We are now into a magical world where everything is done in finger tips. What was impossible by sitting at home before fifty years is now possible by sitting near a laptop for an hour. Even when we have the most soothing experience with cyber world in carrying out your day today activities, at the same time you are prone to some of the negative impacts of it. There are various types of crimes committed in the cyber world which are called “cyber crimes”. It may be a case where your money is stolen or sometimes your identity too. One of such most dangerous and alarming negative impact is “Phishing”. Phishing is a form of online identity theft that steals consumers' personal identity data and financial account credentials. “Phishing” is derived from the word “fishing”. Phishing makes use of spoofed emails that are made to look authentic and purported to be coming from legitimate sources like financial institutions, ecommerce sites etc., to lure users to visit fraudulent websites through links provided in the phishing email. The fraudulent websites are designed exactly to look like a real company webpage and fraudsters thus lie on lurch for the right time.
Phishing has been so often nowadays that even, the Oxford English Dictionary added "Phishing" to its latest publication making it a definitive word of English Language. It defines "Phishing" as: "Phishing noun: the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, online."
For example, if your bank’s actual internet presence is on the URL www.bankeratnear.com, the fraudsters would create a webpage in the fashion www.bankeratnear.net or www.bankeratnear.org etc. The innocent masses who think these fraudulent websites to be true, share their valuable information like account number, credit card details with them who misuse them and misappropriate money.
Now the recent trend of phishing is called “Vishing” in which somebody calls you or you are asked to dial a number of their “customer service” and a hijacked phone line then connects the caller to a phone which appears to be that of original banks phone. Here the caller is asked to give their card number and other details by pressing their key in the phone by the Interactive Voice Response Mechanism. These tones are then captured and converted into information which is used by the criminals to make internet purchases and fraudulent transactions which are billed in your card number which you gave them via phone. Thus the crimes committed in cyber world are transforming into a very dangerous one from that of the casual crimes in cyber world which were committed few years back for mere fun.
Even when it is a new concept in India which was unheard before three or four years back but now there are innocent masses who fall prey to this fraudulent practice daily. India is holding one of the top ranks in hosting phishing websites. With so many software companies, a greater awareness needs to be created in India about phishing attacks. But combating this crime with some provisions of existing Indian Penal Code is possible but at the same time when Indian Penal Code was drafted before a century, legislature could not have the imagined the future existence of a computer. And so there is much informality involved in making the new world crimes to fit into the crimes like cheating and criminal breach of trust which are punishable by IPC. But it is not so in the case of Information Technology Act 2000. Some of the provisions of Information Technology Act 2000 which penalizes personal data theft, spoofing and Identity theft are Sections 43, 65 and 66.
Sections 43 of the Information Technology act provides for a penalty for damage to computer, computer systems etc by retrieving information or disrupting information or denying the access shall be liable to pay damages not exceeding one crore rupees. Section 65 provides with tampering of computer source code documents and provides for a punishment with imprisonment upto three years, or with fine which may extend to two lakh rupees. This Information technology act also tried to penalize this type of Phishing crimes through Section 66 of the Act which says when the hacker use false and fraudulent websites to lure the victim to disclose his personal information and take control of the internet account with the intention to cheat him by deleting or altering any information/data residing in bank server electronically (for example; changing the email of the customer with this own) the offender commits the offence of hacking which is punishable u/s 66 IT Act, 2000. The Section 66 of the IT Act defines hacking activity; it takes hacking activity exclusively associated with the computer resource.
The essentials of hacking are:-
(a) Whoever
(b) Intention or knowledge
(c) Causing wrongful loss or damage to the public or any person
(d) Destroying or altering any information residing in a computer resource
Or diminishes its value or utility or affects it injuriously by any means.
Thus, the account of the victim is compromised by the hacker which is not possible unless & until he effects some changes by way of deletion or alteration of information/data electronically in the account of the victim residing in the bank server. Thus, this act of phishing is squarely covered and punishable u/s 66 IT Act.
In a landmark judgment in the case of National Association of Software and Service Companies vs. Ajay Sood & Others, delivered in March, ‘05, the Delhi High Court declared `phishing’ on the internet to be an illegal act, entailing an injunction and recovery of damages. The concept of ‘phishing’ was considered in detail by the High Court in order to lay down a precedent in India. The court reiterated that phishing is a form of internet fraud where a person pretends to be a legitimate association, such as a bank or an insurance company in order to extract personal data from a customer such as access codes, passwords, etc. Personal data so collected by misrepresenting the identity of the legitimate party is commonly used for the collecting party’s advantage. Court also quoted an example, that typical phishing scams involve persons who pretend to represent online banks and siphon cash from e-banking accounts after conning consumers into handing over confidential banking details. The Delhi High Court categorically stated that even though there is no specific legislation in India to penalise phishing, it termed phishing to be an illegal act by defining it under Indian law as “a misrepresentation made in the course of trade leading to confusion as to the source and origin of the e-mail causing immense harm not only to the consumer but even to the person whose name, identity or password is misused.”
The IT Act, 2000 has extra-territorial jurisdiction and it applies to any person of any nationality anywhere in the world provided the impacted computer is physically located in India. But the reality is that the Indian law is still not applicable to people outside the territorial boundaries. Therefore, it is a major loophole in the law and there is no protection against phishing if the computer is physically located outside India. So the IT Act, 2000 has to be amended by including a specific definition of Phishing to protect cyber world from this type of crimes and a international machinery should be established so as to combat phishing across borders.
However it is true that in most of cyber crimes including phishing the criminals are succeeding in their activity and due to the uninformed, gullible customers who without knowing that they are being trapped unwittingly pass on the information asked for by the fraudster. Therefore, the awareness regarding cyber crimes among the masses and educating them to the extent possible is the only key to fight the menace of the "Phishing". The law enforcement agencies, the legislature, the industry should come together and coordinate in their fight against the menace of the Phishing to save the innocent masses.
Note: This article is not written or conceived by me. I found it good and important information tobe shared with people as many as possible . this is originally written by