1

LAW REALTING TO CYBER SPACE AND E-COMMERCE

TOPIC: INTERNET FRAUD

SUBMITTED TO : SUBMITTD BY: KAMYA CHANDOK

DR. AMITA VERMA ROLL NO.: 1952

COURSE: LL.M (1 YEAR )

 2

ACKNOWLEDGEMENT

I have put my sincere efforts in this project. However, it would not have been possible
without the kind of support and help of many individuals. I would like to extend my sincere
thanks to all of them.

 I am highly indebted to Dr. Amita Verma for their guidance and constant supervision as well
as for providing necessary information regarding the project, also for your support in
completing this project. 

I would also like to express my gratitude towards my parents, my friends and my classmates
for their kind co-operation and encouragement which helped me in completion of this project.
My thanks and appreciations to all the department library staff for their constant cooperation.

KAMYA CHANDOK.
 3

TABLE OF CONTENTS

TOPIC PAGE NO.

⮚ INTRODUCTION 04

⮚ HISTORY 06

⮚ MEANING 07

⮚ AREAS OFINTERNET FRAUD 08

⮚ CAUSES OF INTERNET FRAUD 10

⮚ TYPES OF INTERNET FRAUD 11

⮚ RELEVANT ;EGISLATIONS 14

⮚ RECENT CYBER ATTACKS IN INDIA 17

⮚ CONCLUSION 19

⮚ BIBLIOGRAPHY 20
 4

INTRODUCTION

People, for their normal business need to communicate to one another, find information
globally and to do trading, e-commerce and buy & sell goods & services. Today the Internet,
have proved to be an unavoidable tool. Thus no wonder that the Internet is considered to be
one of the most useful tools. Earlier the basic three needs were defined as Food, Clothing and
Shelter but now internet adds to the list. Today we live in a modernized society that is
dependent on computers and the internet like the human body is dependent on its brain and
heart for ordinary daily function. The Internet is constantly developing, becoming a greater
power each day and it has affected our world in various negative and positive ways. The
internet serves as an important data base worldwide. It is the greatest source of information,
news, entertainment, education and even local and global interactions such as sales
transactions are performed through the internet making life so much easier and hustle free.
Internet access is no longer a luxury but is now a necessity. The Internet is also a great
resource, gateway to Information, for starting your own business which can be done online.
The Internet provides fast and inexpensive data transfer. It makes business sense to put the
Internet on practical use simply by a mouse click and to tryout and also earn an income or
just make life easier & more comfortable.

However, it is a fact that with all the advantages of the Internet a user can get, there are also
some disadvantages that come with it. Many business houses, now-a-days do their financial
dealings are made over the Internet. Shares are traded online. It can be easily estimated even
without any proof that thousands of crores or even more of Indian Rupees are being
exchanged online every day. These financial activities done by not so computer savvy on net
has given birth to a new breed of greed and generation of criminals. With the growth of e-
commerce, and with the tremendous money it involves, it is not surprising that comes with a
significant increase in the variety of fraudulent Web activities. Activities like Phishing,
 5

attacks like Pharming and other online scams involving the stealing of consumers’ digital
personal identities such as password and pin are on the rise.

Fraud is not a new phenomenon because it has always been around since human history. Its
definition and outcomes on victims have not changed. With the use of the Internet for
commercial purpose, the method of perpetration of fraudulent activities has evolved to
include online capabilities. Internet fraud is the use of Internet services or software with
Internet access to defraud victims or to otherwise take advantage of them. Internet crime
schemes steal millions of dollars each year from victims and continue to plague the Internet
through various methods.
The Internet has opened up a door for the development of a new criminal sector of fraud.
The scary aspect of this type of new fraud is that perpetrators can now use the anonymous
advantage of the Internet to cause harm. Since the Internet works on real time, a prospective
victim can be harmed much more easily and quickly. It is even possible for the criminal to
harm the same victim again and again because the fraudulent electronic transactions can be
repeatedly processed within a short period of time. Therefore, conventional wisdom requires
that a consumer be always cautious and knows what to watch out for when buying online.

In some instances, a picture of the product is sent in place of the actual product. Other times,
products are outright never sent after the bill is charged to credit card accounts. Victims are
left to deal with credit card companies for chargebacks.

Some Fraudsters market intangibles such as software downloads or documentation. Pricing

on such items is low in order to encourage a purchase perceived by the consumer as low risk
(in accordance with low cost.) Software download scams are frequently targeted at high-
population buying communities such as online gaming worlds. Wow stat hack is an example
of one such scam1.

