Corporate Social Responsibility (CSR) Project on

“A STUDY TO UNDERSTAND AND PREVENT CYBERCRIMES:

CASE STUDY”

Submitted in partial fulfilment for award of the degree of

Masters of Management Studies (MMS)

(under University of Mumbai)

Submitted By

Sahil Shamim Shaikh

(Roll. No. 31581864)

Under the guidance of

Prof. SURBHI BHOIR

2018-2020

Pramod Ram Ujagar Tiwari

Saket Institute of Management

 CERTIFICATE

This is to certify that project titled titled ““A Study to Understand And Prevent Cybercrimes :Case Study
” is successfully completed by Mr. Sahil Shamim Shaikh during the IV semester, in partial fulfilment of
the Masters Degree in Management Studies recognised by University of Mumbai for the Academic Year
2019-2020 through Pramod Ram Ujagar Tiwari Saket Institute of Management.

This project is original and not submitted earlier for award of any degree, diploma or associateship of any
other university or institute.

Name: Prof. Surbhi Bhoir

Date: (Signature of the Guide)

 DECLARATION

I hereby declare that this Project Report submitted by me to Pramod Ram Ujagar Tiwari Saket Institute of
Management is a bonafide work undertaken by me and it is not submitted to any other University or
Institution for award of any degree, diploma/certificate or published any time before.

Name: Sahil Shamim Shaikh

Roll. No. : 31581864 (Signature of the Student)

 Acknowledgements

The success and final outcome of this project required a lot of guidance and assistance from many people
and I am extremely privileged to have got this all along the completion of my project. All that I have done
is only due to such supervision and assistance and I would not forget to thank them.

I respect and thank Mr Saket Tiwari , for providing me an opportunity to do the project work in Saket
Gyanpeeth and giving me all support and guidance which made me complete the project duly. I am
extremely thankful to him for providing such a nice support and guidance, although he had busy schedule
managing the corporate affairs. I also thank Mrs. Shobha Nair the C.E.O of Saket Gyanpeeth.

I owe my deep gratitude to my project guide Prof. Surbhi Bhoir, who took keen interest on our project
work and guided me all along, till the completion of our project work by providing all the necessary
information.

I am thankful to and fortunate enough to get constant encouragement, support and guidance from all
Teaching staff and DR. Sanoj Kumar of Pramod Ram Ujagar Tiwari Saket Institute of Management who
helped me in successfully completing my project work.
 Table of Contents

Chapter Headings Page No.

Number
1 Introduction 1
2 Review of Literature 3
3 Methodology 33
4 Results 68
5 Discussion 69
6 Conclusion 70
7 Bibliography/References 71
8 Appendices 72

INTRODUCTION
Cyber crime is like traditional crime; cybercrime can take many shapes and can occur nearly anytime or
anyplace. Criminals committing cybercrime use a number of methods, depending on their skill-set and
their goal. This should not be surprising: cybercrime is, after all, simply 'crime' with some sort of
'computer' or ‗cyber‘ aspects.
 Cybercrime has surpassed illegal drug trafficking as a criminal moneymaker.
 Every 3 seconds an identity is stolen.
 Without security, your unprotected PC can become infected within four minutes of
connecting to the internet.

The usage of internet service in India is growing rapidly. It has given rise to new opportunities in every
field we can think of – be it entertainment, business, sport or education.

There are many pros and cons of some new types of technology which are been invented or discovered.
Similarly the new & profound technology i.e. using of INTERNET Service, has also got some pros &
cons. These cons are named CYBER CRIME, the major disadvantage, illegal activity committed on the
internet by certain individuals because of certain loop-holes. The interest, along with its advantages, has
also exposed us to security risk that comes with come with connecting to a large network. Computer today
are being misused for illegal activities like e-mail espionage, credit card fraud, spams, and software.
piracy and so on, which invade our privacy and offend our senses. Criminal activities in the cyberspace
are on the rise

Computer crimes are criminal activities, which involve the use of information technology to gain an
illegal or an unauthorized access to a computer system with intent of damaging, deleting or altering
computer data. Computer crimes also include the activities such as electronic frauds, misuse of devices,
identity theft and data as well as system interference. Computer crimes may not necessarily involve
damage to physical property. They rather include them manipulation of confidential data and critical
information. Computer crimes involve activities of software theft, wherein the privacy of the users is
hampered. These criminal activities involve the breach of human and information privacy, as also the
theft and illegal alteration of system critical information. The different types of computer crimes have
necessitated the introduction and use of newer and more effective security measures.

In recent years, the growth and penetration of internet across Asia Pacific has been phenomenal. Today, a
large number of rural areas in India and a couple of other nations in the region have increasing access to
the internet — particularly broadband. The challenges of information security have also grown manifold.
This widespread nature of cyber crime is beginning to show negative impact on the economic growth
opportunities in each of the countries. It is becoming imperative for organizations to take both preventive
and corrective action if their systems are to be protected from any kind of compromise by external
malicious element. According to the latest statistics, more than a fifth of the malicious activities in the
world originate from the Asia Pacific region. The malicious attacks included denial-of-service attacks,
spam and phishing and bot attacks. Overall, spam made up 69% of all monitored e-mail traffic in the Asia
pacific region. As per the National Crime Report Bureau statistics, there has been a 255% increase in
cyber crime in India alone. And mind you, these are just the reported cases. In view of this, various
governmental and non- governmental agencies are working towards reducing cyber crime activities.

Computer crime, cyber crime, e-crime, hi-tech crime or electronic crime generally refers to criminal
activity where a computer or network is the source, tool, target, or place of a crime. These categories are
not exclusive and many activities can be characterized as falling in one more category. According,
although the term computer crime and cyber crime are more properly restricted to describing criminal
activity in which the computer or network is a necessary part of the crime, these terms are also sometimes
used to include traditional crimes, such as fraud, theft, blackmail, forgery, and embezzlement, in which
computer has grown, computer crime has become more important.

LITERATURE REVIEW
Defining Cyber Crime

Defining cyber crimes, as ―acts that are punishable by the Information Technology Act" would be
unsuitable as the Indian Penal Code also covers many cyber crimes, such as email spoofing and cyber
defamation, sending threatening emails etc.

Computer crime has been defined as ―unauthorized use of a computer for personal gain, as in the illegal
transfer of funds or to alter the data or property of others‖ (―Computer Crime‖, 2007).

A generalized definition of cyber crime may be ―unlawful acts wherein the computer is either a tool or
target or both‖.

The history of cyber crime

The first recorded cyber crime took place in the year 1820! This is not surprising considering the fact that
the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in
India, and China. The era of modern computers, however, began with the analytical engine of Charles
Babbage.

In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device
allowed the repetition of a series of steps in the weaving of special fabrics. This result in a fear amongst
Jacquard‘s employee that their traditional employment and livelihood were being threatened. They
committed acts of sabotage to discourage Jacquard from Further use of the new technology. This is the
first recorded cyber crime!

Today computers have come a long way, with neural networks andnanocomputing promising to turn
every atom in a glass of water into a computer capable of performing a Billion operations per second.

Cyber crime is an evil having its origin in the growing dependence on computer in modern life. In a day
and age when everything from microwave ovens and refrigerators to nuclear power plants is being run on
computers, cybercrime has assumed rather sinister implications.

CYBERCRIMES IN INDIA
NEW DELHI: India has witnessed a 457% rise in cybercrime incidents under the Information Technology
(IT) Act, 2000 from the year 2011 to 2016, a recent ASSOCHAM-NEC joint study said
Symantec Corp ranked India among top five countries to be affected by cyber crime, between 2012-17,
the number of internet users grew at a CAGR of 44%, of which India is placed third after US and China.
Using latest technologies like Artificial Intelligence, Big Data Analytics, Facial Recognition, IoT etc., to
identify and catch suspects/criminals, have gained much awareness among various law enforcement
agencies. However, the implementation of these technologies is not on a national level but on a state level,
which makes it crucial for the central government to fund and support state level law enforcement
agencies to utilize technologies to upgrade their policing methods, noted the study.
Indian government and multiple law enforcement agencies have taken lead in curbing growing cyber
crime.
State government and State police are developing new anti-cyber crime measures and gathering methods
to tackle it with the help of central government and private organizations.

CYBERSPACE

As the cases of cybercrime grow; there is a growing need to prevent them. Cyberspace belongs to
everyone. There should be electronic surveillance which means investigators tracking down hackers often
want to monitor a cracker as he breaks into a victim's computer system. The two basic laws governing
real-time electronic surveillance in other criminal investigations also apply in this context, search warrants
which means that search warrants may be obtained to gain access to the premises where the cracker is
believed to have evidence of the crime. Such evidence would include the computer used to commit the
crime, as well as the software used to gain unauthorized access and other evidence of the crime.
Researchers must explore the problems in greater detail to learn the origins, methods, and motivations of
this growing criminal group. Decisionmakers in business, government, and law enforcement must react to
this emerging body of knowledge. They must develop policies, methods, and regulations to detect
incursions, investigate prosecute the perpetrators, and prevent future crimes. In addition, Police
Departments should immediately take steps to protect their own information systems from intrusions.
(Any entry into an area not previously occupied). Internet provides anonymity: This is one of the reasons
why criminals try to get away easily when caught and also give them a chance to commit the crime again.
Therefore, we users should be careful. We should not disclose any personal information on the internet or
use credit cards and if we find anything suspicious in e-mails or if the system is hacked, it should be
immediately reported to the Police officials who investigate cyber crime rather than trying to fix the
problem by ourselves. Computer crime is a multi- billion dollar problem. Law enforcement must seek
ways to keep the drawback from the great promise of the computer age. Cybercrime is a menace that has
to be tackled effectively not only by the official but also by the users by co-operating with the law.

When was the first ever cybercrime recorded?

The first cybercrime was noted in 1820 by Joseph-Marie Jacquard, a textile manufacturer in France which
produced the loom. This device allowed the repetition of a series of steps in the weaving of special
fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and
livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further
use of the new technology. This is the first recorded cyber-crime!

The first spam email took place in 1978 when it was sent out over the Arpanet (Advanced Research
Projects Agency Network). The first virus was installed on an Apple computer in 1982 when a high
school student, Rich Skrenta, developed the Elk cloner

Who is carrying it out?

100 per cent Security! 100 per cent security can be difficult to attain and should not ideally be the goal.
Instead, one must establish a capability that deals with incidents to help minimise threat and loss

Are you facing cyber threat and not even realising it?

The information security landscape is constantly evolving. Private and public sector organisations find it
difficult to believe they could be a target for cyber-attacks. As adversary sophistication increases, many
organisations react only after the event or the attack is underway.

The Differences between Cybercrime and Traditional Crime:

One of the differences between cybercrime and traditional crime is the evidence of the offenses.
Traditional criminals usually leave traces of a crime, through either fingerprints or other physical
evidences. On the other hand, cybercriminals rely on the Internet via which they commit their crimes, and
it leaves very little evidence about the cybercrime. Forensic investigators usually experience great
difficulty in gathering evidence that could lead to the conviction of cybercriminals since these criminals
can freely change their identities. The Internet also allows the anonymity of its users, and this implies that
cybercriminals can use any pseudonyms for their identification. On the other hand, it is difficult for
traditional criminals to fake their gender, race, or age.

Consequently, this leads to the second difference between traditional and cybercrimes, length of
investigations. Since cybercrime involves perpetrators using falsified names and working from remote
locations, it usually takes longer to identify the real cybercriminals and apprehend them. In most cases,
cybercriminals (such as hackers) escape from arrest because the investigators cannot locate them.
Traditional crimes take shorter time period to investigate because the criminals usually leave evidence
that can be used to spot them. For instance, traditional criminals can leave evidence such as DNA,
fingerprints, photographs and videos captured on surveillance cameras, or personal belongings such as
identity cards, and this makes it easy for investigators to identify and capture the culprits. In addition,
such evidence makes it easy for the judiciary to convict the offenders.

Lastly, the difference between traditional crimes and cybercrimes is the force involved. Most of the
traditional crimes (such as rape, murder, arson, and burglary among others) involve the use of excessive
force that results in physical injury and trauma on the victims. On the other hand, cybercrimes do not
require the use of any force since the criminals merely use the identities of their victims to steal from
them. For example, cybercriminals use spoofing and phishing to obtain personal information such as
credit card numbers from their victims, or use encrypted emails to coordinate violence remotely.

REASONS FOR CYBER CRIME

1. Capacity to store data in comparatively small space: The computer has unique characteristic of storing
data in a very small space. This affords to remove or derive information either through physical or virtual
medium makes it much easier.

2. Easy to access: The problem encountered in guarding a computer system from unauthorised access is
that there is every possibility of breach not due to human error but due to the complex technology. By
secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina
imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a
security system.

3. Complex: The computers work on operating systems and these operating systems in turn are composed
of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any
stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.

4. Negligence: Negligence is very closely connected with human conduct. It is therefore very probable
that while protecting the computer system there might be any negligence, which in turn provides a cyber-
criminal to gain access and control over the computer system.

