perform sexual actions while on video by the
offender. The photographs and videos that result can then be kept for ransom.
 Phishing schemes through email
In your mailbox, you receive an email indicating that the sender has one of your
passwords (which they will include in the email). They threaten to publish your
private images or videos until you give money, explicit material, or engage in sexual
59
https://www.lawyered.in/legal-disrupt/articles/laws-related-sextortion
68
activity. Many of these frauds rely on password harvesting, which could be a bluff
unless you still have sensitive data on an old site.
 Sextortion through hacked webcams
Some of the creepiest sextortion situations involve the victim’s device getting
infected with malware. Once inside, a hacker can gain access to cameras and
microphones, as well as install keyloggers. This implies that someone could be
watching your every step (in the vicinity of your computer). They can also find the
passwords to all of your accounts using keyloggers. This may seem unlikely, but it
happens more frequently than you might imagine.
 Sextortion through account hacking
Someone could get their hands on your sexual photographs or videos if you’ve
ever sent them over social media or a chat app, or if you have them saved on one of
those platforms. If you don’t comply with the demands, they may use your account to
distribute the photographs with friends, relatives, and coworkers.
2.2.6.4 How to Lodge a Complaint Against Sextortion Offline
It is necessary to file a complaint as soon as possible since it makes taking

action against criminals much easier. It is very simple to make a complaint; if you
want to do so offline, follow these steps-
You must first file a formal report with the nearest police station’s cybercrime
cell. It can be registered in any city in which you happen to be at the time, regardless
of jurisdiction.
Section 80 of the Information Technology Act, 2000 authorises police officers

and other officers named in the section to investigate, search, and arrest suspected
offenders without a warrant for an offence under the act.
Give your personal details, such as your name, phone number, and address.
You must address the head of the cybercrime cell where the complaint is being filed
while writing this complaint.
69
If you are unable to make a complaint with the cyber cell, you may register an
FIR with any police station; if they refuse to file, you may appeal to the commissioner
or judicial magistrate.
It is mandatory to record the complaint under Section 154 of the Code of

Criminal Procedure (CrPC), regardless of jurisdiction.
Many cybercrimes are punishable under the IPC, making it simple to file an
FIR (that has been discussed below).
Many cybercrime actions are also regarded as cognizable offences under the
IPC. As a result, a warrant is not required for police to investigate or arrest someone
in such cases. In these circumstances, the police are bound to submit an FIR and send
it to the police station that has jurisdiction over the crime.
You must submit documents connected to your complaint while submitting or

registering it. Depending on the type of complaint, several types of documents are
necessary for registration. The list of documents that must be submitted is mentioned
later.
2.2.6.5 How to Lodge a Complaint Against Sextortion Online
60You can make a complaint online with the Ministry of Home Affairs of India
if you don’t want to go to the police station. It is easier to make a complaint online
through a portal than it is to submit a complaint at a police station because it requires
less time and effort.
Go to the Ministry of Home Affairs’ National Cyber Crime Reporting Portal.

To visit the website click here- https://cybercrime.gov.in/
Click on the ‘File a Complaint’ tab. Then click the ‘Accept’ option to accept
the terms and conditions. It will take you to a different page.
You will be given two alternatives on the new page. If your complaint is about
a cybercrime involving a woman or a child, select the option “Report cybercrime
60
https://www.ili.ac.in/pdf/tsr.pdf
70
involving women/children” and click “Report.” You can also report anonymously in
these situations.
Click on ‘Report other cyber crimes’ if your concern is not related to this.
2.2.6.6 Documents Required During Registration of a Complaint
61Different categories of complaints require different forms of proof in order

to conduct an investigation. It is critical to be aware of the essential documentation
when filing a complaint.
 Cybercrime via email
 Details about the offence in written format.
 CD-R containing a soft copy of an email with the email address.
 Original sender email address with a header on a hard copy.
 Cybercrime via social media networks
 Screenshots of content available in both soft and hard copy formats.
 Details of that person’s identity proof.
 Provide details of the individual if you know.
 A soft copy of all the proofs in a CD.
2.2.6.7 Laws Governing Sextortion in India
 The Protection of Women from Domestic Violence Act, 2005
This Act was designed to enable recourse to women who have been victims of
domestic violence. It is a statute that provides for more effective protection of the
61
https://bnwjournal.com/2021/02/23/sextortion-and-ways-to-tackle-it/
71
constitutionally given rights of women who are victims of violence of any sort
happening within the family and for matters related to or incidental to such abuse.
The Sexual Harassment of Women at Workplace (Prevention, Prohibition and

Redressal) Act, 2013
62It is a statute to offer protection against sexual harassment of women at work, as

well as the prevention and redressal of sexual harassment complaints.
 Section 108(1)(i)(a) of Code of Criminal Procedure, 1973 allows the victim to

contact the local magistrate and alert him (or her) of the individual she feels is
capable of disseminating any obscene material. The magistrate has the
authority to detain such individuals and to require them to sign a bail
prohibiting them from disseminating the material. This may serve as a
deterrent to the accused.
 The distribution or circulation of obscene material is dealt with in Section

292 of the Indian Penal Code, 1860. The sale, letting to rent, distribution, and
public exhibition of obscene literature, among other things, are all prohibited
under this law.
 The criminal force or assault on a woman with an intent to insult her and
outrage her modesty is defined by Section 354 of the Indian Penal Code, 1860.
A person who commits such an offence faces a sentence of up to two years in
jail or a fine, or both if convicted.
 Section 354A of the Indian Penal Code, 1860 states that a male who engages
in any of the following acts—physical contact and approaches including
unwanted and explicit sexual overtures, or a demand or request for sexual
favours, or exhibiting pornography against the will of a woman, or making
sexually coloured remarks is guilty of sexual harassment. The person charged
might face a sentence of up to 1 year in prison or a fine of up to 5 lakh rupees,
or both if convicted.
62
https://lawtimesjournal.in/how-to-register-a-cyber-crime-complaint/
72
 Section 354B of the Indian Penal Code, 1860 states that any male who assaults
or uses unlawful force on a woman, or aids or abets such an act to disrobe or
compel her to be nude, will be punished with imprisonment of either kind for a
duration not less than three years, but not less than seven years, and must also
be fined.
 Section 354C of the Indian Penal Code, 1860 states that any male who views
or takes the picture of a woman indulging in a private act under circumstances
where she would ordinarily expect not to be viewed, either by the offender or
by anybody else at the perpetrator’s request, and then disseminates such image
will be punished to jail. On a first conviction, he or she shall be punished with
imprisonment of either description for a term of not less than one year, but not
more than three years, and fined, and on a second conviction, he or she shall
be punished with imprisonment of either description for a term of not less than
three years, but not more than seven years, and fined.
 Section 354D of the Indian Penal Code, 1860: On a first conviction, stalking is
punishable by imprisonment of either type for a duration up to three years, as
well as a fine; and on a second or subsequent conviction, stalking is
punishable by imprisonment of either type for a time up to five years, as well
as a fine.
 The punishment for criminal breach of trust is specified in Section 406 of the
Indian Penal Code, 1860, and includes imprisonment for up to three years, as
well as a fine or both.
 A person who commits an act that intends to hurt or has grounds to believe
that doing so would hurt an individual’s reputation or character is punished
under Section 499 of the Indian Penal Code, 1860.
 Anyone who defames another is subject to simple imprisonment for up to two

years, a fine, or both according to Section 500 of the Indian Penal Code,
1860.
73
 Section 506 of the Indian Penal Code, 1860 establishes a penalty for criminal
intimidation, which includes a sentence of up to two years in jail, a fine, or

both. If the accused threatens the victim with death, serious bodily harm, or
property damage, or if the accused imputes unchastity to a woman, the
accused faces a sentence of up to 7 years in jail, a fine, or both.
 The punishment for a man who tries to insult a woman’s modesty by words,
gestures, noises, or objects, intending for it to be seen or heard, trespassing on
the woman’s seclusion, is outlined in Section 509 of the Indian Penal Code,
1860. A person who does so will face a sentence of up to one year in jail, a
fine, or both.
63The Protection of Children from Sexual Offences Act, 2012
The Protection of Children from Sexual Offenses Act of 2012 is aimed at

combating child sexual exploitation. Its goal is to address the issue of child sexual
exploitation.
 The Information Technology Act of 2000, Section 66E, defines a violation of

privacy as when the accused willfully takes, publishes, or transmits a
photograph or image of the victim’s private body part without the victim’s
permission or agreement. The offender of the crime faces a maximum
sentence of three years in prison or a fine of not more than two lakh rupees, or
both in some cases.
 The publishing or transmission of obscene and sexual content over an

electronic medium is punishable under Section 67 of the Information
Technology Act of 2000. The person charged might face a sentence of up to 3
years in prison or a fine of up to 5 lakh rupees if convicted, and a sentence of
up to 5 years in jail or a fine of up to 10 lakh rupees if convicted of a second
offence.
63
https://www.comparitech.com/blog/information-security/what-is-sextortion-examples/
74
 The publication of obscene material in electronic form is punishable
under Section 67A of the Information Technology Act of 2000, which carries
a maximum sentence of five years in prison and a fine of ten lakh rupees, with
a maximum sentence of seven years in prison and a fine of ten lakh rupees if it
is a second conviction.
 The publishing of sexual and obscene information portraying a kid is

prohibited under Section 67B of the Information Technology Act of 2000. For
committing the offence, such a person might face a sentence of up to 5 years
in prison and a fine of up to ten lakhs.
 64 Unless otherwise allowed by law, a government employee who discloses

data and information acquired in the course of his or her responsibilities
without the agreement of the person involved faces a criminal penalty
under Section 72 of the Information Technology Act. Penalties include up to
two years in jail, a fine of up to Rs100,000, or both.
 Section 4 of the Indecent Representation of Women (Prohibition) Act, 1986,

(IRWA) prohibits the printing or mailing of books, pamphlets, and other
materials that feature indecent representations of women. On a first conviction,
any person liable under this section shall be punished with imprisonment of
either description for a term not exceeding two years and a fine not exceeding
two thousand rupees, and on a second or subsequent conviction, with
imprisonment for a term not less than six months but not exceeding five years
and a fine, not less than ten thousand rupees but it might go up to one lakh
rupees.
 The perpetrator faces punishment under Section 6 of the Indecent

Representation of Women Act, 1986. If a second or subsequent prosecution
happens, the punishment may not be less than six months but may extend to
five years and may also extend, at least, to ten thousand rupees shall replace
for words or fines that may exceed two thousand rupees. The words shall be
64
https://timesofindia.indiatimes.com/readersblog/cyberthoughts/sextortion-29215/
75
substituted with the terms in the event of a second or subsequent conviction to
a term of not less than six months but not more than five years and not less
than fifty thousand rupees but not more than five lakh rupees. They will not be
sentenced to more than five years in prison.
2.2.6.8 The International Scenario on Sextortion
65In the international arena, only a few nations have recognised the need of
enacting legislation that prohibits and punishes sextortion-related offences. The
offence of ‘Sexual Intercourse by Abuse of Position’ is defined in the Criminal Codes
of the Federation of Bosnia and Herzegovina.
The Philippine Anti-Rape Law of 1997 covers rape committed by a “severe

abuse of authority,” while the Tanzania Sexual Offences Special Provisions Act of
1998 covers rape committed by someone “who takes advantage of his official
position.” The United States of America has passed the ‘Workhouse Statute,’ which
tackles the interstate crime of sextortion.
Legislation that addresses the crime of sextortion and offences linked to it is

critical. It’s crucial to remember that sextortion crimes don’t simply happen on the
internet; they may also happen in the workplace, in schools, in families, and so on.
It is impossible to accuse and hold the perpetrator accountable if the crime of

sextortion is not defined and the consequences are not explicitly stated. It is vital to
have devoted people and trained policemen who can find, monitor, and apprehend the
offender while also providing appropriate assistance to the victims.
2.2.6.9 How can one Protect Oneself Against Sextortion
Avoiding sending sexual content to anyone else by phone, tablet, or computer

is the easiest approach to avoid being sexorted. When someone invites you to transmit
intimate images or videos online, keep your wits (and a good dose of suspicion) about
65
https://www.indiatoday.in/magazine/cover-story/story/20191111-the-digital-trap-1614331-2019-11-
01
76
you. Sending intimate images or video-chatting with someone you haven’t met in
person is not a good idea.
 Use the following tips to avoid being a victim of sextortion:
 Set all of your social media accounts to private;
 No matter how close you are to someone, never email them compromising
photographs of yourself.
 Do not open attachments from unknown senders;
 When not in use, turn off your electronic devices and webcams.
 Be aware of unknown persons on social media or dating websites who try to

swiftly move the conversation to another platform.
 Be cautious of new online connections who give you unsolicited sexual

images that they claim are of themselves. This is a common approach used by
sextortionists to steer the conversation in a sexual direction and reduce their
victim’s defences.
 Do not pay the ransom asked by the extortionist;
 Stop interacting with the offender right away;
 Keep a record of all communications with the extortionist.
 Ensure that all social media profiles are secure.
 Notify the appropriate social media platform of the material;
 Speak with a knowledgeable attorney from the field of cybercrime.
2.2.6.10 What to do if you have been Sextorted
 66We understand how difficult it is to confess that you have been manipulated
by a faceless, anonymous criminal. You may be anxious that your friends and
66
https://www.lawaudience.com/understanding-sextortion-revenge-porns-as-new-face-of-cyber-crime-
77
relatives might not understand how the problem arose. Or you’re afraid the
offender will follow his threat to post the compromising video online.
 67Keep in mind that you are the victim of a malafide abuser who relies on your
silence to carry on the assault.
 You might panic at the possibility of not responding to the sextortonist out of
the blue. “Will they call your family?” your mind will race with panicked
thoughts. Is it possible for me to send messages to my friends?”
 “Am I willing to do this forever?” you should also ask yourself. And the
answer should always be no. You deserve the right to be freed of this. Any
further discussions or sessions keep you in your abuser’s manipulative grasp.
The effort to bring him to justice can begin once the communication is severed.
 Evidence is required to determine the extent, duration, and timeline of the

exploitation. You may feel the urge to delete any traces of the incident from
your computer to avoid embarrassment but avoid that. Keep everything. You
don’t have to live with your shame any longer once the legal action starts.
 It is important to inform the police from the beginning of the incident so that
legal action starts immediately. 68How one can lodge a complaint online and
offline has already been discussed in the article earlier.
 Make sure that you speak to a lawyer who is aware of how the sextortionist
behaves and what steps they will take next. Sextortionist keeps control of your
actions and will convince you that you don’t have any remedies available with
you or there’s no way out, but that’s not the case.
67
https://ijlpp.com/online-gender-harassment-legal-framework-analysis-on-revenge-porn-and-
sextortion/
68
https://www.minclaw.com/internet-sextortion
78
2.2.6.11 Conclusion
Hence, sextortion is a serious crime and one should take it seriously. If one has
been a victim of sextortion, he/she must report it immediately so that legal
proceedings can start soon after the incident. One must follow the safety precautions
mentioned earlier to save oneself from extortion.
2.2.7 Phishing:
Fraud involving phishing is when an email appears to be from a legitimate