In a nutshell, online fraud is any type of fraud scheme that uses one or more components of
the Internet to perpetuate a crime. Such means may include chat rooms, message boards, or
Websites. It is broadly defined as online fraud when an Internet component is used:

1. to present fraudulent solicitations to prospective victims,

2. to conduct fraudulent transactions, or

1 Koong, Kai and Liu, Lai and Wei, June ‘An Examination of Internet Fraud Occurrences’’ (2012)
 6

3. to transmit the proceeds of fraud to financial institutions or to others connected with the
scheme

HISTORY

Internet fraud began appearing in 1994 with the start of e-commerce. The first trend to be
seen was the use of “Famous Names” to commit the fraud. Using this method, the person
committing the fraud would use stolen credit cards with the popular celebrity of the time’s
name. This highly unsophisticated plan was only successful because the internet was new and
the possibility of fraud had not been considered. Eventually internet merchants implemented
rules to confirm the card user name. Following the “Famous Names” strategies were more
technical attacks in which hackers created card-generator applications that came with real
credit card numbers. Merchants had no way to see cross-merchant activity until the credit
card associations reported it. After 1996 fraudulent users went on the internet to test the status
of stolen credit cards.

By 1998, the internet was filled with e-commerce sites. Fraudsters began to set up “dummy”
merchant sites where they could harvest their own credit cards through their own site. Before
the charge-backs rolled in, they would shut the doors of the website and leave the country.
Soon a trend started of the mass theft of identities from the internet through information
provided online under the Freedom of Information Act. One of the counter-methods
merchants developed was the use of consumer accounts. The merchant would set up a
consumer account the first time the consumer made a purchase. Following the creation of the
new account, the merchant would perform a series of third-party checks to validate the
information provided by the consumer. As auction sites like eBay and uBid gained
popularity, new fraud methods arrived specifically targeting this new merchant community. 2

Auction fraud first appeared as the third highest category of online scam in 1997. Since
1998, it has consistently taken the number one place on the annual listings. Like auction
frauds, the sale of general merchandise first appeared in 1997 as the second highest type of

2 https://en.wikipedia.org/wiki/Internet_fraud_prevention, visited on 23/03/2020 at 4.00 p.m.

 7

online scam. It has held on to this ranking ever since. Like auction frauds, the sale of general
merchandise first appeared in 1997 as the second highest type of online scam. In sequential
order based on the average ranking over the five years, the other four categories
that have made the top 10 listing are(a) sales of Internet services, (b) sales of computer
equipment or software, (c) work-at-home, and(d) advance fee loan

MEANING

From computer viruses to Web site hacking and financial fraud, Internet crime became a
larger concern than ever in the 1990s and early 2000s. In one sense, this situation was less a
measure of growing pains than of the increasing importance of the Internet in daily life. More
users surfing the Web, greater business reliance upon e-mail, and the tremendous upsurge in
electronic commerce have raised financial stakes. A single virus outbreak in 1999 was
blamed for more than $80 million in damage, while Web site hacking in early 2000
purportedly cost hundreds of millions more. Adding new wrinkles were complaints about
rampant fraud on popular online auction sites.3
According to a U.S. Justice Department Web site devoted to the topic, Internet fraud refers to
any type of scheme in which one or more Internet elements are employed in order to put forth
"fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to
transmit the proceeds of fraud to financial institutions or to others connected with the
scheme."
Internet fraud means trying to trick or scam someone else using the Internet. This usually
means that the person who is being tricked loses money to the people scamming them.
Internet fraud can take place on computer programs such as chat rooms, e-mail, message
boards, or Web sites. Advertisements that pop up on the internet have a big risk of being
scams.
Internet fraud refers to fraud that is committed with the help of the internet. Online services
are used to conduct fraudulent solicitations, fraudulent transactions, and to transmit the
proceeds of fraud to financial institutions. Internet fraud can be committed in web sites, chat
rooms, e-mail, and message boards. Any application fraud that is committed with the help of

3 https://www.encyclopedia.com/science-and-technology/computers-and-electrical-engineering/computers-and-
computing/internet-fraud, visited on 23/03/2020at 4.00 p.m.
 8

internet will come within the purview of internet fraud. Advertisements that pop up on the
internet pose a risk of losing money in the form of scams4.

With the help of online services, a perpetrator of fraud can commit debit card fraud without
even having the possession of a debit card. Here, by using an internet facility and a debit
card, a perpetrator of fraud can make purchases until the entire account of the debit card
holder is drained out.

AREAS OF INTERNET FRAUD

The development of digital technologies and the World Wide Web engendered the securities
fraud on the Internet. The fraud on internet has become a serious issue with the advent of
technology. Some areas of the usage of the World web have an especially high potential of
implementation of fraudulent practices.