5. Loss of evidence: Loss of evidence is a very common & obvious problem as all the data are routinely
destroyed. Further collection of data outside the territorial extent also paralyses this system of crime
investigation.
MODE AND MANNER OF COMMITING CYBER CRIME

1. Unauthorized access to computer systems or networks / Hacking-

This kind of offence is normally referred as hacking in the generic sense. However the framers of the
information technology act 2000 have nowhere used this term so to avoid any confusion we would not
interchangeably use the word hacking for ‘unauthorized access’ as the latter has wide connotation.

2. Theft of information contained in electronic form-

This includes information stored in computer hard disks, removable storage media etc. Theft may be
either by appropriating the data physically or by tampering them through the virtual medium. 3. Email
bombing- This kind of activity refers to sending large numbers of mail to the victim, which may be an
individual or a company or even mail servers there by ultimately resulting into crashing.

4. Data diddling-

This kind of an attack involves altering raw data just before a computer processes it and then changing it
back after the processing is completed. The electricity board faced similar problem of data diddling while
the department was being computerised.

5. Salami attacks-

This kind of crime is normally prevalent in the financial institutions or for the purpose of committing
financial crimes. An important feature of this type of offence is that the alteration is so small that it would
normally go unnoticed. E.g. the Ziegler case wherein a logic bomb was introduced in the bank’s system,
which deducted 10 cents from every account and deposited it in a particular account.

6. Denial of Service attack-

The computer of the victim is flooded with more requests than it can handle which cause it to crash.
Distributed Denial of Service (DDoS) attack is also a type of denial of service attack, in which the
offenders are wide in number and widespread. E.g. Amazon, Yahoo.
7. Virus / worm attacks-

Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other
files and to other computers on a network. They usually affect the data on a computer, either by altering
or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make
functional copies of themselves and do this repeatedly till they eat up all the available space on a
computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The
losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose
on the Internet by Robert Morris sometime in 1988. Almost brought development of Internet to a
complete halt

8. Logic bombs-

These are event dependent programs. This implies that these programs are created to do something only
when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic
bombs because they lie dormant all through the year and become active only on a particular date (like the
Chernobyl virus).

9. Trojan attacks-

This term has its origin in the word ‘Trojan horse’. In software field this means an unauthorized
programme, which passively gains control over another’s system by representing itself as an authorised
programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed
in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam
installed in the computer obtained her nude photographs. He further harassed this lady.

10. Internet time thefts-

Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another person.
This is done by gaining access to the login ID and the password. E.g. Colonel Bajwa’s case- the Internet
hours were used up by any other person. This was 1perhaps one of the first reported cases related to
cyber-crime in India. However this case made the police infamous as to their lack of understanding of the
nature of cyber-crime.

11. Web jacking-

This term is derived from the term hi jacking. In these kinds of offences the hacker gains access and
control over the web site of another. He may even mutilate or change the information on the site. This
may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of
Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed
therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is that
of the ‘gold fish’ case. In this case the site was hacked and the information pertaining to gold fish was
changed. Further a ransom of US $ 1 million was demanded as ransom. Thus web jacking is a process
whereby control over the site of another is made backed by some consideration for it

CLASSIFICATION:

The subject of cyber-crime may be broadly classified under the following three groups. They are-

1. Against Individuals

(a). Their person &

(b). Their property of an individual

2. Against Organization

(a). Government

(b). Firm, Company, Group of Individuals.

Against Society at large

The following are the crimes, which can be committed against the followings group

1. Against Individuals: –

i. Harassment via e-mails.

ii. Cyber-stalking.
iii. Dissemination of obscene material.
iv. Defamation.
v. Unauthorized control/access over computer system.
vi. Indecent exposure
vii. Email spoofing
viii. Cheating & Fraud
2. Against Individual Property: -

i. Computer vandalism.
ii. Transmitting virus.
iii. Netrespass
iv. Unauthorized control/access over computer system
v. Intellectual Property crimes
vi. Internet time thefts

3. Against Organization: -

i. Unauthorized control/access over computer system

ii. Possession of unauthorized information.

iii. Cyber terrorism against the government organization.

iv. Distribution of pirated software etc.

The above mentioned offences may discuss in brief as follows:

1. Harassment via e-mails-

Harassment through e-mails is not a new concept. It is very similar to harassing through letters. Recently
one of my friends had received a mail from a lady wherein she complained about the same. Her former
boyfriend was sending her mails constantly sometimes emotionally blackmailing her and also threatening
her. This is a very common type of harassment via e-mails.

2. Cyber-stalking-

The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking involves following a
person's movements across the Internet by posting messages (sometimes threatening) on the bulletin
boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding
the victim with emails etc.

3. Dissemination of obscene material/ Indecent exposure/ Pornography (basically

child pornography) / Polluting through indecent exposure-
Pornography on the net may take various forms. It may include the hosting of web site containing these
prohibited materials. Use of computers for producing these obscene materials. Downloading through the
Internet, obscene materials. These obscene matters may cause harm to the mind of the adolescent and tend
to deprave or corrupt their mind. Two known cases of pornography are the Delhi Bal Bharati case and the
Bombay case wherein two Swiss couple used to force the slum children for obscene photographs. The
Mumbai police later arrested them.

TYPES OF CYBER CRIME

1. Theft of Telecommunications Services

The theft of telecommunications services is a crime. Pay Tel Communications, Inc. reserves the right to
block calls to persons that do not pay for services and to prosecute individuals that attempt to steal these
services.

Pay Tel is constantly developing new and innovative ways to identify individuals who attempt to avoid
paying for telecommunications services. Pay Tel is committed to identifying and prosecuting individuals
who steal telecommunications services.

2. Communications in Furtherance of Criminal Conspiracies

Just as legitimate organisation in the private and public sector rely upon information systems for
communication and record keeping, so too are the activities of criminal organisation enhanced by
technology.

Just as legitimate organization in the private and public sector rely upon information systems for
communication and record keeping, so too are the activities of criminal organizations enhanced by
technology.

There is evidence of telecommunications equipment being used to facilitate organized drug trafficking,
gambling, prostitution money laundering, child pornography and trade in weapons (in those jurisdictions
where such are illegal). The use of encryption technology may place criminal communications beyond the
reach of law enforcement.

In another case a rejected suitor posted invitations on the Internet under the name of a 28-year-old
woman, the would-be object of his affections, that said that she had fantasies of rape and gang rape. He
then communicated via email with men who replied to the solicitations and gave out personal information
about the woman, including her address, phone number, details of her physical appearance and how to
bypass her home security system. Strange men turned up at her home on six different occasions and she
received many obscene phone calls. While the woman was not physically assaulted, she would not answer
the phone, was afraid to leave her home, and lost her job (Miller 1999; Miller and Maharaj 1999).

One former university student in California used email to harass 5 female students in 1998. He bought
information on the Internet about the women using a professor's credit card and then sent 100 messages
including death threats, graphic sexual descriptions and references to their daily activities. He apparently
made thE threats in response to perceived teasing about his appearance (Associated Press 1999a).

Computer networks may also be used in furtherance of extortion. The Sunday Times (London) reported in
1996 that over 40 financial institutions in Britain and the United States had been attacked electronically
over the previous three years. In England, financial institutions were reported to have paid significant
amounts to sophisticated computer criminals who threatened to wipe out computer systems. (The Sunday
Times, June 2, 1996). The article cited four incidents between 1993 and 1995 in which a total of 42.5
million Pounds Sterling were paid by senior executives of the organisations concerned, who were
convinced of the extortionists' capacity to crash their computer systems (Denning 1999 233-4).

5. ELECTRONIC MONEY LAUNDERING AND TAX EVASION

For some time now, electronic funds transfers have assisted in concealing and in moving the proceeds of
crime. Emerging technologies will greatly assist in concealing the origin of ill-gotten gains. Legitimately
derived income may also be more easily concealed from taxation authorities. Large financial institutions
will no longer be the only ones with the ability to achieve electronic funds transfers transiting numerous
jurisdictions at the speed of light. The development of informal banking institutions and parallel banking
systems may permit central bank supervision to be bypassed, but can also facilitate the evasion of cash
transaction reporting requirements in those nations which have them. Traditional underground banks,
which have flourished in Asian countries for centuries, will enjoy even greater capacity through the use of
telecommunications.

With the emergence and proliferation of various technologies of electronic commerce, one can easily
envisage how traditional countermeasures against money laundering and tax evasion may soon be of
limited value. I may soon be able to sell you a quantity of heroin, in return for an untraceable transfer of
stored value to my "smart-card", which I then download anonymously to my account in a financial
institution situated in an overseas jurisdiction which protects the privacy of banking clients. I can
discreetly draw upon these funds as and when I may require, downloading them back to my stored value
card (Wahlert 1996).

ELECTRONIC VANDALISM, TERRORISM AND EXTORTION

As never before, western industrial society is dependent upon complex data processing and
telecommunications systems. Damage to, or interference with, any of these systems can lead to
catastrophic consequences. Whether motivated by curiosity or vindictiveness electronic intruders cause
inconvenience at best, and have the potential for inflicting massive harm (Hundley and Anderson 1995,
Schwartau 1994).

While this potential has yet to be realised, a number of individuals and protest groups have hacked the
official web pages of various governmental and commercial organisations (Rathmell 1997).
http://www.2600.com/hacked_pages/ (visited 4 January 2000). This may also operate in reverse: early in
1999 an organised hacking incident was apparently directed at a server which hosted the Internet domain
for East Timor, which at the time was seeking its independence from Indonesia (Creed 1999).

Defence planners around the world are investing substantially in information warfare-- means of
disrupting the information technology infrastructure of defence systems (Stix 1995). Attempts were made
to disrupt the computer systems of the Sri Lankan Government (Associated Press 1998), and of the North
Atlantic Treaty Organization during the 1999 bombing of Belgrade (BBC 1999). One case, which
illustrates the transnational reach of extortionists, involved a number of German hackers who
compromised the system of an Internet service provider in South Florida, disabling eight of the ISPs ten
servers. The offenders obtained personal information and credit card details of 10,000 subscribers, and,
communicating via electronic mail through one of the compromised accounts, demanded that US$30,000
be delivered to a mail drop in Germany. Co-operation between US and German authorities resulted in the
arrest of the extortionists (Bauer 1998).

More recently, an extortionist in Eastern Europe obtained the credit card details of customers of a North
American based on-line music retailer, and published some on the Internet when the retailer refused to
comply with his demands (Mark off 2000).

7. SALES AND INVESTMENT FRAUD

As electronic commerce becomes more prevalent, the application of digital technology to fraudulent
endeavours will be that much greater. The use of the telephone for fraudulent sales pitches, deceptive
charitable solicitations, or bogus investment overtures is increasingly common. Cyberspace now abounds
with a wide variety of investment opportunities, from traditional securities such as stocks and bonds, to
more exotic opportunities such as coconut farming, the sale and leaseback of automatic teller machines,
and worldwide telephone lotteries (Cella and Stark 1997 837-844). Indeed, the digital age has been
accompanied by unprecedented opportunities for misinformation. Fraudsters now enjoy direct access to
millions of prospective victims around the world, instantaneously and at minimal cost.
Classic pyramid schemes and "Exciting, Low-Risk Investment Opportunities" are not uncommon. The
technology of the World Wide Web is ideally suited to investment solicitations. In the words of two SEC
staff "At very little cost, and from the privacy of a basement office or living room, the fraudster can
produce a home page that looks better and more sophisticated than that of a Fortune 500 company" (Cella
and Stark 1997, 822).

8. ILLEGAL INTERCEPTION OF TELECOMM

Developments in telecommunications provide new opportunities for electronic eavesdropping. From

activities as time-honoured as surveillance of an unfaithful spouse, to the newest forms of political and
industrial espionage, telecommunications interception has increasing applications. Here again,
technological developments create new vulnerabilities. The electromagnetic signals emitted by a
computer may themselves be intercepted. Cables may act as broadcast antennas. Existing law does not
prevent the remote monitoring of computer radiation.

It has been reported that the notorious American hacker Kevin Poulsen was able to gain access to law
enforcement and national security wiretap data prior to his arrest in 1991 (Littman 1997). In 1995, hackers
employed by a criminal organisation attacked the communications system of the Amsterdam Police. The
hackers succeeded in gaining police operational intelligence, and in disrupting police communications
(Rathmell 1997).

9. ELECTRONIC FUNDS TRANSFER FRAUD

Electronic funds transfer systems have begun to proliferate, and so has the risk that such transactions may
be intercepted and diverted. Valid credit card numbers can be intercepted electronically, as well as
physically; the digital information stored on a card can be counterfeited.

Of course, we don't need Willie Sutton to remind us that banks are where they keep the money. In 1994, a
Russian hacker Vladimir Levin, operating from St Petersburg, accessed the computers of Citibank's
central wire transfer department, and transferred funds from large corporate accounts to other accounts
which had been opened by his accomplices in The United States, the Netherlands, Finland, Germany, and
Israel. Officials from one of the corporate victims, located in Argentina, notified the bank, and the suspect
accounts, located in San Francisco, were frozen. The accomplice was arrested. Another accomplice was
caught attempting to withdraw funds from an account in Rotterdam. Although Russian law precluded
Levin's extradition, he was arrested during a visit to the United States and subsequently imprisoned
(Denning 1999, 55).

Other types of cyber crime

Hacker:

Hacker is a term used by some to mean "a clever programmer" and by others, especially those in popular
media, to mean "someone who tries to break into computer systems."