source but contains a malicious attachment that is designed to steal personal
information from the user such as their ID, IPIN, Card number, expiration date, CVV,
etc. and then selling the information on the dark web.
The term ‘phishing’ is said to have been invented by a very well-known

spammer and hacker, Khan C. Smith. The first mention of phishing was found in a
hacking tool AOHell, which attempted stealing passwords and financial details of
American online users. With the rise of technology, phishing attacks have started to
become increasingly sophisticated, allowing the hacker to track everything while the
victim is navigating the site. The attackers create a mirror of the site being targeted
and lure naive victims into their traps by offering things that are often not true. As of
2020, phishing is considered to be the most common attack performed by cyber-
criminals. It is claimed that over twice as many incidents of phishing have been
recorded in the past year, as compared to any other type of cyber-crime.
The purpose behind phishing is to lure personal information and steal the
user’s identity, critical passwords, robbing bank accounts and consequently taking
over the computer to perform an activity that may not be legal. In the article we
discuss what is phishing, how does phishing works, how can a person recognise
phishing, different techniques of phishing, what are the major factors that gave rise to
phishing, and lastly, how the Indian laws deal with phishing.
79
2.2.7.2 Defining Phishing
69 Phishing is a type of social engineering where an attacker sends a false

message created to manipulate a human victim with the intention to fraud them. The
attack usually intends on revealing sensitive information of the victim to the malicious
software created by the attacker. It is a cybercrime that targets individuals via email,
telephone, or text message. Phishing can also be in the form of brand spoofing, where
the internet users, browsers are spammed continuously after the user opens a website
that is a target area.
2.2.7.3 How does Phishing Work?
Phishing starts with a fraudulent email or any other type of communication

that is created only with the purpose to lure a victim. The text is deliberately made to
look as if it were true and is coming from a trusted sender. Sometimes the malware is
automatically downloaded onto the target’s device. If it tricks the victim, they are at
the risk of providing confidential information themselves or there is a possibility of
coercion as well.
2.2.7.4 How can a Person Recognize Phishing?
The following reasons might determine whether a person was phished or not:
Financial loss: Access to details of a person’s bank account leading to

unforeseen transactions from a person’s account could be due to phishing. These
transactions are either a large one-time amount or are in multiple trenches of smaller
amounts.
`Data loss: Breach of the security of the victim’s confidential information, or

leakage of credit card numbers, pan card numbers, or other personal details.
69
https://www.indialawoffices.com/knowledge-centre/phishing-and-cybersquatting
80
Malware into your electronic device: A virus in any of your electronic gadgets
within the range of your reach, it can be a laptop, mobile, tablet or even Wi-Fi routers
can be a route for phishing.
Illegal use of the user’s details: Whenever any of your details are used for any
purpose without your knowledge or relevance could be due to a phishing attack on the
user.
2.2.7.5 Different Techniques of Phishing
 Link manipulation
70The most common type of phishing uses a type of technical deception created
by a link in an email that appears to belong to an organization the attackers are
impersonating. The misspelling of URLs is the most common trick used.
For example: http://www.amazon.malicious.com/; in this example for a normal

person, this URL might seem normal, but in reality, this is a URL that is guiding the
user to the ‘malicious’ section of amazon.com and not to the regular website. This
link would lead to the phisher’s website which would eventually lead to tracking and
compromising of critical information of the user.
 IDN (International domain name) spoofing
IDN’s can be exploited by creating web addresses that are similar to that of a
legitimate site, which leads to the malicious version of the website. These URLs are
visually identical to that of the legitimate site but instead lead to the crooked version.
This problem cannot be solved with the help of digital certificates because it is a
possibility that the phisher could purchase a valid certification and subsequently
manipulate the content to spoof a legitimate website or could even host the phished
site without even using the SSL at all.
70
https://cyberpandit.org/?article_post=phishing-scams-in-india-and-legal-provisions
81
 Filter evasion
Attackers often use images in place of texts to make it much more difficult to be
detected by an anti-phishing filter, which is commonly used in phished emails. This
technique can be solved with the help of a much more technologically advanced
sophisticated anti-phishing filter Optical Character Recognition (OCR). This filter can
recover the hidden text in images, hence preventing phishing.
 Social engineering
Most phishing attacks are caused due to the psychological manipulation of the
users and not due to the lack of computer knowledge. Most types of Phishing attacks
consist of some kind of social engineering, in which the users are lured to clicking a
link or opening an attachment, or giving some confidential information. Phishers
create a sense of urgency in the mind of the users by claiming the accounts will shut
down or it will be seized if so and so action is not performed. Following which the
critical information is compromised. Other than these, the attackers use fake news
articles which are created to provoke the user into clicking a link without properly
analyzing what they are entering into. After entering a website, the users are exploited
to the web browser vulnerabilities in installing malware.
2.2.7.6 Major Factors for the Increase in Phishing Attacks
Unawareness among the public: There has been a lack of awareness on the
subject of phishing attacks among the masses in India. The targets are unaware of the
fact that they are the ‘targets’ of the cybercriminals and are reckless while browsing
on the internet and do not take proper care and precaution.
Unawareness of policies: Fraudsters often take advantage of the lack of

knowledge of banking policies and procedures which are made for the customers
particularly in the area of account maintenance.
Technical advancement: even if the customers are aware of the scams,

phishers are creating methods that are much more advanced and sophisticated when
compared to the banking servers. An example of such technology is DDoS
(Distributed Denial of service).
82
2.2.7.7 Provisions for Phishing Under the Indian Laws
71Phishing is a fraud that is recognized as cybercrime and attracts many penal

provisions of the Information Technology Act, 2000 (hereinafter referred to as ‘IT
Act’). This act was amended in the year 2008, which added a few new provisions and
solutions that give a scope to deal with the Phishing activity.
The sections which apply to phishing under the IT Act are:
Section 43: If any person without the permission of the owner of the computer,
computer system, computer network; accesses, downloads, introduces, disrupts,
denies, or provides any assistance to other people can be held liable under this
section.
Section 66: If the accounts of a victim are compromised by the phisher, who
does any act mentioned in Section 43 of the IT act, shall be imprisoned for a term
which may exceed up to three years or with a fine which may exceed up to five lakh
rupees or both.
Section 66A: Any person who sends any information which he knows to be
false, but is sending it with the intention to damage a victim shall be punishable with
the punishment given under Section 66 of the IT Act.
In the case of Shreya Singhal v. Union of India, the court held that online
intermediaries would only be obligated to take down content on receiving an order
from the courts or government authority.
Section 66C: This provision prohibits the use of electronic signatures,

passwords, and any other feature which is a unique identification of a person. Phishers
disguise and portray themselves as the true owners of the accounts and perform
fraudulent acts.
Section 66D: The provision provides punishment for cheating by personating

using communication devices or computer sources. Fraudsters use URLs that contain
71
https://www.cisco.com/c/en_in/products/security/email-security/what-is-phishing.html
83
the link for a fake website of banks and organisations and personate themselves as the
bank or the financial institution.
Section 81: This provision consists of a non-obstante clause i.e., the

provisions under this act shall affect notwithstanding anything inconsistent, and also
contained in any other act for the time being in force.
72The obstante clause overrides the effect of the provisions of the IT Act over
the other acts such as the Indian Penal Code. All the provisions of the IT Act, 2000
which are relevant to the phishing scams are however made bailable under Section
77B of the IT Act (Amendments 2008). This obviously because of the uncertainty as
to who the real criminal is. There is always a translucent screen in front of the phisher
which hides their identity and there may be cases wherein the wrong person convicted
for a crime that they have never committed, hence the reason for the offense to be
made bailable. Furthermore, as per the Indian Penal Code, Phishing can also be held
liable under Cheating (Section 415), Mischief (Section 425), Forgery (Section 464),
and Abetment (Section 107).
2.2.7.8 Conclusion
According to the findings of a global survey titled 'Phishing Insights 2021' by

Sophos, a cybersecurity company. Around 83% of IT teams in Indian organizations
said the number of phishing emails targeting their employees increased during 2020.
This finding not only shows the growing trend of phishing in india and around the
world but also alerts the organizations and individuals on need to prevent falling prey
to these attacks
2.2.8 Vishing:
In vishing, victims’ confidential information is stolen by using their phones.

Cybercriminals use sophisticated social engineering tactics to get victims to divulge
private information and access personal accounts. In the same way as phishing and
smishing, vishing convincingly fools victims into thinking that they are being polite
72
https://outline.com/ktBLPP
84
by responding to the call. Callers can often pretend that they are from the government,
tax department, police department, or victim’s bank..
73Vishing is a cyber crime that uses the phone to steal personal confidential
information from victims. Often referred to as voice phishing, cyber criminals use
savvy social engineering tactics to convince victims to act, giving up private
information and access to bank accounts.
Like phishing or smishing, vishing relies on convincing victims that they are
doing the right thing by responding to the caller. Often the caller will pretend to be
calling from the government, tax department, police, or the victim’s bank.
Cyber criminals use threats and persuasive language to make victims feel like
they have no other option than to provide the information being asked. Some cyber
criminals use forceful conversation to frame their conversation as helping the victim
avoid criminal charges. A second and common tactic is to leave threatening
voicemails that tell the recipient to call back immediately, or they risk being arrested,
having bank accounts shut down, or worse.
2.2.8.2 Vishing is used to Attack Both Individual and Organization
A cyber criminal may research an organization, find an employee’s contact

information online, and then call on behalf of the CEO asking the victim to transfer
funds to pay an outstanding invoice or email personnel files.
Social engineering is a technique cyber criminals employ to trick people into

giving up confidential information. Social engineering relies on the basic human
instinct of trust to steal personal and corporate information that can be used to commit
further cyber crimes.
73
https://terranovasecurity.com ›What is Vishing? | Examples & Prevention
85
2.2.8.4 How to Recognize and Prevent Vishing
74As part of your security awareness training and communication campaign,

remind your employees of how to recognize and prevent vishing:
 Never provide or confirm your personal information on the phone. Remember

that your bank, hospital, police department, or any government department
will never call you asking for your personal information.
 Listen very carefully to the caller. Pay attention to the language being used
and think before responding. Never provide any personal information. Do not
confirm your address. Be wary of threats and urgent requests.
 Be wary of any phone numbers the caller gives you to confirm their identity.
Look up the phone number yourself and call the number using a different
phone. Cyber criminals can route phone numbers and create fake numbers.
 Do not answer phone calls from unknown numbers. Let the call go to your
voicemail and listen carefully to the message.
 Do not answer questions about your personal information, workplace, or home

address.
 Ask questions. If the caller is trying to give you a free prize or sell you
something, ask them for proof that you can use to verify who they are and
where they work. If the caller refuses to provide this information, hang up.
Make sure you confirm any information the caller gives you before providing
your information.
 Register your phone number with the Do Not Call Registry. Most legitimate
companies respect this list, so if you do receive a call from a telemarketing
company, this is an indicator that the call is a vishing attack.
 Remember the information you learned about social engineering from your
security awareness training. Be on the lookout for language that takes
74
https://www.cyber.gc.ca ›What is voice phishing (vishing)? - ITSAP.00.102
86
advantage of basic human behaviors of fear, greed, trust, and wanting to help
others.
 Remember that your manager or human resources colleague will never call
you at home asking you to transfer funds, provide confidential information, or
email documents from your personal account.
 Do not respond to emails or social media messages that ask for your phone
number. This is the first step in a targeted phishing/vishing attack. Report
these emails/messages to the IT/support team.
2.2.8.5 What is a Phishing Simulation
75Phishing simulations are one of the best ways to raise awareness of vishing
attacks. Remember that vishing is often used along with phishing to commit a two-
pronged cyber attack.
Phishing simulations help you identify which employees are at risk of cyber
crimes that rely on social engineering to trick and steal from victims. Real-time
phishing simulations are crucial for any successful security awareness training
program.
Security awareness training and phishing simulations help raise alertness

levels to cyber security threats. Phishing simulations give people first-hand
experiences that help them understand how cyber criminals work to deceive, convince,
and steal.
2.2.8.6 How can Phishing Simulation Help Prevent Vishing Attacks
Phishing simulations help you show employees how cyber criminals use
phone calls, voicemail messages, and savvy language to commit cyber crimes.
 Increases alertness levels to how cyber criminals use manipulative language in

text messages.
75
https://www.hdfcbank.com ›Here are Vishing Attacks Safety Tips
87
 Changes human behavior to eliminate the automatic trust response.
 Creates awareness to reduce the cyber threat level.
 Measures and monitors the level of corporate and employee vulnerability.
 Deploys targeted anti-phishing and vishing solutions.
 Assesses the effectiveness of cyber security awareness training.
 Keeps employee alertness levels to vishing high.
 Protects valuable corporate and personal information.
 Instills a cyber security culture and creates internal cyber security heroes.
 Meets industry security and privacy compliance obligations.
2.2.8.7 Conclusion
One of the first lines of defense against vishing attacks is human awareness.
Social engineering and vishing attacks can be extremely predictable, and identifying
the common signs associated with these attacks can protect your personal information
and the integrity of your organization.
2.2.9 Smishing:
76As the name suggests, smishing is a fraud that uses text messages via mobile
phones to trick its victims into calling a fake phone number, visiting a fraudulent
website or downloading malicious software that resides on the victim’s computer.
Smishing is a cyber crime that uses manipulative text messages to steal

people's confidential personal and corporate information, similar to phishing emails.
Cyber criminals send carefully-worded text messages to the victim, urging the
victim to respond or to take further action. The text message might ask the victim to
76
https://www.proofpoint.com ›What Is Smishing? Examples, Protection
88
confirm delivery of an Amazon order or ask the recipient to click a link to finish
registering in a new government program.
The ultimate goal of any smishing tactic is the same – to compromise people
by stealing confidential information.
Smishing relies on social engineering to get victims to respond and take action.
Using urgent language, the text message may threaten the victim with severe
consequences if they don’t take action or convince the victim that they’re helping the
sender by providing the requested information
2.2.9.2 Smishing Risk can only be Reduced by Focusing on your End User
77As unprecedented digital transformation impacts many industries worldwide,

all organizations must bolster their phishing awareness training through current,
multifaceted phishing simulation and security awareness training initiatives.
For more information on the most recent global phishing benchmarks obtained
through the Gone Phishing Tournament, as well as expert tips on how to minimize
smishing and phishing risks, download your free copy of the full report.
78Social engineering is a technique used by cyber criminals to trick people into

giving up confidential information. Social engineering relies on the basic human
instinct of trust to steal personal and corporate information that can be used to commit
further cyber crimes.
2.2.9.4 How to Prevent Smishing Attacks
 Educate your employees on the risks that can arrive in text messages. Use
security awareness training and simulations to educate employees with real-
world scenarios.
77
https://www.barracuda.com ›Smishing (SMS Phishing)
78
https://www.infosecawareness.in › Smishing - Senior Citizen - ISEA
89
 Remind employees to never respond to or click links in text messages from
senders and phone numbers they do not recognize. Employees should block
the text message and delete them from their devices.
 Use security awareness campaigns to alert employees to social engineering

and how cyber criminals send convincing, urgent text messages.
 Ask your security leaders and internal cyber heroes to regularly monitor
employee awareness of smishing. Highlight to employees that they need to
read every text message carefully and, if in doubt, never respond.
 Use security awareness training and simulations to raise awareness of the risks
of clicking links and downloading attachments in text messages. Take
advantage of training that uses gamification and micro- and nanolearning
modules to keep training interactive and engaging.
 Install malware protection and anti-virus software on all employee mobile

devices. This is particularly important for companies that have a bring your
own device (BYOD) policy.
 Provide regular and ongoing communication and awareness campaigns about

smishing, social engineering, and cyber security. Reinforce to employees that
they should never click links or respond to an unknown sender.
What Is a Phishing Simulation?
79 Phishing simulation is the best way to raise awareness of smishing and

phishing risks. Remember that smishing is a type of phishing, and often, cyber
criminals use multiple phishing and smishing attacks at once.
Phishing simulations help you identify which employees are at risk of cyber
crimes that come through text messages and emails. Real-time phishing simulations
are vital for any successful security awareness training program.
79
https://www.ibm.com › topics ›What is Smishing (SMS Phishing)?
90
Security awareness training and phishing simulations help raise alertness
levels to cyber security threats. Phishing simulations give people first-hand
experiences with smishing, so they know the signs and what to look for.
2.2.9.5 How can Phishing Simulation Help Prevent Smishing Attacks
80Phishing simulations help you show employees how cyber criminals use text
messages to steal and commit cyber crimes.
 Increases alertness levels to how cyber criminals use manipulative language in

text messages.
 Changes human behavior to eliminate the automatic trust response.
 Creates awareness to reduce the cyber threat level.
 Measures and monitors the level of corporate and employee vulnerability.
 Deploys targeted ant-smishing solutions.
 Assesses the effectiveness of cyber security awareness training.
 Keeps employee alertness levels to smishing threat high at all times.
 Protects sensitive corporate and personal information.
 Instills a cyber security culture and helps transform end users into cyber
heroes.
 Meets industry security training compliance obligations.
2.2.9.6 Conclusion
To conclude the definition part, smishing, a combination of the terms “SMS”