❖ SECURITIES FRAUD ON THE INTERNET:

The frauds of the first type describe the manipulation of stock prices on the Internet
market by an entity or person who changes the natural flow of demand and supply. This
involves scheme of an artificial inflation of the price in online descriptions, while the former
downplays the real price of the stock. It includes the placement of falsified data on the
Internet with the aim to gain money by manipulating the stakeholders’ actions. The
second type of the Internet securities fraud is based on a construction of specific websites.
The creators of such websites promote their product through unrealistically high profits
the stakeholders would receive. However, the product is actually non-existent and the
investments go directly onto the criminals’ account investments go directly onto the
criminals’ account. In some of such schemes, earlier investors receive some returns taken
from the subsequent contributors’ expenditures. This “system usually collapses” at some
point, when the later investors receive no returns. The illegal touting, on the other hand, is a
placement of false information online about an already existing company. 5In such scheme,
the perpetrators promote an enterprise’s product under a payment from this business. The
illegal part of this activity concerns their failure to disclose to the customers that their
“securities recommendations” are pre-paid.

4 https://definitions.uslegal.com/i/internet-fraud/, visited on 23/03/2020at 4.00 p.m.

5 Azhar Ushmani,’Internet Fraud Analysis’’ (2019).
 9

❖ FRAUD IN ELECTRONIC COMMERCE:

The term ecommerce fraud, also known as purchase fraud. It occurs when a fraudster
approaches a merchant and proposes a business transaction using fraudulent means such as a
stolen or fake credit card to pay for it. This leaves the merchant without payment for the sale
that was just made. Fraud has always been around in one form or another, so the concept
itself isn’t that new. It used to be limited to the physical stealing of a credit card. And
although this still happens, online fraud is far more popular now. With the rise of new
technologies, payment methods, and data processing systems, online store owners are
unwillingly opening their doors to new forms of fraud every day.6

❖ FRAUD DEPENDING ON THE INTERNET COMPANIES:

One of the areas of fraudulent information connected to the Internet companies is
advertisement. Many online enterprises place ads for profit to make revenue. It is maintained
that for the majority of such companies, advertisement is the only source of income. These
enterprises may be paid by the companies that place their ads on their pages according to the
number of people who visit these sites. However, the amount of visitors is hard to measure
because the individual hits don’t necessarily correspond to the number of real persons but the
number of links and graphic images. This manipulation of this data becomes an area of fraud
meant to increase the company’s income from advertisements. Other types of fraud that
endanger the Internet companies include the speculative stock promises. Some online-
based enterprises virtually have no profits other than from the advertisement placed on their
pages. However, due to the public interest in the new businesses these companies were
able to gain a large number of stockholders. This development was especially active in
the early new millennium due to the novelty of the Internet companies. Many of them
advertised their income wrongly by publishing fake reports of financial analysts to attract
stockholders. This data manipulation led to the inflated investor’s interest in the Internet
businesses and in the mass investment in this area of market.

6 https://www.printful.com/blog/the-basics-of-ecommerce-fraud-what-is-it-and-how-to-manage-it/, visited on
23/03/2020 at 5:00 p.m.
 10

CAUSES OF INTERNET FRUAD:

Cybercriminals always opt for an easy way to make big money. They target rich people or
rich organizations like banks, casinos and financial firms where a huge amount of money
flows daily and hack sensitive information. Catching such criminals is difficult. Hence, that
increases the number of cyber-crimes across the globe. Computers are vulnerable, so laws are
required to protect and safeguard them against cybercriminals. We could list the following
reasons for the vulnerability of computers:
▪ Easy to access – 
The problem behind safeguarding a computer system from unauthorized access is that there
are many possibilities of breach due to the complex technology. Hackers can steal access
codes, retina images, advanced voice recorders etc. that can fool biometric systems easily and
bypass firewalls can be utilized to get past many security systems7.
▪ Capacity to store data in comparatively small space – 
The computer has the unique characteristic of storing data in a very small space. This makes
it a lot easier for the people to steal data from any other storage and use it for own profit.
▪ Complex –
 The computers run on operating systems and these operating systems are programmed of
millions of codes. The human mind is imperfect, so they can do mistakes at any stage. The
cybercriminals take advantage of these gaps.
▪ Negligence – 
Negligence is one of the characteristics of human conduct. So, there may be a possibility that
protecting the computer system we may make any negligence which provides a cyber-
criminal the access and control over the computer system.
▪ Loss of evidence – 

7 https://krazytech.com/technical-papers/cyber-crime, Visited on 23/03/2020 at 5:00 p.m.

 11

The data related to the crime can be easily destroyed. So, Loss of evidence has become a very
common & obvious problem which paralyzes the system behind the investigation of cyber-
crime.