1) Eric Raymond, compiler of The New Hacker's Dictionary, defines a hacker as a clever
programmer. A "good hack" is a clever solution to a programming problem and "hacking" is the
act of doing it. Raymond lists five possible characteristics that qualify one as a hacker, which we
paraphrase here:

 A person who enjoys learning details of a programming language or system

 A person who enjoys actually doing the programming rather than just
 theorizing about it
 A person capable of appreciating someone else's hacking
 A person who picks up programming quickly
 A person who is an expert at a particular programming language or system,
 as in "UNIX hacker"

2) The term hacker is used in popular media to describe someone who

attempts to break into computer systems. Typically, this kind of hacker

would be a proficient programmer or engineer with sufficient technical

knowledge to understand the weak points in a security system.

Motive Behind The Crime

a. Greed

b. Power

c. Publicity

d. Revenge

e. Adventure

f. Desire to access forbidden information

g. Destructive mindset

h. Wants to sell n/w security services

Theft:

This crime occurs when a person violates copyrights and downloads music, movies, games and software.
There are even peer sharing websites which encourage software piracy and many of these websites are
now being targeted by the FBI. Today, the justice system is addressing this cyber crime and there are laws
that prevent people from illegal downloading.

Cyber Stalking:

This is a kind of online harassment wherein the victim is subjected to a barrage of online messages and
emails. Typically, these stalkers know their victims and instead of resorting to offline stalking, they use
the Internet to stalk. However, if they notice that cyber stalking is not having the desired effect, they begin
offline stalking along with cyber stalking to make the victims‘ lives more miserable.

Identity Theft:

This has become a major problem with people using the Internet for cash transactions and banking
services. In this cyber crime, a criminal accesses data about a person‘s bank account, credit cards, Social
Security, debit card and other sensitive information to siphon money or to buy things online in the
victim‘s name. It can result in major financial losses for the victim and even spoil the victim‘s credit
history.

Malicious Software:

These are Internet-based software or programs that are used to disrupt a network. The software is used to
gain access to a system to steal sensitive information or data or causing damage to software present in the
system.

Child soliciting and Abuse:

This is also a type of cyber crime wherein criminals solicit minors via chat rooms for the purpose of child
pornography. The FBI has been spending a lot of time monitoring chat rooms frequented by children with
the hopes of reducing and preventing child abuse and soliciting.
CLASSIFICATION OF CYBER CRIME

Cybercrimes can be basically divided into 3 major categories:

1) Against Individuals:

(i)Email spoofing:

A spoofed email is one in which e-mail header is forged so that mail appears to originate from one source
but actually has been sent from another source.

(ii) Spamming:

Spamming means sending multiple copies of unsolicited mails or mass emails such as chain letters.

(iii)Cyber Defamation:
This occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone
publishes defamatory matter about someone on a website or sends e-mails containing defamatory
information.

(iv)Harassment & Cyber Stalking:

Cyber Stalking Means following the moves of an individual's activity over internet. It can be done with
the help of many protocols available such at e- mail, chat rooms, user net groups.

(2) Against Property:

(i) Credit Card Fraud:

(ii) Intellectual Property crimes: These include Software piracy: illegal copying of programs, distribution
of copies of software. Copyright infringement  Trademarks violations Theft of computer source code

(iii) Internet time theft: the usage of the Internet hours by an unauthorized person which is actually paid
by another person.

(3) Against Organisation

(i) Unauthorized Accessing of Computer:

Accessing the computer/network without permission from the owner. It can be of 2 forms:

a) Changing/deleting data:

Unauthorized changing of data.

b) Computer voyeur:

The criminal reads or copies confidential or proprietary information but the data is neither deleted nor
changed.

(ii) Denial of Service:

When Internet server is flooded with continuous bogus requests so as to denying legitimate users to use
the server or to crash the server.
(iii)Computer Contamination/ Virus Attack:

A computer virus is a computer program that can infect other computer programs by modifying them in
such a way as to include a (possibly evolved) copy of it. Viruses can be file infecting or affecting boot
sector of the computer. Worms, unlike viruses do not need the host to attach themselves to.

(iv) E-mail Bombing:

Sending large numbers of mails to the individual or company or mail servers thereby ultimately resulting
into crashing.

(v)Salami Attack:

When negligible amounts are removed & accumulated in to something larger. These attacks are used for
the commission of financial crimes.

(vi)Logic Bomb:

It‘s an event dependent programme, as soon as the designated event occurs, it crashes the computer,
release a virus or any other harmful possibilities.

(vii) Trojan Horse:

An unauthorized program which functions from inside what seems to be an authorized program, thereby
concealing what it is actually doing.

(viii) Data diddling:

This kind of an attack involves altering raw data just before it is processed by a computer and then
changing it back after the processing is completed.

(4) Against Society

(i) Forgery:

Currency notes, revenue stamps, mark sheets etc can be forged using computers and high quality scanners
and printers.

(ii) Cyber Terrorism:

Use of computer resources to intimidate or coerce others.

(iii) Web Jacking:

Hackers gain access and control over the website of another, even they change the content of website for
fulfilling political objective or for money.

REASONS FOR CYBER CRIME

Hart in his work ―The Concept of Law‖ has said ‗human beings are vulnerable so rule of law is required
to protect them‘. Applying this to the cyberspace we may say that computer are vulnerable (capable of
attack) so rule of law is required to protect and safeguard them against cyber crime. The reasons for the
vulnerability of computers may be said to be:

1. Capacity To Store Data In Comparatively Small Space-

The computer has unique characteristic of storing data in a very small space. This affords to remove or derive
information either through physical or virtual medium makes it much easier.

2. Eassy To Access
The problem encountered in guarding a computer system from unauthorized access is that there is every
possibility of breach not due to human error but due to the complex technology. By secretly implanted
logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. That
can fool biometric systems and bypass firewalls can be utilized to get past many a security system.

3. Coplex

The computers work on operating systems and these operating systems in turn are composed of millions
of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The
cyber criminals take advantage of these lacunas and penetrate into the computer system.

4. Negligence

Negligence is very closely connected with human conduct. It is therefore very probable that while
protecting the computer system there might be any negligence, which in turn provides a cyber criminal to
gain access and control over the computer system

5. Loss of evidence

Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further
collection of data outside the territorial extent also paralyses this system of crime investigation.

BANKING SECTOR

The Banking Industry was once a simple and reliable business that took deposits from investors at a lower
interest rate and loaded it out to borrowing at a higher rate
However deregulation and technology led to a revolution in the Banking Industry that saw it transformed.
Banks have become global industrial powerhouses that have created ever more complex products that use
risk. Through technology development, banking services have become available 24 hours a day, 365 days
a week, through ATMs, at online banking, and in electronically enabled exchanges where everything from
stocks to currency futures contracts can be traded. The Banking Industry at its core provides access to
credit. In the lenders case, includes access to their own savings and investments, and interest payments on
those amounts. In the case of borrowers, it includes access to loans for the creditworthy, at a competitive
interest rate. Banking services include transactional services, such as verification of account details,
account balance details and the transfer of funds, as well as advisory services that help individuals and
institutions to properly plan and manage their finances. Online banking channels have become a key in
the last 10 years.

The collapse of the Banking Industry in the Financial Crisis, however, means that some of the more
extreme risk-taking and complex securitization activities that banks increasingly engaged in since 2000
will be limited and carefully watched, to ensure that there is not another banking system meltdown in the
future.

Banking in India originated in the last decades of the 18th century. The oldest bank inexistence in India is
the State Bank of India, a government-owned bank that traces its origins back to June 1806 and that is the
largest commercial bank in the country. Central banking is the responsibility of the Reserve Bank of
India, which in 1935 formally took over these responsibilities from the Imperial Bank of India, regarding
it to commercial banking functions. After India independent in 1947, the Reserve Bank was nationalized
and given broader powers. In 1969 the government nationalized the 14 largest commercial banks; the
government nationalized the six next largest in 1980.

CREDIT CARDS FRAUDS

INTRODUCTION TO CREDIT CARDS

Credit was first used in Assyria, Babylon and Egypt 3000 years ago. The bill of exchange- the forerunner
of banknotes - was established in the 14th century. Debts were settled by one-third cash and two-thirds
bill of exchange. Paper money followed only in the 17th century. The first

advertisement for credit was placed in 1730 by Christopher Thornton, who offered furniture that could be
paid off weekly.
From the 18th century until the early part of the 20th, tallymen sold clothes in return for small weekly
payments. They were called "tallymen" because they kept a record or tally of what people had bought on
a wooden stick. One side of the stick was marked with notches it represent the amount of debt and the
other side was a record of payments. In the 1920‘s, a shopper‘s plate - a "buy now, pay later" system
- was introduced in the USA. It could only be used in the shops which issued it. In 1950, Diners
Club and American Express launched their charge cards in the USA, the first "plastic money".

In 1951, Diners Club issued the first credit card to 200 customers who could use it at 27 restaurants
in New York. But it was only until the establishment of standards for the magnetic strip in 1970
that the credit card became part of the information age .The first use of magnetic stripes on
cards was in the early 1960's, when the London Transit Authority installed a magnetic stripe
system. San Francisco Bay Area Rapid Transit installed a paper based ticket the same size as the
credit cards in the late 1960's. The word credit comes fro m Latin, meaning ―TRUST‖.

IF CARD IS STOLEN

When a credit card is lost or stolen, it remains usable until the holder notifies the bank t h a t t h e
ca r d i s l o s t ; mo s t b a n k s h a v e t o l l - f r e e t e l e p h o n e nu mb e r s wi t h 2 4 - ho u r s
u p po r t t o encourage prompt reporting. Still, it is possible for a thief to make unauthorized
purchases on that card up until the card is cancelled. In the absence of other security measures,
a thief could potentially purchase thousands of dollars in merchandise or services before the card
holder or the bank realize that the card is in the wrong hands.

In the United States, federal law limits the liability of card holders to $50 in the event of theft, regardless
of the amount charged on the card; in practice, many banks will waive even this small payment and
simply remove the fraudulent charges from the customer's account if the customer signs an
affidavit confirming that the charges are indeed fraudulent. Other countries generally have
similar laws aimed at protecting consumers from physical theft of the card

The only common security measure on all cards is a signature panel, but signatures are relatively
easy to forge. Many merchants will demand to see a picture ID, such as a driver's license, to verify
the identity of the purchaser, and some credit cards include the holder's picture on the card itself.
However, the card holder has a right to refuse to show additional verification, and asking for such
verification may be a violation of the merchant's agreement with the credit card companies.
Self-serve payment systems (gas stations, kiosks, etc.) are common targets for stolen cards, as there
is no way to verify the card holder's identity. A common countermeasure is to require the
user to key in some identifying information, such as the user's ZIP or postal code. This
method may deter casual theft of a card found alone, but if the card holder's wallet is stolen, it may be
trivial for the thief to deduce the information by looking at other items in the wallet. For
instance, a U.S. driver license commonly has the holder's home address and ZIP code printed on it.

Banks have a number of countermeasures at the network level, including sophisticated real-time
analysis that can estimate the probability of fraud based on a number of factors. For example, a
large transaction occurring a great distance from the card holder's home might be f l a g g e d
a s s u s p i c i o u s . Th e me r c h a n t ma y b e

instructed t o call the bank fo r verification , to decline the transaction, or even to hold the card and refuse to
return it to the customer.
Stolen cards can be reported quickly by card holders, but a compromised account can be hoarded by a
thief for weeks or months before any fraudulent use, making it difficult to identify the source of the
compromise. The card holder may not discover fraudulent use until receiving a billing statement, which
may be delivered infrequently.

Compromised Accounts
Card account information is stored in a number of formats. Account numbers are embossed or imprinted
on the card a magnetic stripe on the contains the data in machine readable format. Fields can vary, but the
most common include:

 Name of card holder

 Account number

 Expiration date

Many Web sites have been compromised in the past and theft of credit card data is a major
concern for banks. Data obtained in a theft , like addresses or phone numbers, can be highly
useful to a thief as additional card holder verification.

Mail/Internet Order Fraud

The mail and the Internet are major routes for fraud against merchants who sell and ship products, as well
Internet merchants who provide online services. The industry term for catalog order and similar
transactions is " Card No t Present " ( CNP ) , meaning that t he ca rd is not physically
available for the merchant to inspect . The merchant must rely on the holder ( or someone
purporting to be the holder) to present the information
on the card by indirect means, whether by mail, telephone or over the Internet when the cardholder is not
present at the point of sale
.It is difficult for a merchant to verify that the actual card holder is indeed authorizing the purchase.
Shipping companies can guarantee delivery to a location, but they are not required to check identification
and they are usually are not involved in processing payments for the merchandise. A common preventive
measure for merchants is to allow shipment only to an address approved by the cardholder, and merchant
banking systems offer simple methods of verifying this information.
Additionally, smaller transactions generally undergo less scrutiny, and are less likely to be investigated by
either the bank or the merchant, since the cost of research and prosecution usually far outweighs the loss
due to fraud. CNP merchants must take extra precaution against fraud exposure and associated
losses , and they pay higher ratest merchant banks forthe privilege of accepting cards. Anonymous scam
artists bet on the fact that many fraud prevention features do not apply in this environment.
Merchant associations have developed some prevention measures, such as single use card numbers, but
these have not met with much success. Customers expect to be able to use their credit card without any
hassles, and have little incentive to pursue additional security due to laws limiting customer liability in the
event of fraud. Merchants can implement these prevention measures but risk losing business if the
customer chooses not to use the measures

Account Takeover

There are two types of fraud within the identity theft category:

1. Application Fraud.

2. Account Takeover
1. Application Fraud.

Application fraud occurs when criminals use stolen or fake documents to open an account in someone
else‘s name. Criminal may try to steal documents such as utility bills and bank statements to build up
useful personal information.