(short message services) and phishing, is referred to as a type of social engineering
attack that is based on human trust exploitation rather than technical exploits to try
and fool potential victims into disclosing private data.
80
https://digital.va.com › cyber-spot Smish, SMish! Don't get phished - DigitalVA
91
2.2.10 Credit Card Fraud or Debit Card Fraud
In credit card (or debit card) fraud, unauthorized purchases or withdrawals

from another’s card are made to gain access to their funds. When unauthorized
purchases or withdrawals of cash are made from a customer’s account, they are
considered credit/debit card fraud. Fraudulent activity occurs when a criminal gains
access to the cardholder’s debit/credit number, or personal identification number
(PIN). Your information can be obtained by unscrupulous employees or hackers.
2.2.10.1Introduction
81A credit card is a plastic card that represents the line of credit. It allows the
cardholder to buy goods and services on credit based on the cardholder’s promise to
pay back the money. Globalization and increased use of the internet for online
shopping have led to excessive use of credit cards. It has a limit of a certain amount to
the extent the owner can spend which is known as Credit Limit. At the end of the
month, the owner can pay either the whole amount he owes or some proportion of the
bill by the due date.
It allows you to buy anything of the high amount now and settle it later. It is a
very flexible source of money. Also, it allows you to purchase even abroad without
worrying about local currency as the credit cards are now spread worldwide.
It is rightly said that something with a lot of benefits has its limitations too.
Nowadays, credit card frauds are increasing rapidly. While many of us have never
experienced credit card fraud, this happens every day. Credit card fraud means a
transaction done with your account for which you didn’t authorize. It can be done
when someone has stolen your credit card or also when that person has stolen your
personal card details to make an unauthorized transaction without your card
physically.
The person can also do so by installing a credit card skimmer to steal your
account details. A credit card skimmer is a small tool that the person can install
81
https://devgan.in/ipc/chapter_18.php#s471
92
anywhere you swipe your card. So, preventive measures should be taken every time
before using your card.
2.2.10.2 Types of Credit Card Fraud
 Application fraud
82This type of fraud happens at the time of applying for a card. Some people issue
cards in your name. They usually first steal your personal information and then use
them as the supporting documents to open an account in your name. Banks can play a
major role in minimizing this type of fraud by accepting the only original form of
documents and ID proofs. They can also do so by confirming the identity of the owner
through telephonic confirmation.
 Electronic card imprints
The second kind of credit card fraud is done through stealing the card imprints.
Someone skims the information placed on the credit card magnetic strip. Then this
information is used to make fake cards.
 CNP (card not present) fraud
If someone knows the details of your card they can easily commit CNP fraud
against you. Details like account number and expiry date are enough to make
international payments. Although most of the companies make it essential to enter the
PIN of the card. But there are chances if a person knows your card number he/she
might know your PIN too.
 Counterfeit card fraud
Counterfeit card fraud is a form of fraud which is most commonly done through
skimming. In this, a small fake magnetic tool holds up your card. Afterwards, this
strip is used to make a fake card. It is an exact copy of your card which the fraudulent
can swipe anywhere to purchase the goods. Prevention should be taken before putting
your card in the machine. Always check the chip reader in which you insert your card,
82
https://indiankanoon.org/doc/1569253/
93
try to pull it outwards if it comes out directly report to the guard and the nearest police
station.
 Lost and stolen card
This type of fraud is committed when your credit card is out of your possession i.e
been stolen or lost. Now it is easy for frauds to make payments through your card.
Although it will not be possible at machines as it requires a PIN number of the card.
But online payments can be made through the cards without the requirement of a PIN
number.
 Mail not receipt card fraud
It simply means “card never arrived fraud”. This means your card has never
reached you after being dispatched from the bank. This can happen when you applied
for a new credit card or replacement of an older one. Now the fraudulent can make
use of your card for his own purposes.
2.2.10.3 What to do if you’re a Victim?
83It’s important to monitor all your credit card accounts regularly, which will
keep you updated because this type of fraud can happen even when your card is safely
present in your wallet. In 2015, global credit, debit and prepaid card fraud amounted
to $21.84 billion in losses, according to the Nilson report. Keeping the consumer
informed about what they can do if they are stuck up in a situation is a crucial
measure which has been evolved in this new era of cybercrime.
Always remember to keep a track on each and every transaction relating to

your account and if any unauthorised transaction is seen or any transaction not done
by you is done in your account report it to the bank and police immediately.
 Practice vigilance
83
https://economictimes.indiatimes.com/wealth/spend/how-to-report-a-net-banking-debit-or-credit-
card-fraud/articleshow/66967421.cms?from=mdr
94
First, you should try to protect yourself and safeguard your details from being
scammed or at least set yourself up with the proper tools to detect a scam early on.
Vigilance is key. Mark Hamrick said. “One painless strategy is to download your
bank’s mobile apps that help us keep track of all credit and debit card transactions,”
Hamrick said, adding that you should avoid third-party apps. Set up mobile alerts for
your transactions.
 Inform the card issuer
84Immediately inform the card issuer, the moment you come to know that a
transaction has been made on your credit card. It is generally advisable that one
should inform the bank maximum within 3 days. It is also essential that the victim
should lodge a formal complaint with the bank and ask them to block the card so that
further unauthorized transactions could be prevented. But, before filing a written
complaint, one should have the following documents with him/her-
 Bank statement of the concerned bank.
 Keep your ID and address proof as shown in the bank records.
 Make FIR under Section 154 Code of Criminal Procedure, 1973 and give a
copy of FIR to the bank also.
 The banks and police both play an active role and immediately take action to
track the unauthorised transaction and also, in America under the guidelines of
federal trade commission you are not liable for the transactions you didn’t
authorise.
 To prevent fraudsters from doing any further damage, you can request the
bank to allow you to change your password or PIN.
 Next, you can keep an eye on the activities of the account and can check its
status regularly. But if you notice some signs of fraud, you must notify the
bank immediately.
84
https://economictimes.indiatimes.com/wealth/spend/how-to-report-a-net-banking-debit-or-credit-
card-fraud/articleshow/66967421.cms?from=mdr
95
 Creditcards.com recommends that if you are a victim of identity theft and
someone is using your personal details as his own to commit fraud then you
need to alert the credit bureaus and place a complaint as ‘Fraud Alert’, on your
credit reports before informing the bank. “Fraud alerts will be very beneficial
to you as it will prevent the fraud doer to open a new bank account in your
name.
2.2.10.4 How to Prevent Credit Card Fraud?
 Read the account statement carefully
 When your account summary arrives at your place don’t just pay the amount
stated in it. 85Instead, first, read and analyze the statement carefully and if any
transaction is done which is not in your knowledge inform the bank instantly.
Even better to always check your transactions online and don’t wait for the
statement to arrive.
 Whenever you log in to your account, don’t leave your account open and
remember to log out every time you use it.
 You may receive calls from fraud people saying they are from your card
provider and ask for your account details. Remember, the banks never ask for
your account details.
 86Always check your credit report which contains all the loans in your name.
New loans may be taken by thieves in your name. If any new loan has been
taken then contact your bank instantly.
 People may receive emails from thieves pretending themselves to be from

television services, or any other internet site asking your account details for
continuation of the services. Don’t fall for such scams they are run by hackers
to steal your account information.
85
https://newsroom.mastercard.com/asia-pacific/2014/10/28/8-different-types-card-fraud/
86
https://brex.com/learn/fraud-security/who-is-liable-credit-card-fraud/
96
 If your card has been lost or stolen inform the bank immediately and also visit
a nearby police station to make an FIR. After this, the bank will block your
account and now the thief cannot make any transaction anymore.
 Access your account statement online and stop receiving the paper statement.
This will reduce the chances of thieves receiving the paper which contains
your account details.
 Before entering your account details on a site, make sure you check the
encryption software it uses.
 Keep your password strong and safe. Do not share it with anyone else.
2.2.10.5 Laws and Punishment
 Section 66C and 66D of IT ACT, 2000 and also the provision of section
468/471 IPC,1860 may be attracted to whoever tries to commit credit card
fraud.
 Section 66C says “87Whoever tries to make use of any electronic password
fraudulently or dishonestly shall be punished with imprisonment up to three
years and a fine up to one lakh rupees.”
 Section 66D says “ 88 Whoever by any device tries to do cheating by

personation shall be punished with imprisonment up to three years and a fine
up to one lakh rupees”
 Section 468 says “Whoever commits forgery for the purpose of cheating shall
be punished with imprisonment up to seven years and shall also be liable to
fine.”
87
https://www.nerdwallet.com/blog/credit-cards/credit-card-theft-fraud-serious-crime-penalty/
88
https://www.creditcards.com/credit-card-news/privacy-security-suite-tips.php
97
 Section 471 says “Whoever by fraudulently or dishonestly uses a document
which he knows to be false shall be punished with the same punishment as if
he has forged such document.”
 If anyone’s credit card has been lost/stolen and someone makes any
transactions he’ll be liable under these sections. The person has to file an FIR
in the nearby police station. The evidence, in this case, would be the account
statement. Rest of the evidence like the IP address of the fraud doer will be
collected by the police in its investigation. The bank has the log details of the
credit card transactions which help the police in its investigation. Based on
the log details (IP address), it would trace the criminals
2.2.10.6 Conclusion
Credit card fraud is an act done with dishonest intention. In India, these frauds
have become more prevalent from 2010. This is due to the reason that there’s a lack
of awareness in some states and also, among some banks. But there are different
measures for detecting and preventing credit card fraud, some of them are as follows-
Expertise: The responsibilities on the members of the team of managing the

infrastructure, handling the verification, analysing the transactions etc, have been
increased and they are required to ensure that the technology is well managed or not.
Collaboration: The whole industry is to work in collaboration so as to prevent fraud.
Biometrics: This is the most recent technology to prevent credit card frauds. It
records unique characteristics of the cardholder like fingerprints, voice, signature and
other biological components so that the computer can read it Hence, some anti-fraud
strategies can be adopted by the banks to prevent the unauthorized use of credit cards
and to avoid banks from great losses and reduce risk.
2.2.11 Impersonation and Identity Theft
A person is impersonated or exposed to identity theft when they make

fraudulent use of an electronic signature, a password, or any other unique identifier on
another person’s behalf.
98
89ID Theft or Identity Theft is recognized as a matter of worldwide concern.

With the revolution of technology, and with globalization and digital adaptation
currently prevailing across all fields, technology has been influencing the mindset of
people quite rapidly. The importance of Information Technology has gradually
reached newer heights, having positive and negative effects. Identity Theft has been a
growing concern in the recent past, owing to the development and revolution of
Information Technology in India.
In this article, the author tries to analyze the various forms of ID theft in India
and the present legal framework that exists to combat and counter them.
2.2.11.2 What is “ID Theft”?
“ID Theft” or ‘identity theft’ mainly refers to the crimes that take place
wherein a person wrongfully obtains and uses another person’s data. These may
include the theft of name, date of birth, unique identification number, bank account
number, credit/debit card number, phone number, and so forth, in some way that
involves any fraudulent activity or deception.
This can be done, technically, for economic gain to obtain any kind of goods
and services. Criminals may also use such data to fraudulently obtain fake
identification cards, bank accounts, birth certificates, and important documents.
Even fingerprints can be used as a weapon of identity theft. A lot of personal data via
any fake biometric device can cause a breach of personal data. If a person’s
fingerprints fall into the wrong hands, it might allow the criminals to make profits in
the former’s name which has been used.
Incidentally, most victims hardly realize that such a breach of personal data
has even been done, and by the time the realization arrives, it might even be too late
to recover from such an incident.
89
https://www.indiatoday.in/technology/news/story/over-27-million-indian-adults-experienced-
identity-theft-in-the-past-12-months-says-norton-report-1792553-2021-04-19
99
Recovery from such Identity Thefts is a long process that takes months and
years, and yet, the success rate is very low.
2.2.11.3 Modes of Identity Thefts
There are various techniques through which data theft could be committed and
personal information could be procured through electronic devices. These are as
follows –
Hacking:
90 The persons known as hackers unscrupulously break into the information

contained in any other computer system. Section 66 deals with the offense of
unauthorized access to the computer resource and defines it as “Whoever with the
purpose or intention to cause any loss, damage or to destroy, delete or to alter any
information that resides in a public or any person’s computer.
Diminish its utility, values or affects it injuriously by any means, commits

hacking.” The offense of hacking is a violation of one’s fundamental right to privacy
as provided by the Constitution of India.
It is a method wherein viruses or worms like malware divert information from

another computer system by decrypting it to the hacker who after obtaining the
information either use it themselves or give it to others to commit fraud using such
information.
Phishing:
It uses fake email-ids or messages containing viruses-affected websites. These