TYPES OF INTERNET FRAUD:

Cyber thieves can use the internet as a tool to rip off unsuspecting victims. Internet scams
come in many forms, including emails that attempt to trick you into handing out financial
information, pop-ups loaded with malware, and social media messages crafted to spark fake
romantic relationships. Cybercriminals may contact potential victims through personal or
work email accounts, social networking sites, dating apps, or other methods in attempts to
obtain financial or other valuable personal information. Many successful internet scams have
similar endings: Victims either lose their own money or fail to receive funds the fraudster
promised.

❖ EMAIL PHISHING

While cyber fraud takes many forms, it’s often done through email since that’s a ubiquitous
and cheap method of attack. As a result, one of the most common scamming examples is the
general phishing email. In this scam, you receive a message claiming to come from a
legitimate entity, such as your bank, email provider, or online retailer. The email lets you
know that the company has made some changes and needs you to confirm your information
to make sure everything is up-to-date. If you follow the link in these fishing emails, you’ll be
brought to a fraud site. While it might look like the real page, entering your credentials here
will send them right to scammers. For instance, you might be directed to a website that looks
legitimate, but was set up only to capture your information. The fraudulent emails are usually
written in an urgent tone. Often, they contain red flags such as misspellings, poor grammar,
making urgent demands with threats of financial consequences, and logos that don’t quite
look right.

❖ UNEXPECTED PRIZE SCAM:

This type of scam falls under the phishing category. The email may claim you’ve won a large
chunk of cash, a free trip to an exotic destination, or some other fantastic prize. In order to
claim your trip or winnings, the message will say, you only need to pay a few small fees.
After you pay those fees, you never hear from the organization again. Some travel scams may
send you to the destination, but they’ve hidden a lot of important expenses such as visa fees,
transportation costs, or meals.
 12

❖ TECH SUPPORT SCAMS:

One of the most concerning internet fraud cases in recent years is the onslaught of tech
support scams. In this scheme, someone calls you and pretends to be from Microsoft or a
computer security company. They convince you that your computer is infected with some
kind of malware and coax you into letting them remotely control your machine. From there,
they might cause actual damage to your system by stealing your data or installing ransom
ware. They’ll then try to sell you a worthless “security suite” or demand payment for their
“services,” getting upset if you refuse. This scam is easy to fall for if you get caught up in the
caller’s lies. But by being aware of it, you can know what you should do about tech support
scams in case you’re ever contacted with one.

❖ NIGERIAN 419 EMAIL SCAMS :

This is one of the oldest internet fraud examples in the book. Someone from a country (often
Nigeria, but not always) contacts you via email in broken English. They explain that a rich
person they know has died and the money has nowhere to go; if you can help them get the
funds out of the country, they’ll give you some as a reward. If you follow along, they’ll
continually ask you for money to cover various “expenses” associated with the fund
movement, until you realize they’ve been stealing from you all along. Due to their notoriety,
these types of emails usually go straight to the spam folder.

❖ SOCIAL MEDIA FRAUD :

Attackers have many ways to steal from you on social media, including taking your money.
One popular method is abusing your trust with your social media friends. For example, if
someone on your Facebook friend list has their account hacked; the attacker might contact
you through a Facebook Messenger. In many cases, they’ll send a video link with a
sensational message like “OMG, is it you in this video?” that tempts you to click on it. If you
do click, you’ll go to a dangerous site programmed to infect your computer with malware.
Other times, the scam is more personal. The hijacked account might send you a message
saying that they’re in trouble with the law, or need money to cover a hospital bill after a bad
accident. If you take this at face value, you’ll end up sending a thief—not your friend—
money.

❖ EXTORTION OR THREAT OR HITMAN SCAM:

In another type of scam, the cybercriminal may threaten to embarrass or injure you or a
family member unless a ransom is paid. The scammer may have gathered details about your
life from social media profiles, which could make the claim seem more legitimate or urgent.

❖ MALWARE AND RANSOMWARE SCAM:

For cybercriminals, the first step in several types of scams is installing malware — short for
“malicious software” — on a victim’s device. For instance, the perpetrator may send you a
 13

pop-up message for fake antivirus software, a link to a news article, or an email that looks
like it’s from your bank.
Clicking on the message or the embedded link triggers the installation of malware, which can
be designed to scan your device for personal and banking information, log your keystrokes,
lock you out of your device, access your webcam, or even destroy your files in the process.
Ransomware is a related form of malware that’s delivered through phishing emails. Once the
malware is installed on a device, the victim’s files are encrypted, and the cybercriminal
demands a ransom payment, typically in a virtual currency such as bitcoin.The criminal
promises to release the victim’s files once the money is received, but often that doesn’t
happen.