2. Account Takeover.
Account takeover involves a criminal trying to take over another person‘s account, first by gathering
information about the intended victim, then contacting their bank or credit issuer- masquerading as the
genuine cardholder-asking for mail to be redirected to a new address. The criminal then reports the card
lost and asks for a replacement to be sent. The replacement card is then used fraudulently.

CYBER CRIME IN BANKING SECTOR AUTOMATED TELLER MACHINE

The traditional and ancient society was devoid of any monetary instruments and the
entire exchange of goods and merchandise was managed by the ―barter system‖. The use
of monetary instruments as a unit of exchange replaced the barter system and money in various
denominations was used as the sole purchasing power. The modern contemporary era has replace these
traditional monetary instruments from a paper and mental based currency to ―plastic money‖ in
the form of credit cards, debit cards, etc. This has resulted in the increasing use of ATM all over the
world. The use of ATM is not only safe but is also convenient. This safety and convenience,
unfortunately, has an evil side as well that do not originate from the use of plastic money rather by
misuse of the same. This evil side is reflected in the form of “ATM FRAUDS” that is a global
problem. The use of plastic money is increasing day by day for payment of shopping bills, electricity
bills, school fees, phone bills, insurance premium, travelling bills and even petrol bills. The
convenience and safety that credit cards carry with its use has been instrumental in increasing both
credit card volumes and usage. This growth is not only in positive use of the same but as well as the
negative use of the same. The world at large is struggling to increase the convenience and safety on the
one hand and to reduce it misuse on the other.
WAYS TO CARD FRAUDS

Some of the popular techniques used to carry out ATM crime are:

1. Thought card Jamming ATM‘s card reader is tampered with in order to trap a customer‘s card.
Later on the criminal removes the card.
 2. Card Skimming, is the illegal way of stealing the card‘s security information from the card‘s
magnetic stripe.
3. Card Swapping, through this customer‘s card is swapped for another card without the
knowledge of cardholder.
Website Spoofing, here a new fictitious site is made which looks authentic to the user and
customers are asked to give their card number. PIN and other information, which are used to reproduce
the card for use at an ATM.

HOW TO USE CASH MACHINE

Be aware of other around you. If someone close by the cash machine is behaving suspiciously or make
you feel uncomfortable, choose another. Make sure you check the machine before you use it for any signs
of tampering. Examine the machine for stick on boxes, stick on card entry slots etc. If you find it difficult
to get your card into the slot, do not use it, go to another machine.
If there is anything unusual about the cash machine report it to the bank and police or the owner of the
premises immediately. Under no circumstances should members of the public attempt to remove a device
as it‘s possible the offender may be nearby.

What Precaution Should Be Taken While Leaving Cash Machine

Once you have completed a transaction, discreetly put your money and card away before leaving the cash
machine. If you lose your card in cash machine, cancel the card immediately with the card issuer‘s 24-
hour emergency line, which can be found on your last bank statement. Do not assume that your bank
automatically knows that the machine has withheld your card. Again, beware of help offered by "well
meaning strangers". Dispose of your cash machine receipt, mini-statement or balance enquiry slip with
care. Tear up or preferably shred these items before discarding them.

Card Fraud Also Happens In The Home:

Cardholder should also be warned of the risks of verifying bank details at home in unsolicited telephone
conversations. Always call the person back using the advertised customer telephone number, not the
telephone number they may give you.

1. Do Not Click On Hyperlinks Sent To You By Email Asking You To Confirm Your Bank Details
Online:

Hyperlinks are links to web pages that have been sent to you by email and may open a dummy website
designed to steal your personal details. Phone your bank instead on their main customer number or access
your account using the bank's main website address. Use good antivirus and firewall protection.

NEVER Write Down Your Pin:

 People make life very easy for pickpockets if they write down their PIN and keep it in their purse or
wallet. Do not write down your PIN. If you have been given a number that you find difficult to
remember, take your card along to a cash machine and change the number to one that you will be able to
remember without writing it down.

PREVENTION FOR ATM CARDS

Most ATM fraud happens due to the negligence of customers in using, and more importantly, negligence
of banks in educating their customers about the matters that should be taken care of while at an ATM. The
number of fraud in India is more in regard to negligence of the Personal Identification Number (PIN),
than by sophisticated crimes like skimming. Banks need to develop a fraud policy – the policy should be
written and distributed to all employees, borrowers and depositors. The most important aspect for
reducing ATM related fraud is to

1. Look for suspicious attachment. Criminals often capture information through ATM skimming– using
devices that steal magnetic strip information. At a educate the customer. Here is a compiled list of
guidelines to help your customer from being an ATM fraud victim: glance, the skimmer looks just like a
regular ATM slot, but it‘s an attachment that captures ATM card number. To spot one, the attachment slightly
protrudes from the machine and may not be parallel with the inherent grooves. Sometimes, the
equipment will even cut off the printed labels on the ATM. The skimmer will not obtain PIN numbers,
however. To get that, fraudsters place hidden cameras facing the ATM screen. There‗s also the
helpful bystander (the criminal) who may be standing by to kindly inform you the machine has had problems
and offer to help. If you do not feel safe at any time, press the ATM cancel button, remove your card and leave the
area immediately.

2. Look for suspicious attachment. Criminals often capture information through ATM skimming– using
devices that steal magnetic strip information. At a Minimize your time at the ATM. The more time you
spend at the ATM, the more vulnerable you are. If you need to update your records after a transaction,
one is advised do it at home or office, but not while at the ATM. Even when depositing a cheque at the
ATM, on should not make/sign the cheque at the ATM. After the transaction, if you think you are being
followed, go to an area with a lot of people and call the police.

3. Mark smart deposits. Some ATMs allow you to directly deposit checks and cash into your accounts
without stuffing envelopes. As for the envelope-based deposit, make sure they go through-if it gets
jammed and it doesn‘t fully go into the machine, the next person can walk up and it out. After having
made the ATM deposit, compare your record with the account statements or online banking records.
 RESEARCH METHODOLOGY

A research design specific a procedure for conducting and controlling the research project. Every research
must explicitly state its plan about collection and analysis of data. It is the descriptive research which the
study is conducted and deals with the procedures used in the study for the purpose of investigation.
Research Methodology in the context of the topic includes the cases of cyber crime happen in India.

Research Design
This study is adopted as descriptive research to provide detailed and comprehensive explanation of a
phenomena.

Sampling Method
The sample method we are using is to collect data by online source through different web portals and
reports.

Sample Area
The sample area of the study will be restricted to the country India.

Methods of Data collection

The analysis tools would include

1. Primary data.
No primary data were used
2. Secondary data
The secondary data have collected from online source and after analyzing it the data is input in the
project the data are collected from different web portals and the data from were, we collected the
links are mentioned in bibliography.

DATA ANALYSIS & INTEREPRETATION

Cybercrime will create over $1.5 trillion in profits in 2018
“By erring on the side of caution, by making projections from a small, rather than large number of
revenue categories and by opting for lower, rather than higher points on the estimate range, the aim was to
understand whether the assumption that cybercrime is a lucrative form of offending has any basis in what
is actually happening within the cybercrime economy. The surprisingly high figures that were eventually
derived certainly suggest that we need to think more seriously about the attractions and how these might
be tackled. For even if the figure for total revenues from cybercrime is only accurate up to a point, the fact
that it is a deliberately conservative one means that its inaccuracies at least involve only underestimates,
rather than overestimates.”

In other words, there’s a very good chance that the actual numbers skew much, much higher.
 Cybercrime Annual revenue
0% 0%
11%

Illegal online markets

Trade secret IP theft
Data Trading
Crime / Caas
Ransomware
33%
56%

Crime Annual Revenues Illegal online markets

$860 Billion Trade secret, IP theft $500 Billion
Data Trading $160 Billion Crime-ware/CaaS
$1.6 Billion Ransomware $1 Billion Total
Cybercrime Revenues $1.5 Trillion
Read more at: https://www.thesslstore.com/blog/2018-cybercrime-statistics/

How much money does Ransomware make?

In 2016, the US Federal Bureau of Investigation estimated that Ransomware payments would reach $1
billion. Two years later that shows no signs of slowing down. Here’s a sampling of some of the highest-
profile Ransomware from the past five years as well as how much money it made.

Ransomware Date Profits CryptoLocker

2013 ~$3 million CryptoWall 2014-2016
~$18-320 million Locky $7.8-$150
million Cerber $6.9 million WannaCry
2016 $55,000-$140,000 Petya/NotPetya
$10,000

Read more at: https://www.thesslstore.com/blog/2018-cybercrime-statistics/

As you can see, some of the higher-profile cases of Ransomware didn’t see much return financially. The
Petya/NotPetya figure in particular is fairly eyebrow-raising given how prolific the ransomware seemed to
be at the time. But, there is a distinction to be made between ransomware that was designed to make
money and ransomware that was designed primarily for disruption. Petya/NotPetya would appear to be in
the latter category.

Share of cyber crime attacks across India in 2016 and 2017

 2016-2017
80
70
60
50
40
30 Series 1
Axis Title 20 Column2
10
0
e e re
rim ism ag fa
r c tiv o n ar
be ck pi rw
Cy Ha r es b e
be Cy
Cy
Axis Title

This statistic illustrates the share of cyber crime attacks across India in 2016 and 2017, by motivation. The
main motivation behind the cyber attacks across the country in 2017 was cybercrime with a share of
approximately 77.40 percent, up from a share of about 72.1 percent across the country in 2016.

INDIAN SCENARIO

In India, where total number of installed ATM‘s base is far less than many developed countries. ATM-
related frauds are very less. But they could increase as more and more ATM‘s will penetrate in the
country, the bank should create awareness among customers about the card-related frauds to reduce the
number of frauds in future. In India, Indian Banks Association (IBA)can take lead to kick started.

The ATM fraud is not the sole problem of banks alone. It is a big threat and it requires a coordinated and
cooperative action on the part of the bank, customers and the law enforcement machinery. The ATM
frauds not only cause financial loss to banks but they also undermine customers‘ confidence in the use of
ATMs. This would deter a greater use of ATM for monetary transactions. It is therefore in the interest of
banks to prevent ATM frauds. There is thus a need to take precautionary and insurance measures that
gives greater ―protection‖ to the ATMs, particularly those located in less secure areas. The nature and
the extent of measures to be adopted will, however, depend upon the requirements of the respective
banks.

Cyber Crime in India:-

While I have a huge collection of international cyber crimes I thought it may be more relevant if we
discuss Indian Cyber crime case studies. However if any of you is interested in international case studies
please do reach me. I have not arranged the following section in an order to create flow of thought for the
reader. And it is possible there is a drift from the taxonomy which we have defined in the beginning.

Insulting Images of Warrior Shivaji on Google - Orkut19

An Indian posts ‘insulting images’ of respected warrior-saint Shivaji on Google’s Orkut. Indian police
come knocking at Google’s gilded door demanding the IP address (IP uniquely identifies every computer
in the world) which is the source of this negative image. Google, India hands over the IP address.

No such incident in India would be complete without a few administrative slip-ups. The computer with
that IP address is using Airtel, India as the ISP to connect to the internet and Orkut. Airtel gives police
the name of an innocent person using a different IP address. How two IP addresses could be mixed-up in
a sensitive police case is anyone’s guess.

An innocent Indian, Lakshmana Kailash K, is arrested in Bangalore and thrown in jail for 3 weeks.
Eventually, his innocence is proved and he is released in Oct, 2007.

A number of news media report this incident. American citizen and India lover Christopher Soghoian
(home page http://www.dubfire.net/chris/) studies Informatics at Indiana University and researches/writes
about security, privacy and computer crime. Christopher does an excellent article on this topic for the
blogs at respected tech media group CNET.

Like all good writers, Christopher Soghoian, gives Google, India a list of questions so that he can give a
balanced perspective to the millions of CNET readers.

How does Google, India respond?

The only comment was: "Google has very high standards for user privacy and a clear privacy policy, and
authorities are required to follow legal process to get information. In compliance with Indian legal
process, we provided Indian law enforcement authorities with IP address information of an Orkut user."

Not surprisingly, Google is a keen to play this down as Yahoo is being hauled over the coals by US
Congress for handing over an IP addresses and emails to the Chinese Government which resulted in a
Chinese democracy activist being jailed.

Techgoss contacted Christopher and asked him for a list of the questions he had put to Google.

The following were the questions that Christopher put to Google which were never answered.
Sometimes what you do not say says more about what you have done.

1. Can Google speak at all to the specifics of this incident?

2. If so, can Google confirm if they released ip addresses or any other log information to the Indian police
regarding this incident.