infected websites urge people to enter their personal information such as login
information, account information.
Email/SMS spoofing:
The spoofed e-mail is one that shows its origin to be different from where it
actually originated. In SMS spoofing, the offender steals the identity of another
90
Dr.S.R.Myneni,Information Technology Law, Asia Law House Hyderabad, Second Edition
100
person in the form of a phone number and sending SMS via the internet and the
receiver gets the SMS from the mobile number of the victim.
ATM skimming/carding:
Cybercriminals make unauthorized use of ATM debit and credit cards to

withdraw money from the bank accounts of the individual.
Vishing:
91The cyber-criminal calls the victim by posing to be a bank representative or

call center employee, thereby fooling them to disclose crucial information about their
identity.
Pharming
It is a form of online fraud involving malicious code and fraudulent websites,

through which cybercriminals install malicious codes on a computer server. These
codes automatically direct the user to fraudulent websites without the knowledge or
consent of the user. These websites look similar to that of the original website,
wherein the users may not even realize the fraudulent activity while submitting
personal data and information, as well as their financial data.
Malware
Malware refers to the intrusive software that is designed to damage or destroy

computer systems and their existing data, to gain unauthorized access to a network.
These are malicious software variants, including viruses, ransomware, and spyware.
Malware is typically delivered in the form of a link or file over email and requires the
user to click on the link or open the file to execute the malware
Warning signs
Most victims aren’t aware of the possible signs that act as indicators of an
identity threat taking place. These indicators are as follows –
91
T. Viswanath, The Indian Cyber Law, Third Edition 2022
101
 Warning/Notice from bank/service provider;
 Unauthorized statement of card purchases;
 Randomly receiving of One Time Password (OTP) from unknown websites;
 Verification calls from bank or service provider;
 Small amounts being debited from bank account at frequent or regular

intervals.
 Cybercriminals make use of unsecured websites to gain access to the user’s

personal and financial information. Users are influenced to access these
websites and fill in their details which are then received by the cyber attackers
or hackers. Websites having the domain name “HTTPS” are considered
secured, whereas, websites with the domain name “HTTP” are considered
unsecured websites.
2.2.11.4 Identity Theft in the Modern Era
92In the modern age of computerization, globalization, and the internet world,
our computers and electronic devices collect a lot of information about every human
being and stores them in files secreted deep on its hard drive. Storage of sensitive
information such as login IDs and passwords, names, addresses, and even credit card
numbers, occur using files like cache, browser history, and other temporary internet
files.
Using such sensitive information, a hacker can access this data by wrongful
means and can share the same with someone else or can even install some nasty
software on the computer and electronic device to extract sensitive and secretive
information.
92
https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-
7184-430e1f860a44
102
93Identity theft possesses a very serious problem for everyone in this age of
digitalization. It is a serious crime, increasing at a tremendous rate, causing damage to
consumers financially, leading institutions retail establishments, and the economy as a
whole. The reality is more complex with electronic identity fraud expanding the range
of forms. It is not necessary that such fraud may only impact financially, but it may
also cause intense damage to the reputation, time spent dealing with disinformation,
and exclusion from particular services since the stolen name has been used
improperly.
Time has come in order to consider that electronic networks work as an

enabler for identity theft, where the thief intends to gain information online for acting
offline, and for the basis of theft or other injuries which shall be caused online.
Identity theft has become the crime of the century – the latest and most
horrendous of a string of appalling white-collar crimes. Everyone is unsafe with more
and more data fraud cases coloring the headlines by the end of the day.
There has been a rapid increase in data fraud and identity theft cases in
developing economies like India, too. Although the Government of India is reluctant
enough not to release any data on the number of cases related to identity theft that has
taken place in the recent past, it may be assumed with the regular writings in the
newspaper columns how dangerous and frequent these identity thefts are occurring in
the course of our day-to-day life.
2.2.11.5 The Pandemic Effect of Identity Theft in India
According to the 2021 Norton Cyber Safety Insights Report, the cyber safety
major surveyed more than 10,000 adults in 10 countries for the results, among which
1000 adults from India submitted their respective responses. The report indicates that,
of 1000 respondents in the country, 36% of Indian adults detected unauthorized
access to an account or device in the past 12 months.
93
https://www.news18.com/news/tech/identity-theft-the-biggest-cyber-security-threat-in-india-2-7-
crore-affected-in-2020-norton-3656822.html
103
Every 2 out of 5 Indians experienced identity theft. 14% of the victims were
impacted during the past year alone, which indicates that almost 27 million Indian
adults experienced identity theft in the past 12 months, as per the reports. The reports
also indicate that almost 60% of the entire population of adults and from the older
generation have a fear of their identity being stolen.
Almost 65% of the population of adults feel that they are well protected
against the occurrence of any kind of identity theft, whereas, many have no idea about
what to do in case of identity theft. The major percent who are unaware of the facts of
identity theft wish to have more information on such incidents so that they can
prepare themselves accordingly.
A major reason for the frequent and astonishingly high rise in the cases of
identity theft in India is regarded as the remote working caused by the pandemic. It
has been revealed by studies that almost 7 out of 10 Indian adults have been affected
by various cybercriminals and hackers due to the remote working feature that the
victims had to adapt to, owing to the circumstances.
Despite such vulnerability concerning remote working, according to reports,

only 36% of the total population of adults have purchased security software or
increased pre-existing security software after facing unauthorized access to their
account or device.
2.2.11.6 Legal Analysis of Identity Theft in India
94“Identity” is the proof of one’s existence, whereas, “theft” is the unlawful

possession without ownership or the consent of the entitled person. Thus, identity
theft is when an individual possesses another’s existence without the consent or
ownership of that person. In simple words, identity is stolen when a person happens to
duplicate or impersonate another person who he is not.
The Black Law’s Dictionary states identity theft as the unlawful taking and
use of another person’s identifying data for fraudulent purposes. Identity theft is a
very broad term and expands to a considerable number of offenses from
94
https://www.investopedia.com/terms/i/identitytheft.asp
104
misrepresentation to forgery, whilst some are considered to be traditional crimes, and
the others, such as ATM skimming, phishing, etc., fall under the broader aspect of
identity theft.
According to the Indian Law, identity theft is considered to be punishable

under two legislations, namely, the Indian Penal Code (IPC), 1860, and Information
Technology Act (IT Act), 2000. As an offense, identity theft was recognized after the
amendment of the Indian Penal Code by the Information Technology Act, 2000.
These amended provisions mainly deal with electronic records to be specific.

The electronic record, according to the IPC, 1860, is similar to the definition as stated
in the IT Act, 2000, which implies electronic record as, “data, record, or data
generated, image, the sound which is sent or received through any electronic form.
Focussing on the provisions related to the offense of Identity Theft, ‘theft’,

under Section 378 of the IPC, 1860, may not cover identity theft since it only extends
to the movable, tangible, property, and does not include cyberspace. No specific
section in the Indian Penal Code, 1860, mentions “identity theft”, but
Sections 463, 464, 465, 469, and 474 of IPC, 1860, provided the provisions for
penalizing forgery, and after the amendment of IPC, 1860, 95identity theft has also
been included under the scope of these provisions. Section 419 and 420 of the IPC
interpret identity theft as cheating and is equally punishable since it is cheating by
impersonation.
Indian Penal Code, 1860, beats around the bush to criminalize identity theft
and adds it as an extended forgery or cheating. The term ‘identity theft’ was added
into the Information Technology Act, 2000, after its amendment in 2008. It took some
time to realize the necessity of offense-specific laws, under Section 66C of the IT Act,
2000, which protects the fraudulent and dishonest use of any identification feature of
any person
95
https://www.indiatoday.in/information/story/victim-of-identity-theft-ways-to-know-if-someone-has-
stolen-your-identity-1810383-2021-06-03
105
Implementing and executing these laws is another big problem that justice
faces. There is no personnel to cope up with the constantly updating cybercrimes in
India. Also, there is a lack of awareness of these serious cyber-crimes which feeds
into the rise in the number of cases of identity theft. National Cyber Security Policy
(NCSP), 2013, focuses on the creation of a national nodal agency as well as proper
and strict certification policy, yet, lacks in many areas.
Presently, under the IT Act, 2000, there is only one type of certification policy
namely ISO027001 ISMS certification, which does not satisfy the legitimacy of such
certification and NCSP does not plan to introduce more certification policies. The
NCSP, 2013, also encourages compliance with the open standards and public key
infrastructure, without the provision of a basic definition.
Also, the policy aims at a human resource of building a team of around 5 lakh
personnel in the upcoming five years, which falls short in reality. Overall, the
National Cyber Security Policy, 2013, turned out to be more of a superficial plan and
distant from the basic reality.
Thus, it can be said that these laws seem to be sufficient in order to be able to
tackle the offense of identity theft, however, the growing number of reported cyber
outbreaks raise several questions on the existing legislation.
2.2.11.7 Laws Protecting Identity Theft
Considering the long list of the forms of Identity Theft, let us choose the top
two of its ways, i.e., ATM Skimming and Phishing.
 ATM skimming
 Understanding ATM skimming
The idea of “cash anywhere, anytime” has encouraged the setup of machines that
would allow easy withdrawal of cash by authorized account holders. Sooner rather
than later, automated teller machines (ATMs) became the primary and much-needed
facility that has been provided by the banks to their respective customers. ATM frauds
have been conducted in various forms for years now, by way of, placing keypad
106
overlays, hacking of the cameras placed in the cabins, to the installation of cameras in
the machine itself.
Among all of these, skimming has become a much more advance and concerning
the form of financial fraud. Identity theft is considered as the initial point as it webs
out to other forms of offenses, and thus, a whole chain of events can cause financial
losses.
The definition of ATM skimming has not been specifically provided but ATM
“Skimming” is considered to be an illegal activity that involves the installing of a
device, that is usually undetectable by ATM users, and which secretly records bank
account data when the user inserts an ATM card into the particular machine.
Using such a comprehensive method, the criminals can be able to encode the
stolen data onto a blank ATM card and use it to steal money from the account
holder’s bank account.
Considering the level of crime such as ATM skimming, the aptness of legislation
and accountability for such high-end sinister crime is an angle that needs to be
countered while exploring the realm of such offense.
The only provision of the legislation that, to some extent can cope up with
crimes related to ATM skimming is the Information Technology Act, 2000, along
with the Information Technology (Amendment) Act, 2008.
Case Reference:
As stated by the court in the case of Commissioner Of Income Tax-III v/s.

M/S NCR Corporation Pvt Ltd., ATMs fall under the jurisdiction of cyber penal laws
since any computer system is an integral part of an ATM machine, and based on
information processed by such computer system in the respective ATM machine, the
mechanical function of the cash dispensation or cash deposit is processed. Therefore,
ATMs can be considered as computers within the purview of the Information
Technology Act, 2000.
107
Legal framework:
With only handful of acts that exist to govern cyber law in India, there are a
very limited number of provisions that comply and apply to cybercrimes like ATM
skimming. Provisions that deal with the crime of ATM skimming under the
Information Technology Act, 2000, are Sections 43 & 66. Adding to these two,
Sections 43A, 66C, 66D have been added after the amendment of the Information
Technology Act, 2008, along with other provisions such as Section 420 of the Indian
Penal Code.
96 Section 43 of the Information Technology Act, 2000, provides the civil

liability of a third party, wherein any person, without the permission of the owner or
the person in charge of access, downloads, copies, contaminates virus, damages,
disrupts, or causes interruption, denies access, provides access to any unauthorized
person in accordance to the act, and charges the services availed of by any person to
the account of another.
These clauses under Section 43 are accustomed to Section 63 to Section 74 of

the IT Act, 2000. It must be noted that clauses (i) and (j) happen to deal with more
serious crimes related to tampering of computer source code, alteration, damage, or
destroying of any information residing in the computer resource. However, Section 43
only lays down the provisions with the liability of a third party instead of a data
processor or data controller.
Attempts have been made in the recent Personal Data Protection Bill, 2019, to
include damage and the standard on which such fraudsters can be held liable.
Although the Personal Data Protection Bill, 2019, does not specifically define damage
or injury, however, it explains “harm” which expressively includes the situation
causing bodily or mental injury, loss, distortion, identity theft, and financial loss or
loss of property, further identifying the standard on which such criminals can be
penalized which are more inclusive of the crucial aspects of ATM skimming.
96
https://blog.ipleaders.in/identity-theft-growing-threat-families/
108
The shortcomings on data protection and the liability of a corporate body can
be comprehensibly marked in Section 43A of the Information Technology
(Amendment) Act, 2008, wherein, a body corporate possessing, dealing or handling
any ‘sensitive personal data’ is negligent in implementing or maintaining ‘reasonable
security practices and procedure’, which further causes any wrongful loss or wrongful
gain, and shall be liable to pay compensation to the aggrieved person.
97 Reasonable security practices and procedures as stated in the explanation

may arise by way of agreement, through any law in force or as prescribed by the
central government in consonance to expert advice as it may deem fit, and such
explanation shall provide a brief outline of what can be constituted as a reasonable
practice and procedure rather than that what provides a comprehensive meaning to it.
Subsequently, a wide power and discretion have been given to the central
government for providing a suitable meaning to sensitive personal data as well as
personal data which is yet to be classified in the Act. However, an effort has been
made in the Personal Data Protection Bill, 2019, to give meaning to ‘personal data’
and ‘sensitive personal data’ while omitting Section 43A completely, and further,
fragmenting the liability of body corporate into the liability of data processor and data
fiduciary.
According to the Personal Data Protection Bill, 2019, personal data includes
traits, characteristics, attributes, or any other information of a natural person about the
identity of such person whether online or offline also may include any data or
information from which an inference can be drawn for profiling.
A more comprehensive approach has been taken while defining sensitive

personal data, which not only includes biometric, financial, health, sex life, caste or
tribe but also inscribes transgender status, intersex status, and sexual orientation.
Referring to what can be considered as personal data or sensitive personal data,

the Personal Data Protection Bill, 2019, also provides an explanation, wherein it states
that if disclosure of such data causes significant harm, or, if there is an expectation of
97
Dr.Vishwanath Paranjape ,Cyber Crimes and Law, Central Law Agency 2019
109
confidentiality, such can be classified and sanctioned as sensitive personal data bby
the authority under the Personal Data Protection Bill, 2019.
This definition incorporates the loss of personal information through ATM

skimming and the subsequent financial loss as sensitive personal data. Yet, there is
still room left in terms of the categorization of sensitive data and penalty to be
imposed based on the seriousness of the loss occurring due to the negligence and
inadequate security by such data processors or data fiduciary.
ATM skimming, as criminal liability, is covered concerning other offenses