❖ ONLINE DATING (ROMANCE) SCAM:

As the Internet plays an important role in our social lives, with apps like Facebook or
Instagram we access every day, it’s inevitable to use apps to look for love as well. Online
dating apps are very popular these days and they are a great way to meet your future life
partners. A romance scam usually takes place on social dating networks, like Facebook, or by
sending a simple email to the potential target, and affects thousands of victims from all over
the world. Cybercriminals have abused this scamming method for years by using online
dating services8. They improved their approach just by testing the potential victims’
reactions.

❖ ECONOMIC SCAM:

Cybercriminals will lure you into believing you can make money easy and fast on the
internet. They’ll promise you non-existent jobs, including plans and methods of getting rich
quickly. It is a quite simple and effective approach, because it addresses a basic need for
money, especially when someone is in a difficult financial situation. Using various job types,
such as work-at-home scams, the victim is lured into giving away personal information and
financial data with the promise of a well-paid job that will bring lots of money in a very short
period of time.

❖ TRAVEL SCAM:

These scams are commonly used during hot summer months or before the short winter
vacations, for Christmas or New Year’s Day.

Here’s how it happens: you receive an email containing an amazing offer for an exceptional
and hard to refuse destination that expires in a short period of time which you can’t miss. If it
sounds too good to be true, it might look like a travel scam, so don’t fall for it. The problem
is that some of these offers actually hide some necessary costs until you pay for the initial
offer. Others just take your money without sending you anywhere.

❖ BANK LOAN OR CREDIT CARD SCAM:

8 https://us.norton.com/internetsecurity-online-scams-internet-scams.html, visited on 23/03/2020 at 8 :00 p.m.

 14

People can be easily scammed by “too good to be true” bank offers that might guarantee large
amounts of money and have already been pre-approved by the bank. Credit card fraud can be
authorised, where the genuine customer themselves processes a payment to another account
which is controlled by a criminal, or unauthorised, where the account holder does not provide
authorisation for the payment to proceed and the transaction is carried out by a third party.
People can be easily scammed by “too good to be true” bank offers that might guarantee large
amounts of money and have already been pre-approved by the bank. When a credit card is
lost or stolen, it may be used for illegal purchases until the holder notifies the issuing bank
and the bank puts a block on the account. Most banks have free 24-hour telephone numbers
to encourage prompt reporting9. Still, it is possible for a thief to make unauthorized purchases
on a card before the card is cancelled.

RELEVANT LEGISLATIONS:

❖ HACKING (i.e. unauthorized access):

● Section 43 of the IT Act, 2000 provides that if any person accesses a computer,
computer system or computer network without the permission of the owner, or
downloads, copies, extracts any data, computer data base or information from such
computer, computer system or computer network including information or data held or
stored in any removable storage medium; or causes disruption of any system; inter alia,
they will be liable to pay compensation to the affected person. The offence of hacking is
covered under the said act.

● Section 66 of the act provides that if any person dishonestly or fraudulently commits an
act mentioned in section 43 of the act, it will be punishable for an imprisonment of up to
three years or fine up to fine lakh rupees, or with both.

❖ DENIAL- OF – SERVICE ATTACKS:

● Denies or causes the denial of access to any person authorised to access any
computer, computer system or computer network by any means is punishable
under section 43(f) of the act, with an imprisonment of up to three years or fine up
to five lakh rupees, or both.

● Additionally, the crime of cyber terrorism under section 66F specifies that
whoever has an intent to threaten the unity, integrity , security or sovereignty of
India , or to strike terror among people, denies or causes denial of access to any
person authorized or access computer resource, will be punished with
imprisonment which may extend to imprisonment which may extend up to life.

❖ PHISHING :

9 https://www.makeuseof.com/tag/top-5-internet-fraud-scams-time/, visited on 23/03/2020 at 8:00 p.m.

 15

● Section 66 C of the IT Act, 2000 could be used to prosecute a person for phishing
attacks. It provides that Whoever, fraudulently or dishonestly make use of the
electronic signature, password or any other unique identification feature of any
other person, shall be punished with imprisonment of either description for a term
which may extend to three years and shall also be liable to fine with may extend to
rupees one lakh.

● Additionally, 66 D of the IT Act, 2000 provides that whoever, by means for any
communication device or computer resource cheats by personating, shall be
punished with imprisonment of either description for a term which may extend to
three years and shall also be liable to fine which may extend to one lakh rupees.

● Section 74 of the IT Act, 2000 provides that whoever knowingly creates,

publishes or otherwise makes available Electronic Signature Certificate for any
fraudulent or unlawful purpose shall be punished with imprisonment for a term
which may extend to two years, or with fine which may extend to one lakh rupees,
or with both. If any person knowingly creates, publishes or otherwise makes
available a Electronic Signature Certificate for any fraudulent or unlawful
purpose, he shall be punished with imprisonment up to two years, or with fine up
to one lakh rupees, or with both.