3. If Google did hand over log information, did the Indian police have a warrant/court order, or did they
merely request it?

4. Does Google feel in any way responsible for the man's accidental arrest and jailing?

5. Speaking more generally, without going into the specifics of this incident...Has Google ever in the past
handed over user information (including logs) to Indian law enforcement/authorities without a court
order/search warrant?

6. In this case, the crime the man was accused of (defaming a 300 year old historical figure) does not
exist in the US. Will Google conform to the laws of each country it does business in, or will it defer to
American concepts of freedom of speech and the press?

7. Does Google reveal information to other countries for "crimes" that would not normally be an illegal in
the US? For example, the ip addresses of people in Saudi Arabia and other conservative Muslim countries
who search for adult, consensual pornography?

8. Is the log data for Orkut stored in India, or is it stored elsewhere? If the data is not stored in India, is
Google still responsible for giving it to the Indian authorities?

How does it Airtel react to rectify its mistake?

Firstly, with an immediate, unqualified apology. In itself, a positive first step.

Techgoss (techgoss.com) had heard rumours about Airtel also offering monetary compensation to the
person wrongly jailed. But Airtel is being coy about possible financial compensation. An Airtel
spokesperson issued the following statement to techgoss.com

“Airtel are aware of this incident and deeply distressed by the severe inconvenience caused to the
customer. We are fully cooperating with the authorities to provide all information in this regard and we
are in touch with the customer. We have robust internal processes, which we review frequently to make
them more stringent. We have conducted a thorough investigation of the matter and will take appropriate
action”.

Does this mean the customer will get compensation? It is not clear either way. Let’s wait and see. It is
interesting to see that despite the arrest he is still with Airtel. Now that’s loyalty to your telecom
company.
What is the current Scenario?

Finally he has demanded that he be compensated for the injustice meted out to him! The illegally accused
and detained techie in the Chatrapati Shivaji defamation picture case on Orkut, Lakshmana Kailas K, has
slapped a ten page legal notice on Telecom giant Bharti Airtel, the Principal Secretary (Home) of the state
government in Maharashtra, India and the Assistant Commissioner of Police (Financial & Cyber crime
unit) demanding that an amount of 20 crores be paid as damages.

The software engineer has also sent a copy of the legal notice to the National Human rights commission.
Lakshmana had spent a harrowing 50 days in police custody accused of a crime he had never committed
just because an IP address sought by the police was wrongly supplied by Bharti Airtel. The legal notice
smacks of his anger with the police and judiciary making a mockery of the rights of an individual and the
pitiable conditions of the Yerwada jail where he was detained with a number of hardened criminals. He is
reported to have been beaten by a lathi and asked to use the same bowl to eat and to use in the toilet.

Kenneth L. Haywood

Kenneth L. Haywood (born 1964) became involved in a 2008 controversy in the Indian city of Mumbai
after his wireless connection was allegedly used by terrorists to transmit a message to Indian news
networks before their attacks. It was subsequently revealed that Haywood had been living a double life as
an "executive skills trainer" and a Christian pastor, while the firm that he worked for was a probable front
for evangelical religious activities. Haywood was not charged by Indian authorities in connection with the
blasts, which occurred at Ahmedabad and Surat, in late July 2008.

Financial crimes

Wipro Spectramind lost the telemarketing contract from Capital one due to an organized crime.The
telemarketing executives offered fake discounts, free gifts to the Americans in order to boost the sales of
the Capital one. The internal audit revealed the fact and surprisingly it was also noted that the superiors of
these telemarketers were also involved in the whole scenario.

Cyber pornography

Some more Indian incidents revolving around cyber pornography include the Air Force Balbharati School
case. In the first case of this kind, the Delhi Police Cyber Crime Cell registered a case under section 67 of
the IT act, 2000. A student of the Air Force Balbharati School, New Delhi, was teased by all his
classmates for having a pockmarked face.

Online gambling
Recent Indian case about cyber lotto was very interesting. A man called Kola Mohan invented the story of
winning the Euro Lottery. He himself created a website and an email address on the Internet with the
address 'eurolottery@usa.net.' Whenever accessed, the site would name him as the beneficiary of the 12.5
million pound.After confirmation a telgu newspaper published this as a news. He collected huge sums
from the public as well as from some banks for mobilization of the deposits in foreign currency. However,
the fraud came to light when a cheque discounted by him with the Andhra Bank for Rs 1.73 million
bounced. Mohan had pledged with Andhra Bank the copy of a bond certificate purportedly issued by
Midland Bank, Sheffields, London stating that a term deposit of 12.5 million was held in his name.

Intellectual Property crimes

These include software piracy, copyright infringement, trademarks violations, theft of computer source
code etc. In other words this is also referred to as cybersquatting. Satyam Vs. Siffy is the most widely
known case. Bharti Cellular Ltd. filed a case in the Delhi High Court that some cyber squatters had
registered domain names such as barticellular.com and bhartimobile.com with Network solutions under
different fictitious names. The court directed Network Solutions not to transfer the domain names in
question to any third party and the matter is sub-judice. Similar issues had risen before various High
Courts earlier. Yahoo had sued one Akash Arora for use of the domain name ‘Yahooindia.Com’
deceptively similar to its ‘Yahoo.com’. As this case was governed by the Trade Marks Act, 1958, the
additional defence taken against Yahoo’s legal action for the interim order was that the Trade Marks Act
was applicable only to goods.

Email spoofing

Recently, a branch of the Global Trust Bank experienced a run on the bank. Numerous customers decided
to withdraw all their money and close their accounts. It was revealed that someone had sent out spoofed
emails to many of the bank’s customers stating that the bank was in very bad shape financially and could
close operations at any time. Unfortunately this information proved to be true in the next few days.

But the best example of the email spoofing can be given by the Gujarat Ambuja Executive’s case. Where
he pretended to be a girl and cheated the Abu dhabi based NRI for crores by blackmailing tactics.

Cyber Defamation
India’s first case of cyber defamation was reported when a company’s employee started sending
derogatory, defamatory and obscene e-mails about its Managing Director. The e-mails were anonymous
and frequent, and were sent to many of their business associates to tarnish the image and goodwill of the
company.

The company was able to identify the employee with the help of a private computer expert and moved the
Delhi High Court. The court granted an ad-interim injunction and restrained the employee from sending,
publishing and transmitting e-mails, which are defamatory or derogatory to the plaintiffs.

Cyber stalking

Ritu Kohli has the dubious distinction of being the first lady to register the cyber stalking case. A friend of
her husband gave her telephonic number in the general chat room. The general chatting facility is
provided by some websites like MIRC and ICQ. Where person can easily chat without disclosing his true
identity. The friend of husband also encouraged this chatters to speak in slang language to Ms. Kohli.

Unauthorized access to computer systems or networks

However, as per Indian law, unauthorized access does occur, if hacking has taken place. An active
hackers’ group, led by one “Dr. Nuker”, who claims to be the founder of Pakistan Hackerz Club,
reportedly hacked the websites of the Indian Parliament, Ahmedabad Telephone Exchange, Engineering
Export Promotion Council, and United Nations (India).

IPR Theft

Jun 23, 2009 at 0119 hrs IST

The economic offences wing (EOW) of the Pune police on Monday arrested a software engineer Asma
Sandip Thorve (37), a resident of Uday Society in Sahkar Nagar, for allegedly cheating Brainvisa
Technologies to the tune of Rs 46.5 crores, by stealing their source code. Earlier, the police had arrested
software engineer Sameer Ashok Inamdar (36) of Kondhwa in the same case.

According to the police, Inamdar resigned from Brainvisa Technologies in August 2006. He allegedly
stole the source code and other secret information of Brainvisa Technologies and started his own
company. Owner of Brainvisa Technologies Nitin Hemchandra Agarwal had lodged a police complaint
alleging that the company lost Rs 46.5 crores due to this.

A team, led by assistant commissioner Pushpa Deshmukh, arrested Thorve, who was Inamdar’s business
partner and allegedly provided him the confidential data of Brainvisa.
Thorve worked as senior manager, business development, for Brainvisa from May 2004 to December
2005 and there on as vice president till December 2008, after which she joined Inamdar as a partner.
Thorve was produced before court on Monday and has been remanded to police custody till June 26.

Email bombing (DoS)

In one case, a foreigner who had been residing in Simla, India for almost thirty years wanted to avail of a
scheme introduced by the Simla Housing Board to buy land at lower rates. When he made an application
it was rejected on the grounds that the scheme was available only for citizens of India. He decided to take
his revenge. Consequently he sent thousands of mails to the Simla Housing Board and repeatedly kept
sending e-mails till their servers crashed.

Data diddling

The NDMC Electricity Billing Fraud Case that took place in 1996 is a typical example. The computer
network was used for receipt and accounting of electricity bills by the NDMC, Delhi. Collection of
money, computerized accounting, record maintenance and remittance in he bank were exclusively left to a
private contractor who was a computer professional. He misappropriated huge amount of funds by
manipulating data files to show less receipt and bank remittance.

Internet time theft

This connotes the usage by an unauthorized person of the Internet hours paid for by another person. In
May 2000, the economic offences wing, IPR section crime branch of Delhi police registered its first case
involving theft of Internet hours. In this case, the accused, Mukesh Gupta an engineer with Nicom System
(p) Ltd. was sent to the residence of the complainant to activate his Internet connection. However, the
accused used Col. Bajwa’s login name and password from various places causing wrongful loss of 100
hours to Col. Bajwa.

Delhi police arrested the accused for theft of Internet time.

On further inquiry in the case, it was found that Krishan Kumar, son of an ex army officer, working as
senior executive in M/s Highpoint Tours & Travels had used Col Bajwa’s login and passwords as many as
207 times from his residence and twice from his office. He confessed that Shashi Nagpal, from whom he
had purchased a computer, gave the login and password to him. The police could not believe that time
could be stolen. They were not aware of the concept of time-theft at all. Colonel Bajwa’s report was
rejected. He decided to approach The Times of India, New Delhi. They, in turn carried a report about the
inadequacy of the New Delhi Police in handling cyber crimes. The Commissioner of Police, Delhi then
took the case into his own hands and the police under his directions raided and arrested Krishan Kumar
under sections 379, 411, 34 of IPC and section 25 of the Indian Telegraph Act. In another case, the
Economic Offences Wing of Delhi Police arrested a computer engineer who got hold of the password of
an Internet user, accessed the computer and stole 107 hours of Internet time from the other person’s
account. He was booked for the crime by a Delhi court during May 2000.

SBI arm wins cybersquatting case - Peeyush Agnihotri - Tribune News Service

Chandigarh, August 24

SBI Card and Payment Services Private Limited, the credit card arm of the State Bank of India (SBI),
received a shot in the arm when it won a case of cybersquatting against Domain Active Pty Limited, an
Australian dotcom company.

The judgement, a notification of which was received earlier this week, was delivered by the
administrative tribunal constituted by the World Intellectual Property Organisation (WIPO), Geneva.
Established in 1998, SBI Card and Payment Services Private Limited is a joint venture between GE
Capital Services, the largest issuer of private label credit cards in the world, and the State Bank of India
(SBI), the largest Indian bank. SBI holds 60 per cent stake while GE 40 per cent.

The venture offers a range of credit cards — SBI Classic Card, SBI Gold Card, SBI International Card,
SBI Doctors Card. It also has a number of city affinity cards (SBI Kolkata Card, SBI Mumbai Card, SBI
Delhi Card, SBI Hyderabad Card, SBI Bangalore Card), commanding sales of over one million.

It all began when Domain Active Pty Limited, an Australian entity, floated a website on the domain name,
www.sbicards.com, and even ‘tricked’ financial big–time entities like Chase Manhattan into advertising
on the site.

The SBI arm, which had already registered the domain name with Fabulous.Com Pty. Ltd, lodged a
complaint on March 16 at the World Intellectual Property Organisation (WIPO), Geneva.

The WIPO Administrative Panel found that the Australian entity’s website could have attracted potential
attention from the public because of its affiliation with SBI Cards’ products and services. At the same
time it created a risk of confusion with the products/services and trademark as to the source, sponsorship,
affiliation or endorsement of its website.

The panel’s independent verification showed that the current use of the Australian firm’s website,
www.sbicards.com, was practically the same. The panel held that the respondent (Domain Active Pty
Limited) “has registered the disputed domain name in bad faith”.

Talking exclusively to The Tribune from New Delhi, Mr Rodney D. Ryder, who represented SBI Cards,
said that it was a clear case of cyber fraud and cybersquatting. “The judgement has come as big relief. No
penalty could, however, be imposed on the errant firm since at WIPO we have not been able to evolve a
consensus on what should be the proper damage/compensation amount as the cases involve the
jurisdiction clause,” he said

Credit Card Frauds

Amit Tiwari had many names, bank accounts and clients. None of them were for real. With a plan that
was both ingenious and naïve, the 21-year-old engineering student from Pune tried to defraud a Mumbai-
based credit card processing company, CC Avenue, of nearly Rs 900,000.He was arrested by the Mumbai
Police on August 21, 2003 after nearly an year of hide and seek with CC Avenue. He's been charged for
cheating under Section 420.

