A case study on the new face digital bank scams with special reference to the ICICI

Bank Phishing Case.

Our modern society entrusts banks with their money. Bank is everywhere, people now dont
travel with cash, they just carry a bank issued shopping cards for day to day monetary
transactions. This new banking system has gained an impetus with the growth of e-commerce.
Such large number of cashless transactions have caught the attention of scammers and now these
scammers have found a loophole in the form of digital bank scams to gain access and embezzle
money from the bank accounts of common people. These Cyber Criminals affected the online
businesses and individuals all over the world. Internet Websites and services allows users to
easily pay bills, make reservation, hotel booking and even work. And these actions can be done
on any part of the world. There were no boundaries and limitation of standing in a queue to do
things. Just some thumb press in your smartphone and the work is done. This new era of
technology has made life so much easier. So is the case for cybercrime. Criminal Minds can
reach into our private lives, our homes and work offices by the help of growing technology, thus
cause harm to the individuals and there is little we can do about it. Some of the most common
ways of one becoming vulnerable to these phishing scams is when one shop online, checks mail
or access social media networks.
Phishing is the new internet age crime, born out of technological advances in internet age. It is
characterized by fraudulently acquiring sensitive information such as passwords, usernames,
login IDs, PAN card number, and credit and debit card details by disguising as a reliable person
in an official electronic communication such as URL links or email or an instant message. A
recent spurt in phishing attacks has been acknowledged particularly in India. Unawareness in
public, unawareness of policy and Technological Sophistication are the major factors which led
to phishing scams in India.
Phishing attempts had been carried out against ICICI Bank, UTI Bank, HDFC Bank, etc. which
were operated with the same modus operandi. It was reported that a large number of customers
of these banks had received emails, which have falsely been misrepresented to have been

originated from their bank. The recipients of the mails were told to update their bank account
information on some pretext. These emails included a hyperlink with-in the email itself and a
click to that link took recipients to a web page, which was identical to their banks web page.
Some of the unsuspecting recipients responded to these mails and gave their login information
and passwords. Later on, through internet banking and by using the information so collected a
large number of illegal/fraudulent transactions took place.1
Phishing fraud is an online fraud in which fraudsters disguises an individual and traces their
personal data and other valuable information. Thus, essentially it is a cybercrime and Information
Technology Act 2000, as amended in 2008 has attracted many legal provisions to deal with the
phishing activity.
Section 66: The account of the victim is compromised by the phisher which is not possible
unless & until the fraudster fraudulently effects some changes by way of deletion or alteration of
information/data electronically in the account of the victim residing in the bank server. Thus, this
act is squarely covered and punishable u/s 66 IT Act.
Section 66A: The disguised email containing the fake link of the bank or organization is used to
deceive or to mislead the recipient about the origin of such email and thus, it clearly attracts the
provisions of Section 66A IT Act, 2000.
Section 66C: In the phishing email, the fraudster disguises himself as the real banker and uses
the unique identifying feature of the bank or organization say Logo, trademark etc. and thus,
clearly attracts the provision of Section 66C IT Act, 2000.
Section 66D: The fraudsters through the use of the phishing email containing the link to the fake
website of the bank or organizations personates the Bank or financial institutions to cheat upon
the innocent persons, thus the offence under Section 66D too is attracted.2

1 http://www.merinews.com/article/phishing-scams-in-india-and-legal-provisionspart-2/15846107.shtml
2 http://www.tifrh.res.in/tcis/events/facilities/IT_act_2008.pdf

ICICI BANK PHISHING CASE

In the present case, the accused illegally transferred Rs.3,39,950/- from the complainants bank
account. The victim filed the case against the unknown person and the ICICI Bank. The
adjudication officer in this case directed the bank to pay the damages to the tune of Rs.3lakh. On
detailed investigation, it was revealed that the police were incompetent in their investigation and
had tried to settle the matter without filing an FIR. Bank was also found equally negligible as
they failed to maintain their (KYC) Know Your Customer norms as laid by RBI and because of
that the accused was able to withdraw the money from two different ICICI bank accounts by way
of cheques and ATM transactions. When the credentials of the bank accounts have been looked
in, the opening application was found to be incomplete and IDs submitted for the verification
were grossly inconsistent, carrying two different photos. Thus, negligence has been shown by the
bank and the whole offence could have been avoided if the bank simply follows the KYC norms
as laid by the RBI.
Taking all the facts into consideration, the presiding officer of the case decided that bank is liable
to pay the amount.
Digital Bank Scams is the new major concern in the present e-commerce environment and it will
continue to operate because of the lack of awareness among the internet users who are new to the
Internet world. Therefore, the awareness and customer education is the key here to fight the
menace of the Phishing apart from mitigating or preventative measures. It is never safe to
disclose yours IDs and passwords over the phone or e-mail to anyone no matter what the
situation is and one should also regularly update the same.