❖ INFECTION OF IT SYSTEM WITH MALWARE (INCLUDING

RANSOMWARE, SPYWARE, WORMS, TROJANS AND VIRUSES):

● Section 43 of IT Act, 2000 provides that if any person introduces any computer
contaminant or computer virus to a computer resources without the permission of
the owner will be liable to pay damages by ay of compensation to the person so
affected, and may also be punished with imprisonment for a term of up to three
years or a fine which may be up to five lakh rupees, or both.

❖ POSSESION OR USE OF HARDWARE OR SOFTWARE OR OTHER TOOLS

USED TO COMMIT CYBERCRIME (e.g. HACKING TOOLS):

● Mere possession of such tools is not criminalised specifically. However, Section

66-B of the IT Act, 2000 provides that whoever dishonestly received or retains
any stolen computer resource or communication device knowing or having reason
to believe the same to be stolen computer resource or communication device, shall
be punished with imprisonment of either description for a term which may extend
to three years or with fine which may extend to rupees one lakh or with both.

● Furthermore, any such tools to commit cybercrime shall be confiscated under

section 76 of the IT Act.

❖ IDENTITY THEFT OR IDENETITY FRAUD (e.g. IN CONNCETION WITH

ACCESS DEVICES ) :
 16

● Section 66C of the IT Act, 2000 provides that Whoever, fraudulently or

dishonestly make use of the electronic signature, password or any other unique
identification feature of any other person, shall be punished with imprisonment
of either description for a term which may extend to three years and shall also
be liable to fine with may extend to rupees one lakh.

● Section 419 of IPC, provides whoever cheats by personation shall be punished

with imprisonment of either description for a term which may extend to three
years, or with fine, or with both.

❖ ELECTRONIC THEFT(e.g. BREACH OF CONFIDENE BY A CURRENT OR

FORMER EMPLOYEE , OR CRIMINAL COPYRIGHT INFRINGEMENT):

● Section 72 of the IT Act, 2000 provides for breach of confidentiality and

privacy. It provides that if any person has secured access to any electronic
record, book, register, correspondence, information, document or other
material without the consent of the person concerned discloses such
electronic record, book, register, correspondence, information, document or
other material to any other person shall be punished with imprisonment for a
term which may extend to two years, or with fine which may extend to one
lakh rupees, or with both.

● Section 72A of the IT Act, 2000 provides that any person including an
intermediary who, while providing services under the terms of lawful
contract, has secured access to any material containing personal information
about another person, with the intent to cause or knowing that he is likely to
cause wrongful loss or wrongful gain discloses, without the consent of the
person concerned, or in breach of a lawful contract, such material to any
other person, shall be punished with imprisonment for a term which may
extend to three years, or with fine which may extend to five lakh rupees, or
with both10.

● Section 409 of IPC, provides punishment for imprisonment   for life, or with
imprisonment of either description for a term which may extend to ten years,
and shall also be liable to fine for criminal breach of trust by a public
servant or agent. Section 420 of IPC provides punishment for cheating states
that the person shall be punished with imprisonment of either description for
a term which may extend to seven years, and shall also be liable to fine.
Section 379 of IPC provides punishment for theft stating whoever commits
theft shall be punished with imprisonment of either description for a term
which may extend to three years, or with fine, or with both. All these
sections can e invoked in case of electronic theft.

10 Dr. Jyoti Rattan, Cyber laws & Information Technology,P.311, Bharat Law House Pvt. Ltd., New Delhi,
sixth edition, 2017
 17

● Section 63 of the Copyright Act, 1957 provides punishment for copyright

infringement leading to imprisonment for a period not less than six months
but up to three years, with fine not less than fifty thousand rupees but up to
two lakh rupees.

❖ ANY OTHER ACTIVITY THAT ADVERSLY AFFECTS OR THREATNES THE

SECURITY, INTEGRITY OR AVAIABLITY OF ANY IT SYSTEM,
INFRASTRUTURE, COMMUNICATION NETWORK, DEVICE OR DATA:

● Concealment or destruction of source code – Section 65 of IT Act, 2000

provides that whoever knowingly or intentionally conceals destroys any
computer source code when it is maintained by the law for the time being in
force, shall be punished for imprisonment of up to three years or fine which
may extend up to two lakh rupees, or both.

● Securing access or attempting to secure access to a protected system- Section

70 of the IT Act, 2000 authorises the government to declare a computer
resource as a protected system and prohibit it s access by general public.
Securing access or attempting to secure access to a protected system imposes
imprisonment of up to ten years with a fine11.