CC Avenue verifies and validates credit cards of buyers for over a thousand e-commerce Web sites. It
conducts checks like IP mapping, zip code mapping and reverse lookup of telephone numbers.Amit
Tiwari found a way to bypass them.In May 2002, Col Vikram Tiwari signed up for CC Avenue's services.
In November, he requested the company to deal with his son, Amit, who offered Web designing services
on www.mafiaz.com. CC Avenue's security team confirmed his credentials through bank signature
verification, driving license and his HDFC Bank debit card. Everything was genuine.Amit processed
several transactions, worth Rs 311,508, via CC Avenue from November 2002 to February 2003. Then the
transactions stopped.In April 2003, CC Avenue began receiving charge-backs from the credit card
holders, who denied using mafiaz.com's Web designing service.Amit had assumed the identities of these
'customers', and purchased mafiaz.com's services with credit card details that he found on the Net. He was
both the buyer and the seller.Calls to Amit's house in Lucknow went unanswered. Legal notices came
back unclaimed. Amit had disappeared without a trace.

Three-in-one fraudster

In June 2003, Sachin Deshpande and Jeevan Palani signed separate agreements with CC Avenue to
provide Web designing services through their sites www.infocreek.org and www.ewebsitestarter.com.
The company's risk-management team found that both these sites had ripped off content and even the
client list from foreign sites with similar names. The modus operandi was similar to Amit's. Vishwas
Patel, the CEO of CC Avenue, spoke to Sachin over the phone and found that he sounded just like Amit -
"young and immature". They decided to hold back payment.

Then, a person called Shoaib Sharif sought the services of CC Avenue. Vishwas and his team again
spotted a similar pattern. They held back payment on various pretexts. "He sounded desperate," says
Vishwas. So they decided to trap him.
Trapped

CC Avenue's accounts manager asked Shoaib to come to Mumbai to collect a cheque of Rs 40,000. On
August 21, a young man walked into Vishwas's office. He introduced himself as Shoaib Sharif. Vishwas
immediately recognized him as Amit. (He had seen Amit's photograph from his driver's license). Vishwas
then called the Mumbai Police, who rushed to his office and picked up the lad. At the Santa Cruz police
station, the boy confessed right away.

India's First ATM Card Fraud

The Chennai City Police have busted an international gang involved in cyber crime, with the arrest of
Deepak Prem Manwani (22), who was caught red-handed while breaking into an ATM in the city in June
last, it is reliably learnt.

The dimensions of the city cops' achievement can be gauged from the fact that they have netted a man
who is on the wanted list of the formidable FBI of the United States.

At the time of his detention, he had with him Rs 7.5 lakh knocked off from two ATMs in T Nagar and
Abiramipuram in the city. Prior to that, he had walked away with Rs 50,000 from an ATM in Mumbai.

While investigating Manwani's case, the police stumbled upon a cyber crime involving scores of persons
across the globe.

Manwani is an MBA drop-out from a Pune college and served as a marketing executive in a Chennai-
based firm for some time. Interestingly, his audacious crime career started in an Internet cafe. While
browsing the Net one day, he got attracted to a site which offered him assistance in breaking into the
ATMs. His contacts, sitting somewhere in Europe, were ready to give him credit card numbers of a few
American banks for $5 per card. The site also offered the magnetic codes of those cards, but charged $200
per code.

The operators of the site had devised a fascinating idea to get the personal identification number (PIN) of
the card users. They floated a new site which resembled that of a reputed telecom company's. That
company has millions of subscribers. The fake site offered the visitors to return $11.75 per head which,
the site promoters said, had been collected in excess by mistake from them.

Believing that it was a genuine offer from the telecom company in question, several lakh subscribers
logged on to the site to get back that little money, but in the process parted with their PINs.

Armed with all requisite data to hack the bank ATMs, the gang started its systematic looting. Apparently,
Manwani and many others of his ilk entered into a deal with the gang behind the site and could purchase
any amount of data, of course on certain terms, or simply enter into a deal on a booty-sharing basis.
Meanwhile, Manwani also managed to generate 30 plastic cards that contained necessary data to enable
him to break into ATMS.

He was so enterprising that he was able to sell away a few such cards to his contacts in Mumbai. The
police are on the lookout for those persons too.

On receipt of large-scale complaints from the billed credit card users and banks in the United States, the
FBI started an investigation into the affair and also alerted the CBI in New Delhi that the international
gang had developed some links in India too.

Manwani has since been enlarged on bail after interrogation by the CBI. But the city police believe that
this is the beginning of the end of a major cyber crime.

Work at Home scams Exposed

Cyber Crime Cell of Crime Branch, C.I.D., Mumbai Police have arrested a person by name Sripathi
Guruprasanna Raj, aged 52 yrs who is the Chairman and Managing Director of Sohonet India Private
Ltd., a company based in Chennai. Many complainants based in Mumbai had complained to the Cyber
Crime Investigation Cell, that the said company has duped them each for Rs. 4,000/- and Rs. 6,000/- by
promising them with monthly income of Rs. 15,000/-.

Case of Cyber Extortion

He does not know much about computer hacking, yet 51-year-old cyber criminal Pranab Mitra has
stunned even the cyber crime investigation cell of Mumbai police with his bizarre fraud on the Net. Mitra,
a former executive of Gujarat Ambuja Cement, was arrested on Monday for posing as a woman and
seducing online an Abu Dhabi-based man, thereby managing to extort Rs 96 lakh from him. Investigating
officer, Assistant Commissioner of Police, J.S. Sodi, said Mitra has been remanded to police custody till
June 24, and has been booked for cheating, impersonation, blackmail and extortion under sections 420,
465, 467, 471, 474 of the IPC, read with the newly formed Information Technology Act.

Mitra posed as a woman, Rita Basu, and created a fake e-mail ID through which he contacted one V.R.
Ninawe. According to the FIR, Mitra trapped Ninawe in a ‘‘cyber-relationship’’ sending emotional
messages and indulging in online sex since June 2002.Later, Mitra sent an e-mail that ‘‘she would commit
suicide’’ if Ninawe ended the relationship. He also gave him ‘‘another friend Ruchira Sengupta’s’’ e-mail
ID which was in fact his second bogus address. When Ninawe mailed at the other ID he was shocked to
learn that Mitra had died. Then Mitra began the emotional blackmail by calling up Abu Dhabi to say that
police here were searching for Ninawe. Ninawe panicked on hearing the news and asked Mitra to arrange
for a good advocate for his defence. Ninawe even deposited a few lakh in the bank as advocate fees. Mitra
even sent e-mails as high court and police officials to extort more money. Ninawe finally came down to
Mumbai to lodge a police case.

ICICI Bank Phishing

Did you know that e-mails, long considered the most convenient form of communication, can actually
spring some nasty surprises for you? Recently, a few ICICI Bank customers in Mumbai, to their utter
dismay, discovered that e-mails can be extremely hazardous, if not to their health, at least to their
security.These ICICI Bank customers received an e-mail from someone who posed as an official of the
bank and asked for sensitive information like the account holder's Internet login name and password and
directed them to a Web page that resembled the bank's official site.When some customers wrote in to find
out what the e-mail was about, the bank officials registered a complaint with the police.

New as it may be in India, it is actually a popular banking scam, a warning against which had been issued
by many international banks including Barclays and Citibank. rediff.com presents a guide that will help
readers understand what the scam is about and how they can stay clear of it.

What happened in the case of the e-mail scam involving ICICI Bank? A few customers of ICICI Bank
received an e-mail asking for their Internet login name and password to their account. The e-mail seemed
so genuine that some users even clicked on the URL given in the mail to a Web page that very closely
resembled the official site.The scam was finally discovered when an assistant manager of ICICI Bank's
information security cell received e-mails forwarded by the bank's customers seeking to crosscheck the
validity of the e-mails with the bank. Such a scam is known as 'phishing.'

Cyber Lotto an Effective Tool of Frauds

"It is a classic case of cyber crime, the first of its kind in Andhra Pradesh," was how Vijayawada Police
Commissioner Sudeep Lakhtakia summed up the case of cheating and fraud registered against Kola
Venkata Krishna Mohan, the self-styled winner of the multi-million dollar Euro lottery. Mohan admitted
that he did not win the 12.5 million pound Euro lottery in November 1998, as he had claimed, but merely
played fraud to make good his losses in gambling. "With the help of computers, the accused took the
people for a ride," the Vijayawada police commissioner pointed out. Mohan, using the Internet and forged
documents, allegedly cheated banks and several persons to the tune of 60 million rupees.

Kola Mohan was arrested by the Vijayawada city police on Monday in connection with cases of fraud and
forgery registered against him. He was remanded to judicial custody till December 13 by Fifth
Metropolitan Magistrate K B Narsimhulu. He was shifted to the district jail at Gandhinagar in
Vijayawada. Mohan was accused of cheating the Andhra Bank to the tune of Rs 1.73 million.
By perpetrating the multi-million rupee fraud, Mohan has achieved the dubious distinction of allegedly
committing the first and biggest cyber crime in Andhra. The state, incidentally is making rapid strides in
information technology, thanks to the initiative of cyber-savvy Chief Minister N Chandrababu Naidu.

A compulsive gambler who played cards regularly at high stakes in various clubs in the coastal city,
Mohan told newsmen at the police commissioner's office at Vijayawada on Monday that he had lost as
much as Rs 30 million in 1998 when a gambling syndicate led by a real estate dealer and a restaurant-
owner cheated him.

"I was on the look-out to make good the losses by hook or crook. During a visit to London, I learnt about
the Euro lottery. I staked some money on it in vain. Then, I invented the story that I won the lottery. I
created a website and an email address on the Internet with the address 'eurolottery@usa.net.' Whenever
accessed, the site would name me as the beneficiary of the 12.5 million pound (that is, $ 19.8 million or
Rs 840 million) Euro-lottery," Kola Mohan recalled.

A Telugu newspaper in Hyderabad received an email that a Telugu had won the Euro lottery. The website
address was given for verification. The newspaper sent the query and got the "confirmation" since Kola
Mohan had himself created and manipulated the website

Collective Scam in Call Center

The telemarketing project for an American credit-card company was just coming to an end in January
when an internal audit at the Wipro Spectra mind call center in Navi Mumbai, India, discovered
something very alarming: an organized ring of about 60 call-center agents had been systematically
scamming U.S. consumers for two months. Supervisors had told the agents to spice up their sales pitch for
the client, Capital One Financial Services, by making false claims about free gifts and membership fees,
according to press reports. The scam even bypassed Wipro’s sophisticated call-monitoring system.
Reliance made to pay the Consumer

After conducting its own audit, Capital One, located in McLean, Virginia, rescinded the contract with
Wipro in March. But its misadventure--and other recent departures from India by U.S. clients--has
confirmed many doubts and concerns about the booming business of outsourcing call centers, and also is
serving as a catalyst for human resources to develop more effective approaches to managing offshore
workers. Experts and consultants believe that companies can meet the challenges and save millions of
dollars by improving training and implementing tighter oversight of offshore call agents. Some U.S.
companies have even installed their own teams at offshore call centers. "Capital One represents some of
the challenges of outsourcing

Pune BPO-Scam

Pune BPO scam was claimed to be the first scam in India. In April 2005, five employees of MsourcE in
Pune were arrested for allegedly pulling off a fraud worth nearly $425,000 from the Citibank accounts of
four New York-based account holders.

Gurgaon BPO Scam

In June 2005, the tabloid Sun , in a sting operation, purchased the bank account details of 1,000 Britons
for about 5.50 dollars companyInfinity E- Search

Bangalore BPO Scam

In June 2006, Nadeem Kashmiri sold the customer credit card information to a group of scamsters who
used the information to siphon off nearly £233,000 or roughly Rs. 1.8 crore from bank accounts of UK-
based customers.Data theft makes IT firm quit India

Published on Fri, Oct 13, 2006 at 11:48, New Delhi: After registering a case against an employee who had
allegedly stolen data, the Gurgaon-based IT firm Acme Telepower Management waited for something to
happen. A week later they have decided to stop operating out of India and move to Australia. It seems like
this is the beginning of a domino effect, even as India's antiquated police force tries to deal with new age
crime like data theft. Acme Telepower is claiming a national loss of Rs 750 crore. They are saying it's all
because an ex-employee named Sachidanand Patnaik who allegedly stole research and handed it over to
his new employer - a competitor in the power industry solutions space. On Thursday, the board of Acme
met after a Gurgaon Sessions court granted bail to Patnaik and decided it was time to pack their bags.
"We are disappointed in the system. Patents and research are not protected, so we are not sure if the law
will be able to protect us,” GM Marketing, Acme, Sandeep Kashyap said. Acme employs around 1,100
people, who will be affected by the firm’s move to Australia that will happen over the next eight months.
Most of the 70 people in the Research and Development section will be the first to move. For the rest, the
future is unclear. According to Acme, only a small manufacturing operation will remain in India, but they
say they will take care of their employees and that their reason for leaving is simple. "The fact that the
main accused has got bail and the others got a clean chit has disappointed us completely,” Kashyap said.
However, the lawyer for Sachidanand Patnaik says they are giving up too soon and that this trend could
have dangerous repercussions. "If the reason they are leaving India is because the main accused has got
bail, then it is contempt of court,” Patnaik's lawyer, Vakul Sharma said. When people lost faith in the
system in the past, there was little they could, outside of rallying against everything wrong with the world.
However, today people have a choice. They can simply move on. But the question remains - will the
system respond?

