I may not be far off the mark to say that every single user of a computer or mobile phone may be a victim of “phishing”. Even if they did not fall prey, they would certainly have received a phishing message, through which Criminals try to illegally obtain banking details and use the same to siphon out money from the accounts of unsuspecting victims.
These crimes continue unabated despite extensive awareness campaigns. The messages and the manner of completing this crime keeps evolving faster than the awareness of these crimes amongst public.
Fear is the key nowadays for these crimes, where earlier modus was to use greed. From the Nigerian Prince bequeathing a fortune that needs some money to be transferred for administrative purposes or someone allegedly winning a lottery, it is now fear of income tax not being paid and “Indian Income Tax Department” debiting bank accounts automatically; to freezing of bank accounts or payment wallets if KYC (Know your customer) details are not filled. These are just some modus used by Criminals to siphon out banking details and to then clean out accounts of their balance.
In 2019, several fake emails purportedly sent by the “Indian Income Tax Department” containing malware were circulated and when unsuspecting users clicked on it their computers were compromised and financial data siphoned out (https://www.financialexpress.com/money/income-tax/beware-of-phishing-income-tax-dept-alerts-taxpayers-of-fake-itr-mails-messages-sent-by-fraudsters/1699278/) .
The malware in these fake emails were in the form of attachments or instructions to download a malicious file using a link from a fraudulent domain.
Some of the fraud emails contained subject line such as:
“Important: Income Tax Outstanding Statements A.Y 2017-2018”; “Income Tax Statement XML PAN XXX895X.pif”; “Income Tax Statment XML.img”., etc.
With the present status of the global pandemic of COVID-19 there have been an increasing number of cybercrimes. With people restricted to their homes during the pandemic one is left with no choice but to rely on computers and the internet and culprits online seem to be taking advantage of this situation. Apart from online shopping frauds, developments such as loan moratorium notices from the Reserve Bank of India (RBI) during the COVID19 lockdown (RBI Circular Ref: RBI/2019-20/186 DOR.No.BP.BC.47/21.04.048/2019-20 dated March 27, 2020), have been misused by Criminals to defraud victims.
Despite banks and financial institutions having issued warnings to customers not to fall prey to such scams and to protect their personal banking information many have unfortunately still been targets of the same.
Another online scam, which is most prevalent during the lockdown, are phishing email seeking donations to help those affected by the pandemic. Earlier such instances were of friends or family being stuck outside India and having lost their wallets, passports etc., and seeking financial help. Many fell prey to such frauds.
In such instances it is important to identify suspicious emails, especially those received from unknown senders. In the event that the mails may still “appear to be genuine” like the above case, it is expedient to check with the persons concerned before monies are transferred. Safety and basic precautions will, in most instances protect against fraud.
The defrauded amount may be small or large but it is important to initiate legal action so that others are also not victimized. Apart from the Criminal provisions under the Indian Penal Code, 1860 (“IPC”) and the Information Technology Act, 2000 (as amended) (“IT Act”), victims may also seek civil remedies for redress including under the IT Act.
Theft of money punishable under S.380 IPC; Cheating punishable under S.420 IPC; Cheating by impersonation either under IPC (S.416 IPC) or IT Act (S.66D IT Act); identity theft under S.66C IT Act, are some remedies available in such cases. Depending on the facts of the case the applicable provisions may be invoked.
Victims can also seek Legal remedies against such scams, including by seeking remedies before the Adjudicating Officer, in proceedings under Section 46 of the Information Technology Act, 2000 (as amended) (“IT Act”).
Proceedings before the Adjudicating Officer have been quite successful for victims of phishing / vishing frauds, especially where there has been a breach of sensitive personal / financial information of victim from the bank or organisation. This remedy however has not been utilized to its full potential.
The Reserve Bank of India (“RBI”) has issued circulars with respect to the liability of banks and payment systems, in cases of financial frauds. Whilst earlier circulars placed most of this onus on banks, the RBI circular of 2017 created two broad categories of liability.
There are also advisories issued to Banks to create awareness amongst customers of these financial fraud trends of cybercrimes. These advisories state that RBI should review its circulars to ensure clarity with respect to the liability of banks and customers.
Victims should therefore seek legal remedies to protect their interests and rights and also to ensure that others are not victimised further by such miscreants.
File your complaint online on cybercrime.gov.in ; Seek justice and ensure that criminals do not harm you or others. Be A Cyber Saathi!
“The website and modules therein contain details of different kinds of cybercrimes and violations and some of such content or material on Cyber Saathi may contain language or details which may not be explicit / sensitive in nature and may not be appropriate for Users below the age of 18 years. For users below18 years of age, parental consent and guidance is mandatory. Parents are advised to review content in advance. “