RECENT CYBER ATTACKS IN INDIA:

❖ ATM System Hacked in Kolkata: In July 2018 fraudsters hacked into Canara bank
ATM servers and wiped off almost 20 lakh rupees from different bank accounts. The
number of victims was over 50 and it was believed that they were holding the account
details of more than 300 ATM users across India. The hackers used skimming devices on
ATMs to steal the information of debit cardholders and made a minimum transaction
of INR 10,000 and the maximum of INR 40,000 per account. On 5 August 2018, two men
were arrested in New Delhi who was working with an international gang that uses
skimming activities to extract the details of the bank account.

❖ LEAKED DATA EXPOSED FROM JUSTDIAL DATABASE : An unprotected API

end was the issue in this incident. Justdial one of India’s leading local search platform let
a loose end which exposed all of their user data who accessed their services through the
web, mobile, and their phone number. Leaked data includes name, email, number, address
gender, etc. the shocking part according to reports is that since 2015 the API has been
exposed like this.

❖ UIDAI Aadhaar Software Hacked: 2018 started with a massive data breach of personal
records of 1.1 Billion Indian Aadhaar cardholders. UIDAI revealed that around 210
Indian Government websites had leaked Aadhaar details of people online. Data leaked

11 https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/india, Visited on 23/03/2020 at 9:00

p.m.
 18

included Aadhaar, PAN and mobile numbers, bank account numbers, IFSC codes and
mostly every personal information of all individual cardholders. If it wasn’t enough
shocking, anonymous sellers were selling Aadhaar information of any person for Rs.500
over Whatsapp. Also, one could get any person’s Aadhaar car printout by paying an extra
amount of Rs.300. 

❖ Hack Attack on Indian Healthcare Websites: Indian-based healthcare websites became

a victim of cyber-attack recently in 2019. As stated by US-based cyber-security firms,
hackers broke in and invaded a leading India-based healthcare website. The hacker stole
68 lakh records of patients as well as doctors. 
❖ Cosmos Bank Cyber-Attack in Pune: A recent cyber-attack in India 2018 was
deployed on Cosmos Bank in Pune. This daring attack shook the whole banking sector of
India when hackers siphoned off Rs.94.42 crore from Cosmos Cooperative Bank Ltd. in
Pune12. Hackers hacked into the bank’s ATM server and took details of many visas and
rupee debit cardholders. Money was wiped off while hacker gangs from around 28
countries immediately withdrew the amount as soon as they were informed. 
❖ Bazee.com case: 7 CEO of Bazee.com was arrested in December 2004 because a CD
with objectionable material was being sold on the website. The CD was also being sold
in the markets in Delhi. The Mumbai city police and the Delhi Police got into action. The
CEO was later released on bail. This opened up the question as to what kind of
distinction do we draw between Internet Service Provider and Content Provider. The
burden rests on the accused that he was the Service Provider and not the Content
Provider. It also raises a lot of issues regarding how the police should handle the cyber
crime cases and a lot of education is required.
❖ PARLIAMENT ATTACK CASE: Bureau of Police Research and Development at
Hyderabad had handled some of the top cyber cases, including analysing and retrieving
information from the laptop recovered from terrorist, who attacked Parliament. The
laptop which was seized from the two terrorists, who were gunned down when
Parliament was under siege on December 13 2001, was sent to Computer Forensics
Division of BPRD after computer experts at Delhi failed to trace much out of its
contents. The laptop contained several evidences that confirmed of the two terrorists’
motives, namely the sticker of the Ministry of Home that they had made on the laptop
and pasted on their ambassador car to gain entry into Parliament House and the the fake
ID card that one of the two terrorists was carrying with a Government of India emblem
and seal. The emblems (of the three lions) were carefully scanned and the seal was also
craftly made along with residential address of Jammu and Kashmir. But careful detection
proved that it was all forged and made on the laptop.
❖ SONY.SAMBANDH.COM CASE: Sony India Private Limited operated a website
enabling the NRIs to send Sony products to their friends/ relatives in India after paying
for it online. An individual gained access to the credit card number of American national
and ordered products by using her identity. He was convicted u/s. 419 of IPC.

12 https://www.testbytes.net/blog/cyber-attacks-on-india/, Visited on 23/03/2020 at 9.00 p.m.