Government and Defense sites Attacked and used 14 May, 2008

Though the commercial sectors are the sectors having maximum (85 per cent of total defacement in
commercial sector) incidents of defacement of government sites, which usually have critical information
pertaining to security of the country, are on continuous rise. Recently, Defense Research and development
Organisation (DRDO) site was used to distribute malware. The incidents of defacing government sites are
increasing by leaps and bounds. In 2005 only, 25 government sites were defaced and the number was
increased to 70 in 2006. In February 2006, websites of Government of Punjab were targeted. All the
websites of Government of Rajasthan were hosted on the same server and in November 2006, all the sites
were defaced at very short intervals of one to two days. Every year, there is an increase in the total
number of website defaced in India.

In 2005 only, 373 deface were reported, which had gone to 1226 in the year 2006.

Similar instances

After Pokhran II test on May 11 – May 13, 1998, a group of hackers called ’Milworm’ broke into Bhabha
Atomic Research Centre (BARC) site and posted anti Indian and anti-nuclear messages

In 1999, website of Indian Science Congress Association was defaced and the hacker posted provocative
comments about Kashmir

Cyber Crime Convictions & Judgments21

Case 1: First

Conviction in India

A complaint was filed in by Sony India Private Ltd, which runs a website calledsony-sambandh.com,
targeting Non Resident Indians. The website enables NRIs tosend Sony products to their friends and
relatives in India after they pay for it online.The company undertakes to deliver the products to the
concerned recipients. InMay 2002,someone logged onto the website under the identity of Barbara
Campaand ordered a Sony Colour Television set and a cordless head phone.A lady gaveher credit card
number for payment and requested that the products be deliveredto Arif Azim in Noida. The payment was
duly cleared by the credit card agencyand the transaction processed. After following the relevant
procedures of duediligence and checking, the company delivered the items to Arif Azim.

At the time of delivery, the company took digital photographs showing thedelivery being accepted by Arif
Azim.The transaction closed at that, but after one and a half months the credit cardagency informed the
company that this was an unauthorized transaction as thereal owner had denied having made the
purchase.The company lodged a complaint for online cheating at the Central Bureau of Investigation
which registered a case under Section 418, 419 and 420 of the

Indian Penal Code.

The matter was investigated into and Arif Azim was arrested. Investigationsrevealed that Arif Azim,
while working at a call centre in Noida gained accessto the credit card number of an American national
which he misused on the company’s site.

The CBI recovered the colour television and the cordless head phone.The accused admitted his guilt and
the court of Shri Gulshan Kumar MetropolitanMagistrate, New Delhi, convicted Arif Azim under Section
418, 419 and 420 ofthe Indianpenal Code — this being the first time that a cyber crime has been
convicted.

The court, however, felt that as the accused was a young boy of 24 years and afirst-t ime convict, a lenient
view needed to be taken. The court thereforereleased the accused on probation for one year.

Case-2: First juvenile accused in a cyber crime case.

In April 2001 a person from New Delhi complained to the crime branch regarding thewebsite.
Amazing.com, he claimed, carried vulgar remarks about his daughter anda few of her classmates. During
the inquiry, print-outs of the site were taken and proceedings initiated.

After investigation a student of Class 11 and classmate of the girl was arrested. The juvenile board in Nov
2003 refused to discharge the boy accused of creating a website with vulgar remarks about his
classmate.The accused’s advocate had sought that his client be discharged on the groundthat he was not in
a stable state of mind. Seeking discharge, the advocatefurther said that the trial has been pending for about
two years.
While rejecting the accused’s application, metropolitan magistrate SantoshSnehi Mann said: ‘The mental
condition under which the juvenile came into conflict with the law shall be taken into consideration
during thefinalorder.’ Mann, however, dropped the sections of Indecent Representation of
Women(Prohibition) Act.The accused would face trial under the Information Technology Act and for
intending to outrage the modesty of a woman. She held the inquiry could not be closed on technical
ground, especially when the allegations were not denied by the accused.

Case 3: First case convicted under Information Technology Act 2000 of India.

The case related to posting of obscene, defamatory and annoying message about adivorcee woman in the
yahoo message group. E-Mails were also forwarded tothe victim for information by the accused through a
false e-mail account opened by him in the name of the victim. The posting of the message resulted in
annoying phone calls to the lady in the belief that she was soliciting. Based on a complaint made by the
victim in February 2004, the Police traced the accused to Mumbai and arrested him within the next few
days. The accused was a known family friend of the victim and was reportedlyinterested in marrying her.
She however married another person.This marriage later ended in divorce and the accused started
contacting her once again. On her reluctance to marry him, the accused took up the harassment through
the Internet.

On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000, 469 and 509 IPC

before The Hon’ble Addl. CMM Egmore by citing 18 witnesses and 34 documents and material objects.
The same was taken on file in C.C.NO.4680/2004. On the prosecution side 12 witnesses were examined
and entire documents were marked. The Defence argued that the offending mails would have been given
either by ex-husband of the complainant or the complainant her self to implicate the accused as accused
alleged to have turned down the request of the complainant to marry her. Further the Defence counsel
argued that some of the documentary evidence was not sustainable under Section 65 B of the Indian
Evidence Act. However, the court based on the expert witness of Naavi and other evidence produced
including the witness of the Cyber Cafe owners came to the onclusion that the crime was conclusively
proved.

The court has also held that because of the meticulous investigation carried on by the IO, the origination
of the obscene message wastraced out and the real culprit has been brought before the court of law. In this
case Sri S. Kothandaraman, Special Public Prosecutor appointed by the Government conducted the case.

Honourable Sri.Arulraj, Additional Chief Metropolitan Magistrate, Egmore,delivered the judgement on 5-

11-04 as follows:
“The accused is found guilty of offences under section 469, 509 IPC and 67 ofIT Act 2000 and the
accused is convicted and is sentenced for the offence toundergo RI for 2 years under 469 IPC and to pay
fine of Rs.500/-and for theoffence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to
pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RIfor 2 years and to pay fine of
Rs.4000/- All sentences to run concurrently.”

Case 4: Father & son convicted under IT act in Kerala.

The Additional District and Sessions Court here has upheld a lower court’sverdict in the first cyber case
filed in the State sentencing a Pentecostal Church priest and his son to rigorous prisonment in 2006.

Disposing of the appeal filed by the priest T.S. Balan and his son, AneeshBalan, against the order of the
Chief Judicial Magistrate, on Wednesday,

Additional District Judge T.U. Mathewkutty said it was time the government toeffective measures to
check the growing trend of cyber crimes in the State.The court upheld the magistrate’s order sentencing
the two to three-year rigorous imprisonment and imposing a fine of Rs. 25,000 under Section 67 of the
information technology (IT) Act; awarding six months rigorous imprisonment under Section 120(B) of
the Indian Penal Code; and ordering one year rigorous imprisonment and imposing a fine of Rs. 10,000
under Section 469 of the code.The court revoked the sentence under Section 66 of the IT Act. The cyber
case dates back to January-February 2002 and the priest and his son became the first to be convicted of
committing a cyber crime.

The two were found guilty of morphing, web-hosting and e-mailing nude pictures of Pastor Abraham and
his family.

Balan had worked with the pastor until he fell out with him and was shown thedoor by the latter.Balan
joined the Sharon Pentecostal Church

later.The prosecution said the duo had morphed photographs of Abraham, his son,Valsan Abraham, and
daughter, Starla Luke, and e-mailed them from fake mail IDs with captions.

The morphed pictures were put on the web and the accused, who edited a local magazine called The
Defender, wrote about these photos in his publication. Valsan received the pictures on the Internet and
asked his father to file a complaint to the police. A police party raided the house of Balan and his son at
Perumbavoor and collected evidences.The magistrate’s verdict came after a four-year trial, for which the
court had to procure a computer with Internet connection and accessories.The police had to secure the
services of a computer analyst too to piecetogether the evidences. Twenty-nine witnesses, including the
Internet service provider and Bharat Sanchar Nigam Ltd., had to depose before the court.

Case 5: Well-known orthopedist in Chennai got life.

Dr. L Prakash stood convicted of manipulating his patients in various ways,forcing them to commit sex
acts on camera and posting the pictures and videos on the Internet. The 50-year-old doctor landed in the
police net in December 2001 when a young man who had acted in one of his porn films lodged a
complaint with the police.Apparently the doctor had promised the young man that the movie would be
circulated only in select circles abroad and had the shock of his life when he saw himself in a porn video
posted on the web Subsequent police investigations opened up a Pandora's box. Prakash and his younger
brother, settled in the US had piled up close to one lakh shots and video footages, some real and many
morphed.

They reportedly minted huge money in the porn business, it was stated.Fast track court judge R Radha,
who convicted all the four in Feb 2008 , alsoimposed a fine of Rs 1.27 lakh on Prakash, the main accused
in the case, and Rs 2,500 each on his three associates - Saravanan, Vijayan and Asir Gunasingh.The Judge
while awarding life term to Prakash observed that considering the gravity of the offences committed by
the main accused, maximum punishment under the Immoral Trafficking Act (life imprisonment) should
be given to him and no leniency should be shown.

The Judge sentenced Prakash under the Immoral Trafficking Act, IPC, Arms Act and Indecent
Representation of Women (Prevention) Act among others.

Case 6:Juvenile found guilty for sending threatening email.

A 16 year old student from Ahmadabad who threatened to blow up Andheri Railway station in an email
message was found guilty by the Juvenile court in Mumbai. A private news channel received an email on
18 March 2008 claiming sender as Dawood Ibrahim gang saying a bomb would be planted on an
unspecified train to blow it up. The case was registered in Andheri Police station under section 506 of IPC
and transferred to cyber crime investigation cell. During Investigation CCIC traced the cyber cafe from
which the email account was created and threatening email

was sent.

Cafe owner told police about friends which had come that day to surf the net.Police Summoned them and
found that the system which was used to send emai was accessed by only one customer. On 22nd March
08, police arrested the boy a Class XII science student who during interrogation said that he sent the email
for fun of having his prank flashed as “breaking news’’ on television.

CASE STUDY

INDIA'S FIRST ATM CARD FRAUD

The Chennai City Police have busted an international gang involved in cyber crime, with the arrest of
Deepak Prem Manwani (22), who was caught red-handed while breaking into an ATM in the city in June

last, it is reliably learnt. The dimensions of the city cops' achievement can be g a u g e d f r o m the
fact t h a t t h e y h a v e n e t t e d a ma n who is on the wa n t e d list of the formidable FBI of the
United States. At the time of his detention, he had with him Rs 7.5 lakh knocked off from two ATMs in
T Nagar and Abiramipuram in the city. Prior to that, he had walked away with Rs 50,000 from an ATM
in Mumbai.

While investigating Manwani's case, the police stumbled upon a cyber crime involving scores of
persons across the globe.

Manwani is an MBA drop-out from a Pune college and served as a marketing executive in a Chennai-
based firm for some time.

Interestingly, his audacious crime career started in an Internet cafe. While browsing the Net one day, he
got attracted to a site which offered him assistance in breaking into the ATMs. His contacts, sitting
somewhere in Europe, were ready to give him credit card numbers of a few American banks for $5 per
card. The site also offered the magnetic codes of those cards, but c h a r g e d $200 p e r c o d e .
The operators of the site had devised a fascinating idea to get the personal identification number (PIN)
of the card users. They floated a new site which resembled that of a reputed telecom companies.

That company has millions of subscribers. The fake site offered the visitors to return$11.75 per head
which, the site promoters said, had been collected in excess by mistake from them. Believing that it was
a genuine offer from the telecom company in quest subscribers logged on to the site to get back that little
money, but in the process parted with their PINs.

Armed with all requisite data to hack the bank ATMs, the gang started its systematic looting . Apparently,
Manwani and many others of his ilkentered into a deal with the gang behind the
site and could purchase any amount of data, of course on certain terms, or simply enter into a deal on a
booty-sharing basis.
Meanwhile, Manwani also managed to generate 30 plastic cards that contained necessary data to enable
him to break into ATMS.

He was so enterprising that he was able to sell away a few such cards to his contacts in Mumbai. The
police are on the lookout for those persons too.

On receipt of large-scale complaints from the billed credit card users and banks in the United States, the
FBI started an investigation into the affair and also alerted the CBI in New Delhi that the international
gang had developed some links in India too.

Manwani has since been enlarged on bail after interrogation by the CBI. But the city police believe that
this is the beginning of the end of a major cyber crimeion, several lakh.

Cyber Attacks on India(2018)

Out of the top 10 most targeted countries by cyber attackers, India ranks fourth and cybersecurity
defenders are facing a lot of threats from these cyber criminals. cyber attacks is an illegal activity and is
continuously increasing in India for financial loot.