under Section 66 of the Information Technology Act, 2000, which explains that any
offense covered under Section 43 shall be punishable with imprisonment for a term of
3 years or with a fine which may extend to five lakh rupees or both.
On the other hand, Section 66C and 66D deal with the punishment for identity
theft and cheating by impersonation by using computer resources. These available
provisions are still to include ATM skimming or skimming in general as a specific
offense.
In the case of Vidyawanti v/s. State Bank of India, a revision petition was
submitted by the petitioner to the National Consumer Disputes Redressal Commission,
New Delhi. In this case, after a failed transaction at the ATM of State Bank of India
installed at Nehru Place, Karnal, several unauthorized transactions took place at the
ATM through the account of the complainant.
On the same day, the complainant wrote a letter to the State Bank of Patiala
seeking a refund of Rs. 40,000 wrongfully withdrawn from her account. However, the
respondents failed to oblige. This led to the filing of the consumer complaint by the
aggrieved party. It was held by the court that, from the shreds of evidence shown to
the Hon’ble Court, it was clear that a third party had manipulated the ATM machine
which had further resulted in unauthorized transactions.
Since the money had been wrongfully withdrawn from the account of the
complainant, the body corporate who was in such banking business, earned a profit
out of it and was liable to make good of the loss incurred to the aggrieved party.
110
This case clearly defined the scope of the bank’s liability about the
manipulation of such ATMs as the burden of responsibility would be on the banks to
make sure that the ATM machines were not altered and ensured compliance with the
standard of security.
Phishing:
98Phishing, as per the Oxford Dictionary, is termed as the fraudulent practice

of sending e-mails disguised as reputed companies to induce individuals to reveal
important personal information such as passwords and credit card numbers, and so
forth.
Phishing is a form of identity theft that aims to steal sensitive information such
as online banking passwords, credit or debit card numbers, and such relatable
information from the users.
It is considered to be a kind of activity that is used to trick people into giving

up their financial identity such as, bank account details, pan card numbers, account
passwords, etc., over the Internet, or by e-mail, or by other means, and hence, using
such sensitive information for fraudulent activities in order to dupe money from the
users.
The Indian judiciary system has interpreted “phishing” in the case of

the National Association of Software and Service Companies v/s. Ajay Sood. It was
held by the court that, ‘Phishing’ is a form of internet fraud.
In the case of phishing, a person pretending to have a legitimate association,

such as a bank or an insurance company, in order to extract personal data from a user,
such as, access codes, passwords, etc. which are further used for his advantage, and
misrepresents on the identity of the legitimate party.
98
https://www.cyberralegalservices.com/detail-casestudies.php
111
Generally, phishing scams involve persons who pretend to be representing
online banks and siphon cash from e-banking accounts after conning the consumers
into handing over such confidential banking details.
Although phishing is not a new threat the constant increase in the quality of
the attacks makes it even more unpredictable. The introduction of new channels of
distribution, like instant messaging and social networks posing newer threats and
detection of phishing, becomes furthermore difficult.
Vishing, or also called ‘voice phishing’ has become the most recent
development in this field. Vishing attacks are perpetrated through a phone call.
Similarly, ‘Smishing’ is a new technique that is being used to phish through SMS.
Subsequently, ‘Pharming’ is the newest method of phishing wherein the

attacker redirects the victim to a malicious website of their choice. This is done
through the conversion of an alphabetical URL into a numerical IP address to locate
and direct the visitors to the malicious website.
Legal framework:
From the legal point of view, in India, under the Information Technology Act,
2000, phishing is considered to be punishable since it involves fraudulently acquiring
sensitive information through disguising a site as a trusted entity. Some provisions are
applicable on phishing, for example, Sections 66, 66A, and 66D of the Information
Technology Act, 2000, and Section 420, 379, 468, and 471 of the India Penal Code,
1860.
The repealed clause (c) of Section 66A of the IT Act states that such an act is
punishable if any person, using any computer resource, communication device, or any
electronic mail sends a message for causing annoyance, inconvenience, to deceive or
to mislead the addressee or the recipient about the origin of such message.
In this section, the act of phishing could have been included under clause (c)
since phishing is an act of deceiving and misleading the receiver of the mail or SMS
or any other electronic form, but this section was later omitted in the year 2015 since
112
it went against the freedom of speech and expression under the Article 19(2) of the
Constitution of India.
However, Section 66D of the Information Technology Act, 2000, penalizes

cheating by impersonation utilizing any communication device or computer resource
with imprisonment as described for a term which may extend to three years, and shall
also be liable
However, this section does not mention the word ‘phishing’, yet it is still
inclusive of ‘Phishing’ and the extended forms, since, in phishing, there is an
impersonation for the purpose of cheating or duping people to extract data or money.
While there is a rise in the number of phishing cases, yet there is no such
mechanism or authority placed in order to take cognizance of these matters. The only
possible way for the victims of phishing to find a remedy is to report at the police
station where the crime has been committed.
Due to the lack of technology, the Indian police department is not well-
equipped to solve these identity theft-related crimes. For the police department to be
able to take stern actions, it is necessarily required to have a cyber-cell, or cyber-
crime branch, at each district if not at every police station.
Even in the recently released National Cyber Security Policy, 2013, there are
only mere suggestions, with no actual method being formulated to reduce the
increasing number of identity frauds.
Case References of identity theft:
99 Let us now study the different landmark cases concerning the various
sections under the Information Technology Act, 2000.
 Section 43 – Penalty and compensation for damage to a computer, computer

system, etc.
Mphasis BPO Fraud, 2005
99
Dr. Bhagyashree A. Deshpande, Cyber Law, Central Law Publication, 2019
113
In this case, four call center employees who were working at an outsourcing
facility operated by “Mphasis” in India, gathered PIN codes from four customers of
Mphasis’ client, The Citi Group. These suspected employees were not authorized to
obtain such PIN codes. In association with others, the employees opened new
accounts at Indian banks using false identities.
Within two months, they used the PIN codes and other account information
obtained during their employment at Mphasis to transfer money from the respective
bank accounts of The Citi Group customers to the newly created bank accounts at the
Indian banks.It was by April 2005 that the Indian police had tipped off to the scam by
a bank from the United States, and had quickly identified the individuals involved in
the scam.
The accused were arrested when they attempted to withdraw cash from the
falsified accounts; approximately $426,000 was stolen; the amount that could be
recovered was $230,000. It was held by the Court that Section 43(a) was applicable
here due to the nature of unauthorized access involved in committing such
transactions.
 Section 65 – Tampering with computer source documents.
Syed Asifuddin and Ors. v/s. The State of Andhra Pradesh
This case relates to the Tata Indicom employees who were arrested for the
manipulation of the electronic 32-bit number, known as ESN, that is programmed into
the cell phones which had been stolen exclusively franchised to the Reliance
Infocomm. It was held by the Court that such tampering with the source code invoked
Section 65 of the Information Technology Act, 2000.
 Section 66 – Computer related offences.
Kumar v/s. Whiteley
In this case, the accused obtained unauthorized access to the Joint Academic
Network (JANET) and hence, deleted, added extra files and changed the passwords to
deny access to the authorized users of the organization. Upon investigation, it had
114
come to light that, Kumar, the accused, was logging in to the BSNL broadband
Internet connection pretending to be the authorized genuine user and ‘altered the
computer database of broadband Internet user accounts’ of the subscribers.
The CBI had to register a cyber-crime case against Kumar and carried out
investigations based on a complaint raised by the Press Information Bureau, Chennai,
which further detected the unauthorized misuse of broadband Internet.
The complaint had also stated that the subscribers had incurred a loss of Rs.
38,248/- due to Kumar’s such wrongful act. It was found that he used to ‘hack’ sites
from Bangalore, Chennai, and other cities too, the Press Information Bureau stated.
It was held by The Additional Chief Metropolitan Magistrate, Egmore,

Chennai, that the accused, N G Arun Kumar, the techie from Bangalore shall be
sentenced to rigorous imprisonment for one year along with a fine of Rs. 5,000/-
under Section 420 IPC (cheating) and Section 66 of IT Act (Computer related
Offense).
 Section 66A – Punishment for sending offensive messages through

communication service.
On 9th September 2010, an imposter made a fake profile in the name of the then
Hon’ble President of India, Mrs. Pratibha Devi Patil. A complaint was lodged from
the Additional Controller, the President Household, and the President Secretariat
regarding the four fake profiles which were created in the name of the then Hon’ble
President on a social networking website, Facebook.
100The mentioned complaint stated that the President’s House had nothing to do
with Facebook and the fake profile was misleading the general public. The FIR under
Section 469 IPC, and 66A of the Information Technology Act, 2000, was registered
based on such complaint at the police station of Economic Offences Wing, the elite
wing of Delhi Police, which specializes in the investigation of economic crimes
including cyber offenses.
100
Dr. Santhosh Kumar, Cyber Laws and Cyber Crimes, Whitemann Publication, 2020
115
 Section 66D – Punishment for cheating by impersonation by using computer
resources.
Samdeep Vaghese v/s. State of Kerala
The representative of a Company, which was engaged in the business of trading

and distribution of petrochemicals in India and overseas, filed a complaint against
nine persons, alleging offenses under Sections 65, 66, 66A, 66C, and 66D of the
Information Technology Act, 2000, along with Section 419 and Section 420 of the
Indian Penal Code, 1860.
The company had a website in the name of `www.jaypolychem.com’. However,

another website, called, `www.jayplychem.org’ was set up in the social platform by
the accused Samdeep Varghese, a.k.a., Sam, (who was dismissed by the company) in
conspiracy with another accused, including Preeti and Charanjeet Singh, who happen
to be the sister and brother-in-law of `Sam’, respectively.
Defamatory statements and malicious matters about the company and its directors
were made available publicly on that website. The accused sister and brother-in-law,
respectively, of Sam, based in Cochin, and had been acting in collusion with known
and unknown persons, who had collectively created the company and committed acts
of forgery, impersonation, etc
Another two of the accused, Amardeep Singh and Rahul had often visited Delhi
and Cochin. The first accused and others sent emails from fake email IDs of many of
the customers, suppliers, banks, etc., to malign the name and image of the Company
and its Directors.
The defamation campaign run by all the said persons named above had caused
immense damage to the name and reputation of the Company. Hence, the Company
suffered losses of several crores of Rupees from producers, suppliers, and customers
and was unable to do business.
 Section 66E – Punishment for violation of privacy.
Jawaharlal Nehru University MMS Scandal
116
In a severe shock to the prestigious and renowned institute as the Jawaharlal
Nehru University, a pornographic MMS clip was made on the campus and transmitted
outside the university. Few of the media reports claimed that the two accused students
initially intended to extort money from the girl in the video. However, when such an
attempt had failed, the accused put the video out on mobile phones, on the internet
and even sold it as a CD in the blue film market.
 Section 66F – Cyber terrorism.
Bomb Hoax Mail Case
101The Mumbai police had registered a case of ‘cyber terrorism’, one of the
first in the state since the Information Technology (Amendment) Act, 2008, came into
effect, wherein, a threat email was sent to the BSE and NSE. The MRA Marg police
and the Cyber Crime Investigation Cell are jointly probed into the case. The suspect
had been detained in this case.
The police said that an email was sent, challenging the security agencies to
prevent a terror attack, by one Shahab Md. with email
ID, “sh.itaiyeb125@yahoo.in” to the BSE’s administrative email
ID, “corp.relations@bseindia.com”. The IP address of the sender was traced and it
was found out that such mail had come from a village in Patna in Bihar. The ISP was
Sify.
The fact that the email ID was created just four minutes before the email was
sent had come to light soon. In order to divert the police from tracing the accused, the
sender had, while creating such email ID, provided two mobile numbers in the
personal details column.
Both the numbers, after investigation, were found out to be belonging to a

photo frame-maker in Patna. Consequently, the MRA Marg police registered forgery
101
DR. Karnan Satyanarayana, Step by Step in Cyber Crimes Investigation, Asian Law House, 2021
117
for purpose of cheating, criminal intimidation cases under the Indian Penal Code, and
a cyber-terrorism case under the Information Technology (Amendment) Act, 2008.
 Section 67 – Punishment for publishing or transmitting obscene material in

electronic form.
State of Tamil Nadu v/s. Suhas Katti
This case is related to the posting of obscene, defamatory, and annoying

messages about a divorcee woman in the Yahoo message group. Emails were
forwarded to the victim for information by the accused through a fake email account
opened by the accused in the name of the victim.
These postings led to annoying phone calls coming to the lady. Based on the
lady’s complaint, the police tracked and arrested the accused. Upon investigation, it
was revealed that he was a well-known family friend of the victim and was interested
in marrying her. However, she was married to another person, and that marriage
ended in divorce, the accused started contacting her.
102On her denial of his proposal to marry him, he started harassing her through
the social media platform. It was held that the accused was found guilty of offences
under Section 469, Section 509 of the Indian Penal Code, 1860, and Section 67 of the
Information Technology Act, 2000. The accused was further sentenced for the offence
as follows:
 As per Section 469 of the Indian Penal Code, 1860, he had to undergo rigorous
imprisonment for 2 years and had to pay a fine of Rs.500/-.
 As per Section 509 of the Indian Penal Code, 1860, he had to undergo 1 year
of simple imprisonment and had to pay Rs.500/-.
 As per Section 67 of the Information Technology Act, 2000, he had to

undergo 2 years of imprisonment and had to pay a fine of Rs.4000/-.
102
https://blog.ipleaders.in/critical-analysis-cybercrime-india/#Types_of_cybercrimes
118
All of the above sentences were to run concurrently. The accused paid the fine
amount and was lodged at the Central Prison in Chennai. This was considered the
first-ever case where the accused had been convicted under Section 67 of the
Information Technology Act, 2000, in India.
 Section 67B – Punishment for publishing or transmitting of material depicting

children in the sexually explicit act, etc., in electronic form.
Janhit Manch and Ors. v/s. The Union of India
A Public Interest Litigation (PIL) was submitted, wherein, the petition sought
for a blanket ban on pornographic websites. The Non-Governmental Organization had
argued that websites displaying such sexually explicit content, especially those that
include children, had an adverse effect and influence, leading the youth on a
delinquent path.
2.2.11.8 Protection From Identity Theft
 To protect oneself from the increasing rate of identity theft cases, the
following measures are being suggested –
 Compulsory use of a strong password or secret security PIN;
 Mandatory change of password regularly;
 Keeping a distance from shady or suspicious websites and links;
 Never providing someone else any personal information;
 Protection of documents and important data;
 Having an authorized security firewall to protect from being hacked into

electronic devices
 Limiting the exposure of credit cards and other personal information cards.
 If someone has been a victim of identity theft, it is important to contact the

local police station immediately, followed by a complaint at the residing area’s
119
 Cyber Cell Police Station and the concerned institution, for eg., if Naveen’s
bank details have been compromised and there is an unwanted transaction
taken place without consent, Naveen should contact the Bank authorities
where he is the authorized account holder.
2.2.11.9 Conclusion
Identity theft has been a huge invasion of privacy for a person, affecting the
victim, both mentally and socially. However, the impact of identity theft is not limited
to the individual; it equally poses a threat to organizations and companies as well.
From the legal point of view, Indian laws are on a back-foot when it comes to
the protection of identity theft, or, an individual or organization’s data, leaving a huge
scope of improvement of laws as well as policies and regulations concerning identity
theft.
The lack of specific laws, act as a host of manipulative offences which have
rapidly grown in the recent past, as compared to the last two decades. To ensure
adequate implementation of the existing laws, and to equally monitor the situation, a
proper system with an efficient hierarchy of jurisdiction is necessary.
It is also necessary to curb overlapping of power and employ adequate humane

personnel. Lastly, the government needs to create awareness among the consumers for
the ways of protecting personal information and safe internet practices. Furthermore,
they need to be educated about their rights and redressal of mechanisms that are
available to them in case of identity theft.
To minimize the harm and early detection of identity theft, individuals should
also keep a track of their credit report and keep a track of the personal data wherever
it is being used, and ask for justification as to why such data is being required and
how safe it is.
120
2.3 PREVENTION OF CYBER CRIMES
103 As per the recommendations of the International Maritime