 19

❖ Nasscom vs. Ajay Sood & Others13, in this case Delhi High Court declared ‘phishing’ on
the internet to be an illegal act, entailing an injunction and recovery of damage. The
plaintiff in this case was the National Association of Software and Service Companies
(Nasscom), India’s premier software association. The defendants were operating a
placement agency involved in head-hunting and recruitment. In order to obtain personal
data, which they could use for purposes of headhunting, the defendants composed and
sent e-mails to third parties in the name of Nasscom. The high court recognised the
trademark rights of the plaintiff and passed an ex-parte and interim injunction restraining
the defendants from using the trade name or any other name deceptively similar to
Nasscom. The court further restrained the defendants from holding themselves out as
being associates or a part of Nasscom. The court appointed a commission to conduct a
search at the defendants’ premises. Two hard disks of the computers from which the
fraudulent e-mails were sent by the defendants to various parties were taken into custody
by the local commissioner appointed by the court. The offending e-mails were then
downloaded from the hard disks and presented as evidence in court. During the progress
of the case, it became clear that the defendants in whose names the offending e-mails
were sent were fictitious identities created by an employee on defendants’ instructions, to
avoid recognition and legal action. On discovery of this fraudulent act, the fictitious
names were deleted from the array of parties as defendants in the case. Subsequently, the
defendants admitted their illegal acts and the parties settled the matter through the
recording of a compromise in the suit proceedings paying a sum of Rs1.6 million to the
plaintiff as damages for violation of the plaintiff’s trademark rights. The court also
ordered the hard disks seized from the defendants’ premises to be handed over to the
plaintiff who would be the owner of the hard disks.

CONCLUSION:

The dangers of the Internet usage are great due to the variety of ways, in which the
information placed online can be manipulated. These data is subject to security frauds that
have several types of information misuse. The manipulation of data in electronic commerce
is another important area of the Internet-related fraud. All these areas of online fraud demand
new preventive measures, such as legislative reforms, effective data coding and fraud
prevention strategies.
Various measures can be taken, to prevent frauds over internet like keeping your personal
information secure; do not give out any information regarding your savings, checking, credit,
or other financial accounts. Guarding the Social Security number especially carefully. This is
the single most important item sought by many types of fraudsters. They can use it to wreak
financial havoc that will be very difficult and time-consuming for you to repair. Don’t give
this number out unless it is absolutely necessary; e.g., needed for application for major credit
or a mortgage but not for sales of merchandise or services. Deal only with legitimate,
reputable companies and individuals. Take time to thoroughly investigate the other party
involved in your transaction. Use a search engine to find out what’s already known about a

13 119 (2005) DLT 596

 20

business or individual. Don’t be fooled by fancy websites, which can disappear quickly. Buy
direct. Purchase name brand items only from the companies who make them or have
appropriate licenses to sell them. Low-priced new name brand products may actually be
counterfeits. Obtain and verify addresses and phone numbers. Verify email addresses and be
wary of those that could have been obtained without providing traceable information such as
a credit card number. Learn how online auctions work before you bid or sell. Clearly
understand the details of an online sale or purchase. Make sure you are familiar with how and
where payment is to be made, when delivery of the item is to be expected, all the additional
costs involved in a transaction, return and refund policies. Don’t buy anything promoted in a
spam email.
If you are a victim of the fraud file the cyber crime complaint with all the necessary
particulars, to the Head of the Cyber Crime Cell of the city where you are filing the cyber
crime complaint.  In case you are a victim of online harassment, a legal counsel can be
approached to assist you with reporting it to the police station. If you do not have access to
any of the cyber cells in India, you can file a First Information Report (FIR) at the local
police station. In case your complaint is not accepted there, you can approach
the Commissioner or the city’s Judicial Magistrate.
BIBLIOGRAPHY

❖ STATUTES REFFERRED :
⮚ Indian Penal code, 1860
⮚ Information Technology Act, 2010

❖ BOOKS REFFERED :
⮚ Dr. Jyoti Rattan, Cyber laws & Information Technology, Bharat Law House Pvt. Ltd.,
New Delhi, sixth edition, 2017

❖ RESEARCH PAPERS REFFERED:

⮚ Azhar Ushmani,’Internet Fraud Analysis’’ (2019).
⮚ Koong, Kai and Liu, Lai and Wei, June ‘An Examination of Internet Fraud Occurrences’’
(2012).

WEBLIOGRAPHY:

⮚ https://definitions.uslegal.com/i/internet-fraud/
⮚ https://en.wikipedia.org/wiki/Internet_fraud_prevention
⮚ https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/india
⮚ https://krazytech.com/technical-papers/cyber-crime
 21

⮚ https://us.norton.com/internetsecurity-online-scams-internet-scams.html
⮚ https://www.encyclopedia.com/science-and-technology/computers-and-electrical
engineering/computers-and-computing/internet-fraud
⮚ https://www.makeuseof.com/tag/top-5-internet-fraud-scams-time/
⮚ https://www.printful.com/blog/the-basics-of-ecommerce-fraud-what-is-it-and-how-to-
manage-it/
⮚ https://www.testbytes.net/blog/cyber-attacks-on-india/