Cyber Attack is an attempt to destroy or infect computer networks in order to extract or extort money or
for other malicious intentions such as procuring necessary information.

cyber attacks alter computer code, data or logic via malicious code resulting in troublesome consequences
which can compromise the information or data of the organizations to make it available to cybercriminals.
Cyber attacks consist of various attacks which are hacking, D.O.S, Virus Dissemination, Credit Card
Fraud, Phishing or Cyber Stalking

Major and Minor Cyber Attacks in India 2018

SIM Swap Fraud

In August 2018, two men from Navi Mumbai were arrested for cybercrime. They were involved in
fraudulent activities concerning money transfers from the bank accounts of numerous individuals by
getting their SIM card information through illegal means.
url: https://www.testbytes.net/wp-content/uploads/2018/08/8.png

These fraudsters were getting the details of people and were later blocking their SIM Cards with the help
of fake documents post which they were carrying out transactions through online banking.

They were accused of transferring 4 crore Indian Rupees effectively from various accounts. They even
dared to hack the accounts of a couple of companies.

Prevention: The information required for such a scheme is gathered via various public domains and is
misused later. Sharing personal information with unknown applications and domains can help in
minimizing the risk of having your personal information reaching people with malicious content.
Fraudsters use the victim’s information in various scams and trick them into fraudulent activities. It is
advisable therefore that the site where n individual is entering his banking or other details should be
verified for authenticity, as scammer uses the fake site to get the information directly from prospective
victims

Cyber Attack on Cosmos Bank

 A daring cyber attacks was carried in August 2018 on Cosmos Bank’s Pune branch which saw nearly 94
Crores rupees being siphoned off.
Hackers wiped out money and transferred it to a Hong Kong situated bank by hacking the server of
Cosmos Bank. A case was filed by Cosmos bank with Pune cyber cell for the cyber attack. Hackers
hacked into the ATM server of the bank and stole details of many visa and rupee debit cards owners.

The attack was not on centralized banking solution of Cosmos bank. The balances and total accounts
statistics remained unchanged and there was no effect on the bank account of holders. The switching
system which acts as an interacting module between the payment gateways and the bank’s centralized
banking solution was attacked.

Url: https://www.testbytes.net/wp-content/uploads/2018/08/Master.jpg

The Malware attack on the switching system raised numerous wrong messages confirming various
demands of payment of visa and rupee debit card internationally. The total transactions were 14,000 in
numbers with over 450 cards across 28 countries.

On the national level, it has been done through 400 cards and the transactions involved were 2,800. This
was the first malware attack in India against the switching system which broke the communication
between the payment gateway and the bank.

Prevention: Hardening of the security systems by limiting its functions and performance only to
authorized people can be the way forward.
Any unauthorized access to the network should immediately set an alarm to block all the access to the
bank’s network. Also, to minimize risk, enabling a two-factor authentication might help.

Through testing, potential vulnerabilities can be fished out and can make the entire digital part of the
banking system safe.

ATM System Hacked in Kolkata

In July 2018 fraudsters hacked into Canara bank ATM servers and wiped off almost 20 lakh rupees from
different bank accounts. The number of victims was over 50 and it was believed that they were holding
the account details of more than 300 ATM users across India.
The hackers used skimming devices on ATMs to steal the information of debit card holders and made a
minimum transaction of INR 10,000 and the maximum of INR 40,000 per account.

On 5 August 2018, two men were arrested in New Delhi who was working with an international gang that
uses skimming activities to extract the details of bank account.

Prevention:

Enhancement of the security features in ATM and ATM monitoring systems can prevent any misuse of
data.
Another way to prevent the fraudulent activity is to minimize the risk of skimming by using lockbox
services to receive and transfer money safely.

This uses an encrypted code which is safer than any other payments.

Websites Hacked:

Over 22,000 websites were hacked between the months of April 2017 and January 2018. As per the
information presented by the Indian Computer Emergency Response Team, over 493 websites were
affected by malware propagation including 114 websites run by the government. The attacks were
intended to gather information about the services and details of the users in their network.

Prevention:

Using a more secure firewall for network and server which can block any unauthorized access from
outside the network is perhaps the best idea.
Personal information of individuals is critical for users and cannot be allowed to be taped into by
criminals. Thus, monitoring and introducing a proper network including a firewall and security system
may help in minimizing the risk of getting hacked.

Security Testing and its Significance

Hackers and criminals are getting smarter every day. Counter measure is to predict their attack and block
it in the most effective way possible before any unfortunate events

In Testing, mostly 4 major types of testing ate performed

 Network security

 System software security

 Client-side application security

  Server-side application security

Judicial Reformations

In India cyber crime cases are registered under three broad categories they are Information technology act,
Indian penal code, and other State Level Legislations (SLL). The following are the cases registered under
IT Act7.

•Tampering of electronic documents – sec. 65 of IT Act

•Loss or damage to computer utility or resource – sec 66(1)

•Hacking – sec. 66(2)

•Electronic obscenity – sec. 67

•Failures of order of certifying authority – sec. 685

•Unauthorized access to computer system – sec. 70

•Misrepresentation – sec. 71

•Fake digital signature publishing – sec. 73

•Fake digital signature – sec. 74

•Privacy/confidentiality breach – sec. 72

•And many other crimes8.

Regulation by the Government for Handling Cybercrime Cases

The Ministry of Home Affairs advised the state governments and union territories to handle cyber crime
cases by building cyber crime cells equipped with technical infrastructure. Cyber crime police stations,
trained cyber crime experts for detecting the crimes, filling the cases, Investigation and prosecution of
cyber crime cases. Government has implemented a plan for developing cyber forensic tools and setting up
cyber forensics labs. CERT-In (Indian Computer Emergency Response Team) and also CDAC (Centre for
Development of Advanced Computing) giving advanced training for the law enforcement agencies, cyber
forensics labs and also Judiciary officer on collecting the evidences, analysis and preservation and finally
presenting the collected the evidences in court.

GENERAL TIPS ON AVOIDING POSSIBLE INTERNET FRAUD SCHEMES

1. Don’t Judge by Initial Appearances

It may seem obvious, but consumers need to remember that just because something appears on the
Internet- no matter how impressive or professional the Web site looks - doesn‘t mean it's true. The ready
availability of software that allows anyone, at minimal cost, to set up a professional-looking Web site
means that criminals can make their Web sites look as impressive as those of legitimate e-commerce
merchants.

1. Be Careful About Giving Out Valuable Personal Data Online

If you see e-mail messages from someone you don't know that ask you for personal data -such as your
Social Security number, credit-card number, or password - don't just send the data without knowing more
about who's asking. Criminals have been known to send messages in which they pretend to be (for
example) a systems administrator or Internet service provider representative in order to persuade people
online that they should disclose valuable personal data.

2. Be Especially Careful About Online Communications with Someone Who Conceals His True
Identity

If someone sends you an e-mail in which he refuses to disclose his full identity, or uses an e-mail header
that has no useful identifying data (e.g., "W6T7S8@provider.com"), that may be an indication that the
person doesn't want to leave any information that could allow you to contact them later if you have a
dispute over undelivered goods for which you paid. As a result, you should be highly wary about relying
on advice that such people give you if they are trying to persuade you to entrust your money to them.

3. Watch Out for "Advance-Fee" Demands

In general, you need to look carefully at any online seller of goods or services who wants you to send
checks or money orders immediately to a post office box; before you receive the goods or services you've
been promised. Legitimate startup "dot.com" companies, of course, may not have the brand - name
recognition of long - established companies , and still be fully capable of delivering what you need at a
fair price. Even so, using the Internet to research online companies that aren't known to you is a
reasonable step to take before you decide to entrust a significant amount of money to such companies.

2. SUGGESTIONS ON CYBER MONEY LAUNDERING

Because of the nature of Cyber money laundering, no country can effectively deal with it in isolation.
Cyber money laundering has to be dealt with at organizational [Bank or Financial Institution], national.

AT ORGANIZATIONAL [BANK] LEVEL

The banking and other financial organisations can reduce the quantum of money laundering by following
the guidelines issued by central banks of respective countries in letter and spirit. The old principle of
‗Knowing the customer‘ well will help a great deal.

Result

 Cyber incidents are multiplying at an alarming pace and they are increasingly becoming more
complex causing multiple disruptions in businesses and economies.
 Day by day the cyber attacks are increasing.
 There are different techniques which of cyber through which a cyber attacker can use to harm any
person.
 Most of the cases where of stealing money and attacks.
 Discussion
In the 1990s, discussion about the use of the network by terrorist organizations focused on networkbased
attacks against critical infrastructure such as transportation and energy supply (“cyberterrorism”) and the
use of information technology in armed conflicts (“cyberwarfare”).557 The success of virus and botnet
attacks has clearly demonstrated weaknesses in network security. Successful Internet-based attacks by
terrorists are possible,558 but it is difficult to assess the significance of threats559. Back then, the degree
of interconnection was small compared to nowadays, and it is very likely that this – apart from the interest
of the states to keep successful attacks confidential – is one of the main reasons why very few such
incidents were reported. At least in the past, therefore, falling trees posed a greater risk for energy supply
than successful hacking attacks.560 This situation changed after the 9/11 attacks, which prompted the
start of an intensive discussion about the use of ICTs by terrorists.561 This discussion was facilitated by
reports562 that the offenders used the Internet in their preparation of the attack.563 Although the attacks
were not cyberattacks, insofar as the group that carried out the 9/11 attack did not carry out an Internet-
based attack, the Internet played a role in the preparation of the offence.564 In this context, different ways
in which terrorist organizations use the Internet were discovered.565 Today, it is known that terrorists use
ICTs and the Internet for: • propaganda • information gathering • preparation of real-world attacks •
publication of training material • communication • terrorist financing • attacks against critical
infrastructures. This shift in the focus of the discussion had a positive effect on research related to
cyberterrorism as it highlighted areas of terrorist activities that were rather unknown before. But despite
the importance of a comprehensive approach, the threat of Internet-related attacks against critical
infrastructure should not be removed from the central focus of the discussion. The vulnerability of and the
growing reliance566 on information technology makes it necessary to include Internet-related attacks
against critical infrastructure in strategies to prevent and fight cyberterrorism. Despite the more intensive
research, however, the fight against cyberterrorism remains difficult. A comparison of the different
national approaches shows many similarities in the strategies.567 One of the reasons for this development
is the fact that the international communities recognized that the threats of international terrorism require
global solutions.
 CONCLUSION

As we know day by day the cyber attacks are increasing the cyber attacks are perform for mostly to harm
or stole the secure data of Government, Organization, etc. Some cyber attacker does the attacks only for
the fun purpose.

Cyber security is among the top challenges being faced by many organizations in the country; coupled
with the digital transformation journey, which several companies are either undergoing or plan to
undergo. As businesses expose themselves to evolving technology and digital ecosystems, they need to
ensure that the risk exposure due to cyber is managed.

Cyber attacks in the current era have become more specialized and concentrated in nature, targeting
specific organizations and individuals. With the attack pattern becoming more directed, the impact due to
incidents have made alarming damages spanning financial losses, disruption of operational services,
erosion of shareholder value and trust. There is a need to understand this threat comprehensively, given
the threat is constantly evolving, and create an effective cyber resilient environment to withstand these
testing times.

It is seen that with an increased trend of attacks, top management of organizations are now beginning to
understand the need for cyber intelligence, cyber resilience, and measures to decrease the impact from
cyber attacks.
 BIBLIOGRAPHY

 https://telecom.economictimes.indiatimes.com/news/india-saw-457-rise-in-cybercrime-in-five-
years-study/67455224
 https://www.paytel.com/faq/the-theft-of-telecommunications-service-is-a-crime/
 https://economictimes.indiatimes.com/industry/banking/finance/banking/2019-may-finally-put-an-
end-to-indias-banking-woes/articleshow/67342863.cms
 https://www.thesslstore.com/blog/2018-cybercrime-statistics/
 http://it.slashdot.org/article.pl?sid=07/09/19/036203
 http://www.dnaindia.com/money/report_antivirus-war-hots-up-withmonthly-plans_1198789
 http://www.isc2.org/PressReleaseDetails.aspx?id=3238
 The 2009 “Tour of Cyber Crimes” by Joe St Sauver, Ph.D. (joe@uoregon.edu),
http://www.uoregon.edu/~joe/cybercrime2009/
 http://www.newworldencyclopedia.org/entry/Cybercrime#Credits
 http://www.newworldencyclopedia.org/entry/Cybercrime#Credits

 http://www.cbintel.com/AuctionFraudReport.pdf
 http://searchcrm.techtarget.com/sDefinition/0,,sid11_gci1000478,00.html
 http://www.state.gov/www/regions/africa/naffpub.pdf
 http://ezinearticles.com/?Reshipping-Fraud---A-Home-Business-Con&id=582426
 http://www.paid-survey-success.com/online-scams-high-yield-investment-programs-hyip/
 http://www.consumerfraudreporting.org/Education_Degree_Scams.php
 http://www.healthwatcher.net/dietfraud.com/Dietcraze/scams_belldietpatch.html
 http://reviews.ebay.com/BEWARE-COUNTERFEIT-ITEMS-BEING-SOLD-AS-
AUTHENTIC_W0QQugidZ10000000004551474
 http://www.smokersclubinc.com/modules.php?name=News&file=article&sid=2373
 http://www.theregister.co.uk/2002/03/28/online_gambling_tops_internet_ca
 https://www.testbytes.net/blog/cyber-attacks-on-india-2018/
 Appendices