Organization (IMO), the cyber-attack risk must be approached using the following
framework:
 The first step is to define the roles and responsibilities of the personnel
responsible for cyber risk management.
 The second step is to identify the systems, assets, data, or capabilities that will
put the operation at stake if disrupted.
 To protect against a potential cyber event and to maintain continuity of

operations, it is important to implement risk-control processes and
contingency plans.
 It is also important to develop and implement measures to detect a cyber-

attack as quickly as possible.
 Preparation and implementation of plans to restore critical systems for

continued operations by providing resilience.
 Finally, identify and implement measures to be taken to backup and restore

any affected systems.
The following can be the strategies can be used to prevent cyber crime:
2.3.1 Analyze your Risk Exposure
 104In order to adequately prepare for a cyber attack, you must assess the threat
and give due consideration. Companies should consider the following:
 They should consider all areas where they are susceptible to cyberattacks and
any operational vulnerabilities resulting from them.
103
blog.ipleaders.in/how-to-prevent-cyber-crime
104
https://www.legalservicesindia.com › Prevention of Cyber Crime - Legal Services India
121
 A vulnerability assessment of all systems is necessary to identify those that are
critical to the business, to understand the potential exposures each has, and to
assess the impact of any cyber-attack on business continuity.
 IT systems and operational technology systems should be checked by

businesses
2.3.2 Preventive Measures
 105It is recommended that businesses adopt national or international technical

standards that provide a high level of protection. These general prevention
measures are recommended for companies that currently lack the necessary
technical or financial capabilities. The following is the list of preventive
measures:
 106 Applying multiple layers of defence, beginning with physical security,

followed by management policies and procedures, firewalls and network
architecture, computer policies, account management, security updates and
finally antivirus applications.
 Implementing a principle of least privilege, which restricts information and

access to only those set of people who needs to know that particular
information.
 Implementing network-hardening measures, assuring patch management is

sufficient and is proactively reviewed.
 Securing critical systems by utilizing technology such as protocol-aware

filtering and segregation.
 Ensuring that removable devices are encrypted and that any USB used with
any other device is tested for viruses.
105
https://www.myadvo.in › blog › How to Prevent Cyber Crime in India?
106
https://www.kaspersky.com Cybercrime Prevention & Cybercrime Security
122
 107Furthermore, in order to prevent the negative impact of a cyberattack from
further escalating and restoring business operations, it is important to develop
business continuity plans, identify key personnel, and implement processes.
 Additionally, organising frequent training and awareness sessions for all

employees can also help.
 Compliance audits of third-party service providers will also be beneficial.
CHAPTER III
CYBER CRIME LAWS IN INDIA
In terms of cybersecurity, there are five main types of laws that must be
followed. Cyber laws are becoming increasingly important in countries such as India
which have extremely extensive internet use. There are strict laws that govern the use
of cyberspace and supervise the use of information, software, electronic commerce,
and financial transactions in the digital environment. India’s cyber laws have helped
to enable electronic commerce and electronic governance to flourish in India by
safeguarding maximum connectivity and minimizing security concerns. This has also
made digital media accessible in a wider range of applications and enhanced its scope
and effectiveness.
Cyber law is the part of the overall legal system that deals with the internet,
cyberspace, and their respective legal issues. Cyber law covers a fairly broad area
covering several subtopics including freedom of expression, access to and usage of
the internet, and online privacy. Generically, cyber law is referred to as the Law of the
Internet.
Cyber Law is a generic term referring to all the legal and regulatory aspects of
the internet. Everything concerned with or related to or emanating from any legal
aspects or concerning any activities of the citizens in the cyberspace comes within the
107
https://www.lawyered.in › articles Prevention of cyber crime
123
ambit of cyber laws. Cyber law covers legal issues which are related to the use of
communicative, transactional, and distributive aspects of network information
technologies and devices. It encompasses the legal, statutory, and constitutional
provisions which affect computers and networks.
3.1 INFORMATION TECHNOLOGY ACT, 2000 (IT Act)
3.1.1 Overview of the Act
108It is the first cyberlaw to be approved by the Indian Parliament. The Act
defines the following as its object:
“to provide legal recognition for transactions carried out by means of

electronic data interchange and other means of electronic communication, commonly
referred to as electronic methods of communication and storage of information, to
facilitate electronic filing of documents with the Government agencies and further to
amend the Indian Penal Code, the Indian Evidence Act, 1872, the Banker’s Book
Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters
connected therewith or incidental thereto.”
However, as cyber-attacks become dangerous, along with the tendency of

humans to misunderstand technology, several amendments are being made to the
legislation. It highlights the grievous penalties and sanctions that have been enacted
by the Parliament of India as a means to protect the e-governance, e-banking, and e-
commerce sectors. It is important to note that the IT Act’s scope has now been
broadened to include all the latest communication devices.
The Act states that an acceptance of a contract may be expressed electronically

unless otherwise agreed and that the same shall have legal validity and be enforceable.
In addition, the Act is intended to achieve its objectives of promoting and developing
an environment conducive to the implementation of electronic commerce.
108
https://infosecawareness.in › Cyber Laws of India
124
3.1.2 The Important Provisions of the Act
The IT Act is prominent in the entire Indian legal framework, as it directs the
whole investigation process for governing cyber crimes. Following are the appropriate
sections:
Section 43: This section of the IT Act applies to individuals who indulge in
cyber crimes such as damaging the computers of the victim, without taking the due
permission of the victim. In such a situation, if a computer is damaged without the
owner’s consent, the owner is fully entitled to a refund for the complete damage.
In Poona Auto Ancillaries Pvt. Ltd., Pune v. Punjab National Bank, HO New
Delhi & Others (2018), Rajesh Aggarwal of Maharashtra’s IT department
(representative in the present case) ordered Punjab National Bank to pay Rs 45 lakh to
Manmohan Singh Matharu, MD of Pune-based firm Poona Auto Ancillaries. In this
case, a fraudster transferred Rs 80.10 lakh from Matharu’s account at PNB, Pune after
the latter answered a phishing email. Since the complainant responded to the phishing
mail, the complainant was asked to share the liability. However, the bank was found
negligent because there were no security checks conducted against fraudulent
accounts opened to defraud the Complainant.
Section 66: Applies to any conduct described in Section 43 that is dishonest or

fraudulent. There can be up to three years of imprisonment in such instances, or a fine
of up to Rs. 5 lakh.
In Kumar v. Whiteley (1991), during the course of the investigation, the

accused gained unauthorized access to the Joint Academic Network (JANET) and
deleted, added, and changed files. As a result of investigations, Kumar had been
logging on to a BSNL broadband Internet connection as if he was an authorized
legitimate user and modifying computer databases pertaining to broadband Internet
user accounts of subscribers. On the basis of an anonymous complaint, the CBI
registered a cyber crime case against Kumar and conducted investigations after
finding unauthorized use of broadband Internet on Kumar’s computer. Kumar’s
wrongful act also caused the subscribers to incur a loss of Rs 38,248. N G Arun
125
Kumar was sentenced by the Additional Chief Metropolitan Magistrate. The
magistrate ordered him to undergo a rigorous year of imprisonment with a fine of Rs
5,000 under Sections 420 of IPC and 66 of the IT Act
Section 66B: This section describes the penalties for fraudulently receiving
stolen communication devices or computers, and confirms a possible three-year
prison sentence. Depending on the severity, a fine of up to Rs. 1 lakh may also be
imposed.
Section 66C: The focus of this section is digital signatures, password hacking,
and other forms of identity theft. Thi section imposes imprisonment upto 3 years
along with one lakh rupees as a fine.
Section 66D: This section involves cheating by personation using computer

Resources. Punishment if found guilty can be imprisonment of up to three years
and/or up-to Rs 1 lakh fine.
Section 66E: Taking pictures of private areas, publishing or transmitting them

without a person’s consent is punishable under this section. Penalties, if found guilty,
can be imprisonment of up to three years and/or up-to Rs 2 lakh fine.
Section 66F: Acts of cyber terrorism. An individual convicted of a crime can

face imprisonment of up to life. An example: When a threat email was sent to the
Bombay Stock Exchange and the National Stock Exchange, which challenged the
security forces to prevent a terror attack planned on these institutions. The criminal
was apprehended and charged under Section 66F of the IT Act.
Section 67: This involves electronically publishing obscenities. If convicted,

the prison term is up to five years and the fine is up to Rs 10 lakh.
3.1.3 Positive and Negative Aspects of the IT Act
109This legislation contains the following benefits:
109
https://www.tutorialspoint.com › Cyber Laws in India
126
Several companies are now able to conduct e-commerce without any fear
because of the presence of this Act. Until recently, the development of electronic
commerce in our country was hindered primarily due to a lack of legal infrastructure
to govern commercial transactions online.
Digital signatures are now able to be used by corporations to conduct online

transactions. Digital signatures are officially recognized and sanctioned by the Act.
Additionally, the Act also paves the way for corporate entities to also act as
Certification Authorities for the issuance of Digital Signature Certificates under the
Act. There are no distinctions in the Act as to what legal entity may be designated as a
Certifying Authority, provided the government’s standards are followed.
Furthermore, the Act permits the companies to electronically file any of their
documents with any office, authority, body or agency owned or controlled by the
appropriate government by using the electronic form prescribed by that government.
It also provides information on the security concerns that are so crucial to the
success of the use of electronic transactions. As part of the Act, the term secure digital
signatures were defined and approved, which are required to have been submitted to a
system of a security procedure. Therefore, it can be assumed that digital signatures are
now secured and will play a huge part in the economy. Digital signatures can help
conduct a secure online trade.
It is common for companies to have their systems and information hacked.

However, the IT Act changed the landscape completely. A statutory remedy is now
being provided to corporate entities in the event that anyone breaches their computer
systems or network and damages or copies data. Damages are charged to anyone who
uses a computer, computer system or computer network without the permission of the
owner or other person in charge.
However, the said Act has a few problems:
Section 66A is considered to be in accordance with Article 19(2) of the

Constitution of India since it does not define the terms ‘offensive’ and ‘menacing’. It
127
did not specify whether or not these terms involved defamation, public order,
incitement or morality. As such, these terms are open to interpretation.
Considering how vulnerable the internet is, the Act has not addressed issues
such as privacy and content regulation, which are essential.
A domain name is not included in the scope of the Act. The law does not
include any definition of domain names, nor does it state what the rights and liabilities
of domain name owners are.
The Act doesn’t make any provision for the intellectual property rights of
domain name proprietors. In the said law, important issues pertaining to copyright,
trademark, and patent have not been addressed, therefore creating many loopholes.
3.2 INDIAN PENAL CODE, 1860 (IPC)
110 If the IT Act is not sufficient to cover specific cyber crimes, law
enforcement agencies can apply the following IPC sections:
Section 292: The purpose of this section was to address the sale of obscene
materials, however, in this digital age, it has evolved to deal with various cyber
crimes as well. A manner in which obscene material or sexually explicit acts or
exploits of children are published or transmitted electronically is also governed by this
provision. The penalty for such acts is imprisonment and fines up to 2 years and Rs.
2000, respectively. The punishment for any of the above crimes may be up to five
years of imprisonment and a fine of up to Rs. 5000 for repeat (second-time) offenders.
Section 354C: In this provision, cyber crime is defined as taking or publishing

pictures of private parts or actions of a woman without her consent. In this section,
voyeurism is discussed exclusively since it includes watching a woman’s sexual
actions as a crime. In the absence of the essential elements of this section, Section 292
of the IPC and Section 66E of the IT Act are broad enough to include offences of an
equivalent nature. Depending on the offence, first-time offenders can face up to 3
years in prison, and second-time offenders can serve up to 7 years in prison.
110
https://www.legalserviceindia.com ›The Law related to Cyber Crimes in India
128
Section 354D: Stalking, including physical and cyberstalking, is described and
punished in this chapter. The tracking of a woman through electronic means, the
internet, or email or the attempt to contact her despite her disinterest amounts to
cyber-stalking. This offence is punished by imprisonment of up to 3 years for the first
offence and up to 5 years for the second offence, along with a fine in both cases.
A victim in the case Kalandi Charan Lenka v. the State of Odisha(2017) has
received a series of obscene messages from an unknown number that has damaged her
reputation. The accused also sent emails to the victim and created a fake account on
Facebook containing morphed images of her. The High Court, therefore, found the
accused prima facie guilty of cyberstalking on various charges under the IT Act and
Section 354D of IPC.
Section 379: The punishment involved under this section, for theft, can be up
to three years in addition to the fine. The IPC Section comes into play in part because
many cyber crimes involve hijacked electronic devices, stolen data, or stolen
computers.
Section 420: This section talks about cheating and dishonestly inducing
delivery of property. Seven-year imprisonment in addition to a fine is imposed under
this section on cybercriminals doing crimes like creating fake websites and cyber
frauds. In this section of the IPC, crimes related to password theft for fraud or the
creation of fraudulent websites are involved.
Section 463: This section involves falsifying documents or records

electronically. Spoofing emails is punishable by up to 7 years in prison and/or a fine
under this section.
Section 465: This provision typically deals with the punishment for forgery.
Under this section, offences such as the spoofing of email and the preparation of false
documents in cyberspace are dealt with and punished with imprisonment ranging up
to two years, or both. In Anil Kumar Srivastava v. Addl Director, MHFW (2005), the
petitioner had forged signed the signature of the AD and had then filed a case that
made false allegations against the same individual. Due to the fact that the petitioner
129
also attempted to pass it off as a genuine document, the Court held that the petitioner
was liable under Sections 465 and 471 of the IPC.
Section 468: Fraud committed with the intention of cheating may result in a
seven-year prison sentence and a fine. This section also punishes email spoofing
Furthermore, there are many more sections of the IT Act and the Indian Penal
Code, which pertain to cyber crimes, in addition to the laws listed above.
Even though there are laws against cyber crime in place, the rate of cyber
crime is still rising drastically. It has been reported that cyber crime in India increased
by 11.8% in the year 2020, which accounted for reporting around only 50,000 cases.
Cyber crime is one of the toughest crimes for the Police to solve due to many
challenges they face including underreporting, the jurisdiction of crime, public
unawareness and the increasing costs of investigation due to technology.
111Certain offences may end up being bailable under the IPC but not under the
IT Act and vice versa or maybe compoundable under the IPC but not under the IT Act
and vice versa due to the overlap between the provisions of the IPC and the IT Act.
For example, if the conduct involves hacking or data theft, offences under sections 43
and 66 of the IT Act are bailable and compoundable, whereas offences under Section
378 of the IPC are not bailable and offences under Section 425 of the IPC are not
compoundable. Additionally, if the offence was the receipt of stolen property, the
offence under section 66B of the IT Act was bailable while the offence under Section
411 of the IPC was not. In the same manner, in respect of the offence of identity theft
and cheating by personation, the offences are compoundable and bailable under
sections 66C and 66D of the IT Act, whereas the offences under Sections 463, 465,
and 468 of the IPC are not compoundable and the offences under sections 468 and
420 of the IPC are not bailable.
In Gagan Harsh Sharma v. The State of Maharashtra (2018), the Bombay High
Court addressed the issue of non-bailable and non-compoundable offences under
111
https://www.geeksforgeeks.org › Cyber Laws (IT Law) in India
130
sections 408 and 420 of the IPC in conflict with those under Sections 43, 65, and 66
of the IT Act that is bailable and compoundable.
3.3 INFORMATION TECHNOLOGY RULES (IT Rules)
112There are several aspects of the collection, transmission, and processing of

data that are covered by the IT Rules, including the following:
The Information Technology (Reasonable Security Practices and Procedures

and Sensitive Personal Data or Information) Rules, 2011: According to these rules,
entities holding individuals’ sensitive personal information must maintain certain
security standards that are specified.
The Information Technology (Guidelines for Intermediaries and Digital Media

Ethics Code) Rules, 2021: To maintain the safety online of users’ data, these rules
govern the role of intermediaries, including social media intermediaries, to prevent
the transmission of harmful content on the internet.
The Information Technology (Guidelines for Cyber Cafe) Rules, 2011:

According to these guidelines, cybercafés must register with an appropriate agency
and maintain a record of users’ identities and their internet usage.
The Information Technology (Electronic Service Delivery) Rules,

2011: Basically, these regulations give the government the authority to specify the
delivery of certain services, such as applications, certificates, and licenses, by
electronic means.
Information Technology (The Indian Computer Emergency Response Team

and Manner of Performing Functions and Duties) Rules, 2013 (the CERT-In Rules):
There are several ways in which the CERT-In rules provide for the working of CERT-
In. In accordance with rule 12 of the CERT-In rules, a 24-hour Incident response
helpdesk must be operational at all times. Individuals, organisations and companies
can report cybersecurity incidents to Cert-In if they are experiencing a cybersecurity
112
Justice Yatindra Singh, Cyber Laws, Universal Law Publication Sixth Edition, 2016
131
Incident. The Rules provide an Annexure listing certain Incidents that must be
reported to Cert-In immediately.
Another requirement under Rule 12 is that service providers, intermediaries,

data centres, and corporate bodies inform CERT-In within a reasonable timeframe of
cybersecurity incidents. As a result of the Cert-In website, Cybersecurity Incidents
can be reported in various formats and methods, as well as information on
vulnerability reporting, and incident response procedures. In addition to reporting
cybersecurity incidents to CERT-In in accordance with its rules, Rule 3(1)(I) of the
Information Technology (Guidelines for Intermediaries and Digital Media Ethics
Code) Rules, 2021 also requires that all intermediaries shall disclose information
about cybersecurity incidents to CERT-In.
3.4 COMPANIES ACT, 2013
A majority of the corporate stakeholders consider the Companies Act of

2013 to be the most pertinent legal obligation to properly manage daily operations.
This Act enshrines in law all the techno-legal requirements that need to be met,
implementing the law as a challenge to the companies that are not compliant. As part
of the Companies Act 2013, the SFIO (Serious Fraud Investigation Office) is
entrusted with powers to investigate and prosecute serious frauds committed by
Indian companies and their directors.
As a result of the Companies Inspection, Investment, and Inquiry Rules,

2014 notification, the SFIOs have become even more proactive and serious in regard
to this. By ensuring proper coverage of all the regulatory compliances, the legislature
ensured that every aspect of cyber forensics, e-discovery, and cybersecurity diligence
is adequately covered. Moreover, the Companies (Management and Administration)
Rules, 2014 prescribe a strict set of guidelines that confirm the cybersecurity
obligations and responsibilities of corporate directors and senior management.
3.5 CYBERSECURITY FRAMEWORK (NCFS)
As the most credible global certification body, the National Institute of

Standards and Technology (NIST) has approved the Cybersecurity Framework
132
(NCFS) as a framework for harmonizing the cybersecurity approach. To manage
cyber-related risks responsibly, the NIST Cybersecurity Framework includes
guidelines, standards, and best practices.113 According to this framework, flexibility
and affordability are of prime importance. Moreover, it aims at fostering resilience
and protecting critical infrastructure by implementing the following measures:
 A better understanding, management, and reduction of the risks associated

with cybersecurity.
 Prevent data loss, misuse, and restoration costs.
 Determine the most critical activities and operations that must be secured.
 Provides evidence of the trustworthiness of organizations that protect critical

assets.
 Optimize the cybersecurity return on investment (ROI) by prioritizing

investments.
 Responds to regulatory and contractual requirements
 Assists in the wider information security program.
Using the NIST CSF framework in conjunction with ISO/IEC 27001 simplifies
the process of managing cybersecurity risk. Moreover, NIST’s cybersecurity directive
also allows for easier collaboration in the organization as well as across the supply
chain, allowing for more effective communication.
3.5.1 Why Cyber Crime Laws in India
Just like the other countries, our country is too concerned about the issue of
cyber security and related crimes. Particularly in India, there are a growing number of
cyber security concerns, and its responsibility to resolve them is of critical importance.
It has recently been revealed that the government is losing nearly R. 1.25 lakh crore
113
https://taxguru.in › Overview of cyber Law in India
133
per annum to cyber-attacks overall, according to an Economic Times analysis of
cyber crime.
According to another study published by Kaspersky, the number of attacks in

India increased from 1.3 million to 3.3 million from the first quarter of 2020 till the
end of that quarter. A total of 4.5 million attacks were recorded by India in July 2020,
which was the largest number recorded so far. In July 2021, In violation of the
Reserve Bank of India’s directions on the storage of payment system data, Mastercard
Asia/Pacific Pte Ltd (Mastercard) was banned from onboarding new domestic
customers. A cyber security policy, however, does not offer an adequate method of
preventing the hazards posed by the internet, and the most effective means of
confronting these threats is through training. There are significant resources that the
government must dedicate to safeguarding important data assets. Cyberlaw needs to
be updated to incorporate the latest legal and technological developments and to
address the challenges posed by the rapid development of technology.
3.5.2 Importance of Cyber Crime Laws
The following points can highlight the importance of cyber laws:
An important goal of any cyber law is to prosecute those who undertake illegal
activities using the internet. To effectively prosecute these types of crimes, such as
cyber abuse, assaults on other websites or individuals, theft of records, disrupting
every company’s online workflow, and other criminal activities, significant efforts
should be undertaken, and hence, which is where cyber laws come into the picture.
In the cases involving a violation of cyber law, the action is taken against the
individual on the basis of his location and how was he involved in that violation.
Prosecuting or retracting hackers is the most important thing since most cyber
crimes are beyond the reach of a felony, which is not a crime.
The use of the internet is also associated with security concerns and there are
even some malicious individuals who want to gain unauthorised access to the
computer device and commit fraud using it in the future. Hence, all rules and cyber
134
laws are designed to protect internet businesses and internet users from unwanted
unauthorized access and malicious cyber-attacks. There are a variety of ways in which
individuals or associations can take action against others who commit criminal acts or
break cyber laws.
3.5.3 Need for Cyber Crime Laws in India
Cyberlaw is of particular importance in countries such as India, where the

internet is used widely. In order to protect both individuals and organizations against
cyber crime, the law was enacted. The cyberlaw allows other people or organizations
to take legal action against someone if that person violates and breaks the provisions
of the law.
Cyberlaw may be required in the following circumstances:
114 Due to the fact that all the transactions associated with stocks are now
executed in demat format, anyone who is involved with these transactions is protected
by cyber law in the event of any fraudulent transactions.
Almost all Indian companies have electronic records. A company may need
this law to prevent the misuse of such data.
As a result of the rapid development of technology, various government forms

are being filled out electronically, such as income tax returns and service tax returns.
Anybody can misuse those forms by hacking government portal sites, and thus,
cyberlaw is required under which legal action can be taken.
Shopping today is done through credit cards and debit cards. Unfortunately,
some frauds perpetrated by means of the internet clone these credit cards and debit
cards. The cloning of a credit or debit card is a technique that allows someone to
obtain your information via the Internet. This can be prevented by cyberlaw as under
Section 66C of the IT Act, there is 3-year imprisonment along with a fine up to one
lakh rupees if anyone tries to make use of any electronic password fraudulently or
dishonestly.
114
https://www.vidhikarya.com › Cyber Crime and Cyber Law in India
135
CHAPTER IV
CYBER CRIME AND SECURITY
Cybersecurity can be defined as the collection of technologies, processes, and

practices that are intended to prevent networks, devices, programs, and data from
being attacked, damaged or accessed by unauthorized persons. Alternatively, cyber
security may also be referred to as information technology security.
115Several types of organizations, including government, military, corporations,

financial institutions, and medical facilities use computers and other devices to
process, store, and process extremely large amounts of data. Many of those records
contain sensitive data including intellectual property, financial information, personal
information, etc. for which unauthorized access or exposure could have negative
repercussions. There is a growing area of cyber security dedicated to protecting the
systems for processing and storing sensitive information that organizations send over
networks and to other devices. Thus, cybersecurity is the field dedicated to securing
this sensitive information as well as the systems by which such information is
transmitted or stored. With the number of cyber attacks and the sophistication of those
attacks moving up, companies and organizations, especially those that are tasked with
safeguarding sensitive data, (including attacks pertaining to national security, health
information, or financial information), there must be steps taken for ensuring the
security of their proprietary business and personnel data.
4.1 CYBER SECURITY STRATEGIES
116It is also extremely important for an organisation to develop and build an

effective cybersecurity strategy. The following must be included in cybersecurity
strategies:
115
https://probono-india.in/blog-detail.php?id=218
116
https://www.appknox.com/blog/cybersecurity-laws-in-india
136
4.1.1 Ecosystem:
117The ecosystem of an organisation needs to be strong in order to prevent

cyber crime. Generally, an organisation’s ecosystem has 3 components, i.e,
automation, interoperability, and authentication. By developing a safe and strong
system, the organisation would be likely to protect these components and could not be
attacked by malware, attrition, hacks, insider attacks, and equipment thefts.
4.1.2 Framework:
A framework for compliance with security standards is an assurity that can

help to ensure that these standards are adhered to. Updating infrastructure is made
possible as a result of this. Furthermore, it also facilitates collaboration between
governments and businesses.
4.1.3 Open standards:
118Enhanced security against cyber crime is a direct result of open standards.

Through open standards, both businesses and individuals can easily implement proper
security measures. These standards will also facilitate a greater level of economic
growth and a broader range of new technologies.
4.1.4 IT mechanisms:
A variety of IT measures or mechanisms are available that can be beneficial.

In the fight against cyber crime, it is essential to promote these measures and
mechanisms. End-to-end protection measures, association-based protection, link-
based protection, and data encryption are a few of the measures.
4.1.5 E-governance:
It is possible for the government to provide services online through e-

governance. E-governance, however, is not taken advantage of in many countries.
Cyberlaw should focus on advancing this technology to give citizens greater control.
117
https://www.meity.gov.in/content/cyber-laws
118
https://www.myadvo.in/blog/what-is-the-cyber-law-in-india/
137
4.1.6 Infrastructure:
119 As part of cybersecurity, protecting the infrastructure is one of the most

crucial steps. This applies especially to the electrical grid as well as data transmission
lines. Cyber crime is often perpetrated against outdated infrastructure.
4.2 DIFFERENCES BETWEEN CYBER CRIMES AND CYBER SECURITY
There is more to cybersecurity than just a set of guidelines and actions

designed to prevent cyber crime. Ultimately, cyber-security aims to prevent hackers
from finding and exploiting vulnerabilities in government and corporate networks,
and therefore to make life difficult for them to do so. By contrast, cyber crime,
compared to traditional crime, tends to focus more on preserving the privacy of
individuals and their families while engaging in online activities.
Here is a list of the differences between cyber security and cyber crime that
you should know about:
120 Types of crime: The type of crime in cyber security is defined by those
crimes in which a computer program, hardware, or computer network serves as the
main target of an attack if it is compromised. On the other hand, cyber crime is
concerned with a specific person or group of people, along with their data, as the main
targets.
Victims: Secondly, there are also differences in the types of victims in these
two fields. Governments and corporations are the primary targets in cyber security
while, in cyber crime, victims can range from individuals, families, organizations,
governments, and corporations.
Subject matter: Both of these fields are studied in different disciplines.

Information technology, computer science, and computer engineering are the fields
that cover cybersecurity.
119
https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
120
https://blog.ipleaders.in/cyber-crime-and-cyber-security-an-
overview/#Relation_between_Cyber_Crime_and_Cyber_Security
138
CHAPTER V
CONCLUSION AND SUGGESTIONS
With the advancement in technology, disturbing elements are appearing on the
dark web that is disturbing. The Internet has become a tool of evil deeds that are
exploited by intelligent people for evil motives and sometimes for financial gain.
Thus, at this point in time, cyber laws come into the picture and are important for
every citizen. Due to the fact that cyberspace is an extremely difficult territory to deal
with, some activities are classified as grey activities that cannot be governed by law.
121In India as well as across the globe, with the increasing reliance of humans
on technology, cyber laws need constant up-gradation and refinement to keep pace.
There has also been a significant increase in the number of remote workers as a
consequence of the pandemic, which has increased the need for application security.
There is a need for legislators to take extra precautions to keep ahead of the imposters
so that they can act against them as soon as they arise. It can be prevented if
lawmakers, internet providers, banks, shopping websites and other intercessors work
together. However, ultimately, it is up to the users to participate in the fight against
cyber crime. The only way for the growth of online safety and resilience to take place
is through the consideration of the actions of these stakeholders, ensuring they stay
within the confines of the law of cyberspace.
Suggestions
Be cautious with unsolicited emails, text messages and phone calls, especially
if they use a crisis to pressure you into bypassing the usual security procedures. The
attackers know that it is often easier to trick humans than to hack into a complex
system. Remember banks and other legal groups will never ask you to reveal
passwords.
121
http://people.exeter.ac.uk › boc › h... Cyber crime
139
Secure your home network. Change the default password for your Wi-Fi
network to a strong one. Limit the number of devices connected to your Wi-Fi
network and only allow trusted ones.
Strengthen your passwords. Remember to use long and complex passwords

that include numbers, letters and special characters.
Protect your equipment. Make sure you update all your systems and
applications and that you install an antivirus software and keep it up to date.
122 Family and guests. Your children and other family members can
accidentally erase or modify information, or even worse, accidentally infect your
device, so don’t let them use the devices you use for work.
turning on Multifactor Authentication
It goes by many names: Two Factor Authentication. Multifactor

Authentication. Two Step Factor Authentication. MFA. 2FA. They all mean the same
thing: opting-into an extra step when trusted websites and applications ask you to
confirm you’re really who you say you are.
Your bank, your social media network, your school, your workplace…. they
want to make sure you’re the one accessing your information.
So, industry is taking a step to double check. Instead of asking you for a
password – which can be reused, more easily cracked, or stolen. Update your software.
In fact, turn on automatic software updates if they're available.
Bad actors will exploit flaws in the system. Network defenders are working
hard to fix them as soon as they can, but their work relies on all of us updating our
software with their latest fixes.
Update the operating system on your mobile phones, tablets, and laptops. And
update your applications – especially the web browsers – on all your devices
122
https://us.norton.com › ... › protect yourself against cybercrime
140
too. Leverage automatic updates for all devices, applications, and operating
systems.
Think before you click
Have you ever seen a link that looks a little off? It looks like something
you’ve seen before, but it says you need to change or enter a password. Or maybe it
asks you to verify personal information. It could be a text message or even a phone
call. They may pretend to be your email service, your boss, your bank, a friend….
The message may claim it needs your information because you’ve been a victim of
cybercrime.
123 It’s likely a phishing scheme: a link or webpage that looks like
a legitimate, but it’s a trick designed by bad actors to have you reveal your passwords,
social security number, credit card numbers, or other sensitive information. Once they
have that information, they can use it on legitimate sites. And they may try to get you
to run malicious software, also known as malware. Sadly, we are more likely to fall
for phishing than we think.
If it’s a link you don’t recognize, trust your instincts and think before you
click. We all need to Phight the Phish!
123
https://securitytrails.com › blog › Protection against cyber crime
141
BIBLIOGRAPHY
BOOKS
 Dr. J. P. Mishra, An Introduction to Cyber Law, Central Law Publication,

2014
 Pavan Duggal, Cyber Law, Universal Law Publication, Second Edition
 Gagandeep Chander, Harish Kaur, Cyber Law and IT Protection, Second

Edition, 2022
 Dr.S.R.Myneni,Information Technology Law, Asia Law House Hyderabad,

Second Edition
 T. Viswanath, The Indian Cyber Law, Third Edition 2022
 Dr.Vishwanath Paranjape ,Cyber Crimes and Law, Central Law Agency 2019
 Dr. Bhagyashree A. Deshpande, Cyber Law, Central Law Publication, 2019
 Dr. Santhosh Kumar, Cyber Laws and Cyber Crimes, Whitemann Publication,
2020
 DR. Karnan Satyanarayana, Step by Step in Cyber Crimes Investigation,

Asian Law House, 2021
 Justice Yatindra Singh, Cyber Laws, Universal Law Publication Sixth Edition,
2016
WEBSITES
 https://blog.ipleaders.in/critical-analysis-cybercrime-
india/#Types_of_cybercrimes
 https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-
0c7ea947-ba98-3bd9-7184-430e1f860a44
142
 https://us.norton.com/internetsecurity-how-to-how-to-recognize-and-protect-
yourself-from-cybercrime.html
 https://www.kaspersky.co.in/resource-center/threats/what-is-cybercrime
 https://cybersecurity.att.com/blogs/security-essentials/how-to-avoid-
becoming-a-victim-of-cybercrime-5-tips
 https://blog.ipleaders.in/procedure-for-filing-cybercrime-complaint-in-india/
 https://blog.ipleaders.in Cyber crime laws
 https://www.legalserviceindia.com
 https://www.techtarget.com/searchsecurity/definition/
 https://www.britannica.com › topic Cybercrime | Definition, Statistics, &

Examples
 https://www.wefinder24.com/2023/01/nature-and-scope-of-cyber-crime.html
 https://deepakmiglani.com › Nature and Scope of Cyber Crime
 https://intellipaat.com/blog/what-is-cyber-law/%23:~:text%3DObjectives
 https://www.tutorialspoint.com › Cyber Law Objectives
 https://www.techtarget.com/definition/cybercrime
 https://www.kaspersky.com/resource-center/threats/what-is-cybercrime&ved
 https://www.jurist.org/commentary/2020/05/milind-rajratnam-combating-
child-pornography/
 https://www.justice.gov/criminal-ceos/child-pornography
 https://enough.org/stats_exploitation
 https://blog.ipleaders.in/child-pornography-reasons-impact-and-
regulation/#Impact_Of_Growing_Popularity_Of_Child_Pornography
143
 https://www.indiacode.nic.in/handle/123456789/2079?locale=en
 https://www.indiacode.nic.in/handle/123456789/2263?locale=en
 https://www.livelaw.in/columns/child-pornography-in-india-during-the-
lockdown-are-our-children-safe-158778
 https://www.mondaq.com/india/crime/989624/anti-cyber-bullying-laws-in-
india–an-analysis
 http://docs.manupatra.in/newsline/articles/Upload/FDF5EB3E-2BB1-44BB-
8F1D-9CA06D965AA9.pdf
 https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3554114
 https://www.myadvo.in/blog/the-virtual-reality-of-cyber-stalking-in-india/
 https://www.tripwire.com/state-of-security/security-awareness/what-
cyberstalking-prevent/
 https://www.kaspersky.co.in/resource-center/threats/how-to-avoid-
cyberstalking
 https://timesofindia.indiatimes.com/life-style/spotlight/beware-cyberstalking-
is-on-the-rise-during-the-pandemic/articleshow/81924158.cms
 https://www.thebetterindia.com/45671/stalking-india-women-complaint-
online/
 https://vidhisastras.com/cyber-stalking-in-india/
 http://docs.manupatra.in/newsline/articles/Upload/455C1055-C2B6-4839-
82AC-5AB08CBA7489.pdf
 https://www.indiaforensic.com/cyberstalking.htm
 https://www.latestlaws.com/articles/how-to-file-cyber-stalking-complaint-in-
india-by-buelah-pranathi-gollapudi/
144
 https://biometrica.com/icmec-online-grooming/
 www.nspcc.org.uk/preventing-abuse/child-abuse-and-neglect/grooming/.
 https://www.researchgate.net/publication/276525343_A_Study_of_Social_En
gineering_in_Online_Frauds/link/5ac93866aca272abdc60f032/download
 https://chargebacks911.com/chargebacks/
 https://timesofindia.indiatimes.com/city/chennai/job-fraud-victims-must-be-
made-liable-for-abetment/articleshow/68133501.cms
 https://indianexpress.com/article/technology/opinion-technology/7-steps-for-
recovering-money-if-you-become-victim-of-an-online-recruitment-scam/
 https://www.cagoldberglaw.com/5-steps-for-sextortion-victims/
 https://www.minclaw.com/internet-sextortion/
 https://www.lawyered.in/legal-disrupt/articles/laws-related-sextortion
 https://www.ili.ac.in/pdf/tsr.pdf
 https://bnwjournal.com/2021/02/23/sextortion-and-ways-to-tackle-it/
 https://lawtimesjournal.in/how-to-register-a-cyber-crime-complaint/
 https://www.comparitech.com/blog/information-security/what-is-sextortion-
examples/
 https://timesofindia.indiatimes.com/readersblog/cyberthoughts/sextortion-
29215/
 https://www.indiatoday.in/magazine/cover-story/story/20191111-the-digital-
trap-1614331-2019-11-01
 https://www.lawaudience.com/understanding-sextortion-revenge-porns-as-
new-face-of-cyber-crime-a-need-for-reform-in-indian-cyber-laws/
145
 https://ijlpp.com/online-gender-harassment-legal-framework-analysis-on-
revenge-porn-and-sextortion/
 https://www.minclaw.com/internet-sextortion
 https://www.indialawoffices.com/knowledge-centre/phishing-and-
cybersquatting
 https://cyberpandit.org/?article_post=phishing-scams-in-india-and-legal-
provisions
 https://www.cisco.com/c/en_in/products/security/email-security/what-is-
phishing.html
 https://outline.com/ktBLPP
 https://terranovasecurity.com › what...What is Vishing? | Examples &

Prevention
 https://www.cyber.gc.ca › what-vo...What is voice phishing (vishing)? -

ITSAP.00.102
 https://www.hdfcbank.com › securityHere are Vishing Attacks Safety Tips
 https://www.proofpoint.com › smi...What Is Smishing? Examples, Protection
 https://www.barracuda.com › smis...Smishing (SMS Phishing)
 https://www.infosecawareness.in › s...Smishing - Senior Citizen - ISEA
 https://www.ibm.com › topics › smi...What is Smishing (SMS Phishing)?
 https://digital.va.com › cyber-spotSmish, SMish! Don't get phished -

DigitalVA
 https://devgan.in/ipc/chapter_18.php#s471
 https://indiankanoon.org/doc/1569253/
146
 https://economictimes.indiatimes.com/wealth/spend/how-to-report-a-net-
banking-debit-or-credit-card-fraud/articleshow/66967421.cms?from=mdr
 https://economictimes.indiatimes.com/wealth/spend/how-to-report-a-net-
banking-debit-or-credit-card-fraud/articleshow/66967421.cms?from=mdr
 https://newsroom.mastercard.com/asia-pacific/2014/10/28/8-different-types-
card-fraud/
 https://brex.com/learn/fraud-security/who-is-liable-credit-card-fraud/
 https://www.nerdwallet.com/blog/credit-cards/credit-card-theft-fraud-serious-
crime-penalty/
 https://www.creditcards.com/credit-card-news/privacy-security-suite-tips.php
 https://www.indiatoday.in/technology/news/story/over-27-million-indian-
adults-experienced-identity-theft-in-the-past-12-months-says-norton-report-
1792553-2021-04-19
 https://www.news18.com/news/tech/identity-theft-the-biggest-cyber-security-
threat-in-india-2-7-crore-affected-in-2020-norton-3656822.html
 https://www.investopedia.com/terms/i/identitytheft.asp
 https://www.indiatoday.in/information/story/victim-of-identity-theft-ways-to-
know-if-someone-has-stolen-your-identity-1810383-2021-06-03
 https://blog.ipleaders.in/identity-theft-growing-threat-families/
 https://www.cyberralegalservices.com/detail-casestudies.php
 blog.ipleaders.in/how-to-prevent-cyber-crime
 https://www.legalservicesindia.com › ...Prevention of Cyber Crime - Legal

Services India
 https://www.myadvo.in › blog › cy...How to Prevent Cyber Crime in India?
147
 https://www.kaspersky.com Cybercrime Prevention & Cybercrime Security
 https://www.lawyered.in › articles Prevention of cyber crime
 https://infosecawareness.in › cyber-l...Cyber Laws of India
 https://www.tutorialspoint.com › cy...Cyber Laws in India
 https://www.legalserviceindia.com › ...The Law related to Cyber Crimes in

India
 https://www.geeksforgeeks.org › c...Cyber Laws (IT Law) in India
 https://taxguru.in › Overview of cyber Law in India
 https://www.vidhikarya.com › cyb...Cyber Crime and Cyber Law in India
 https://probono-india.in/blog-detail.php?id=218
 https://www.appknox.com/blog/cybersecurity-laws-in-india
 https://www.meity.gov.in/content/cyber-laws
 https://www.myadvo.in/blog/what-is-the-cyber-law-in-india/
 https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
 https://www.clearias.com/cybercrime/
 https://blog.ipleaders.in/cyber-crime-and-cyber-security-an-
overview/#Relation_between_Cyber_Crime_and_Cyber_Security
 https://digitalguardian.com/blog/what-cyber-security
 http://www.proind.in/blog/cyber-laws-in-india-and-information-technology-
act-all-you-need-to-know/
 http://people.exeter.ac.uk › boc › h... Cyber crime
 https://www.studocu.com › row cyber crime
148
 https://www.unodc.org › cybercrime
 https://practiceperfectemr.com recommendations
 https://us.norton.com › ... › protect yourself against cybercrime
 https://securitytrails.com › blog › ty...Protection against cyber crime
149
PART IV
WRITTEN TEST

Final Project Part3 and 4

Uploaded by

Copyright:

Available Formats

Final Project Part3 and 4

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Final Project Part3 and 4

Uploaded by

Copyright:

Available Formats

1rt2rtrtr3h4gg5hgf6gh7g8g9bhnghghnhjg10hj11hg12jghghfghfhf

Place: Parassala Faculty in charge

I wish to acknowledge my Gratitude to the Principal, Dr Bijoy M S Raj and my

1.2 DEFINITION AND MEANING

1.3 NATURE AND SCOPE OF THE STUDY

1.4 OBJECTIVES OF THE STUDY

1.5 RESEARCH HYPOTHESIS

1.6 RESEARCH METHODOLOGY

1.7 SCHEME OF STUDY

CHAPTER II OVERVIEW OF CYBER CRIMES AND

2.1 WHAT IS CYBER CRIME

2.2 TYPES OF CYBER CRIMES

2.2.1 Child Pornography or Child Sexually Abusive Material (CSAM):

2.2.1.2 Defining Child Pornography

2.2.1.3 Reasons of Increasing Child Pornography

2.2.1.5 Legislative Provisions Combating Child Pornography in India

2.2.1.6 Effect of COVID Lockdown on Child Pornography Market

2.2.2.2 Cyberbullying or Online Bullying

2.2.2.3 Legal Remedies

2.2.2.4 Procedure to Follow When You Are Bullied Online

2.2.2.5 Case Laws

2.2.3.2 Recent Cases of Cyberstalking in India

2.2.3.3 What is Cyberstalking?

2.2.3.4 What does Cyberstalking Includes?

2.2.3.5 Reasons for Cyberstalking

2.2.3.6 Kinds of Cyberstalking

2.2.3.7 Types of Cyberstalkers

2.2.3.8 What is the Procedure for Filing a Complaint?

2.2.3.10 Information Technology Act, 2000

2.2.4 Cyber Grooming:

2.2.4.2 Distorted Attachment

2.2.4.3 Adaptable Offenders

2.2.4.4 Hyper Sexual Offender

2.2.4.5 Prevention and Protection from Cyber Grooming

2.2.5 Online Job Fraud:

2.2.5.2 Types of Online Recruitment Fraud

2.2.5.3 How to Save Yourself from Recruitment Fraud

2.2.5.4 How to Report Fake Online Job Scam

2.2.6 Online Sextortion:

2.2.6.2 Definition of Sextortion

2.2.6.4 How to Lodge a Complaint Against Sextortion Offline

2.2.6.5 How to Lodge a Complaint Against Sextortion Online

2.2.6.6 Documents Required During Registration of a Complaint

2.2.6.7 Laws Governing Sextortion in India

2.2.6.8 The International Scenario on Sextortion

2.2.6.10 What to do if you have been Sextorted

2.2.7.2 Defining Phishing

2.2.7.3 How does Phishing Work?

2.2.7.4 How can a Person Recognize Phishing?

2.2.7.5 Different Techniques of Phishing

2.2.7.6 Major Factors for the Increase in Phishing Attacks

2.2.7.7 Provisions for Phishing Under the Indian Laws

2.2.8.2 Vishing is used to Attack Both Individual and Organization

2.2.8.3 What is Social Engineering

2.2.8.4 How to Recognize and Prevent Vishing

2.2.8.5 What is a Phishing Simulation

2.2.8.6 How can Phishing Simulation Help Prevent Vishing Attacks

2.2.9.3 What is Social Engineering

2.2.9.4 How to Prevent Smishing Attacks

2.2.9.5 How can Phishing Simulation Help Prevent Smishing Attacks