TITLE OF THE RESEARCH PAPER

Crticial Analysis Of Data Theft In Cyber Space

NAME OF THE STUDENT: Pradeep Punuru
ROLL NO.: 2016076
SEMESTER: 8TH / B

NAME OF THE PROGRAM: 5 year (B.A., LL.B.)

NAME OF THE FACULTY MEMBER: Dr. P. Sree Sudha

DAMODARAM SANJIVAYYA NATIONAL LAW UNIVERSITY

NYAYAPRASTHA “, SABBAVARAM,
VISAKHAPATNAM – 531035, ANDHRA PRADESH
 ACKNOWLEDGEMENTS

I would like to sincerely thank my P. Sree Sudha Ma'am of I.T Law faculty for giving me this
subject and guiding me during the project. I learned a great deal about the afore mentioned
subject through this project, and this in turn helped me develop as a student.
 TABLE OF CONTENTS

INTRODUCTION 3
What is Identity theft? 3
Definition 3
Identity theft Statistics 4
Types of Identity theft 4
 Criminal Identity theft 4
 Financial Identity theft 5
 Synthetic Identity theft 5
 Identity cloning and concealment 5
 Medical Identity theft 6
 Child Identity theft 6
How does identity theft happen 6
 Phishing 6
‘Smishing’ and ‘Vishing’ 6
 Pharming 7
 Credit Card Skimming 7
 Hacking 7
 Malicious software 7
 Unsecured websites 8
 Weak passwords 8
 By targeting children online 8
Identity theft examples 8
Stolen Cheques 9
ATM Cards 9
Fraudulent Change of Address 9
Social Security Number Misuse 9
Passports 9
Phone Service 10
Driver License Number Misuse 10
False Civil and Criminal Judgements 10
Whether Identity theft is theft within the meaning of IPC, 1860 10
Provisions of the IPC dealing with Identity theft 11
Identity theft punishments 11
Provisions in the Information Technology Act, 2000 12
Impact of Identity theft 12
 Financial toll 13
Emotional toll 14
Physical toll 15
Social toll 15
How to prevent Identity Theft 16
 Discover the source 16
 Change your passwords regularly 16
 Contact your institutions 17
 Check computer for a virus 17
How to Report Identity Theft to the Police 17
Cyber Policing in India 18
Crime and Criminal Tracking Network and Systems (CCTNS) 18
Predictive Policing 18
Cyber Crime Identity Theft Cases 19
Pune Citibank MphasiS Call Centre Fraud 19
Sony Sambandh Case 19
The Bank NSP Case 20
Andhra Pradesh Tax Case 20
SMC Pneumatics Pvt. Ltd. vs. Jogesh Kwatra 21
Bazee.com Case 21
State of Tamil Nadu vs. Suhas Katti 21
Nasscom vs. Ajay Sood & Others 22
Cyber Attack on Cosmos Bank 23
BSNL, Unauthorized Access 23
How to Protect Yourself from Identity Theft 24
 Compulsory use of Passwords 24
 Mix up your Passwords 24
 Keep a distance from Shady Websites and Links 24
 Never Give Out Personal Information 24
 Protect Documents with Personal Information 25
 Limit Your Exposure 25
How to Prevent Frauds in Business 25
Switch to Digital Statements 25
Invest in a Quality Shredder 26
Build a Secure Filing System 26
Best Digital Security 26
Planned User Data Access 26
Using Strong Passwords 27
How to Prevent Frauds in Banks 27
  Multi-Factor Authentication 27
 Monitor Transactions 27
 Controlling Transactions 27
 Raise Fraud Awareness 27
 Digital Banking 28
How to Prevent Frauds in Social Media 28
Conclusion 28
INTRODUCTION
Identity theft has become a global problem. This is an area of serious concern. Identity theft
is defined as the crime of the new millennium. However, the overwhelming fact is that due to
the Information Technology Revolution, some results have led to positive growth while
others have become a major concern and identity theft is one of them.   

Is identity theft escalating into alarming threats? How is it harmful to the general

public? How to deal with it? The problem raises related questions that need to be
answered.    

What is identity theft?

Definition

Identity theft, also known as identity fraud, is a crime in which the accused obtains key
information that enables the person to be identified. Identity theft refers to the fraudulent use
of someone else's name and personal information to obtain a loan, loan, etc. Identity theft is
the deliberate use of someone else's identity for a financial or other benefit on behalf of that
person. This happens when thieves steal your personal information to gain access to your
bank account or use it to commit a fraud or crime.   

Identity Theft Statistics

According to research by experts:  

 Fifty percent of Asia Pacific companies surveyed saw an increase in fraud losses in
the past 12 months from account opening and account takeover - both of which can
damage a brand's reputation. 
 Fraud losses were particularly noticeable in India at 65 percent.
   In India, 87% of companies expressed increased concern about the potentially
harmful effects of fraud on their business. 
 71% of Indian residents say security is their number one priority when using the
Internet, followed by convenience and personalization - 15% and 14%.
 64 percent of consumers in India have full confidence in the capabilities of the
companies that protect them and employ the most current security measures.
  Identity theft is the cause of 28% of all frauds in India
   Fraud rates are highest for credit cards, while two-wheelers have the lowest fraud
rates. 
 Delhi and West Bengal have the highest fraud rates, followed by Punjab, Uttar
Pradesh and Haryana. 

Types of identity theft

Criminal identity theft

Criminal identity theft occurs when someone who has been arrested for a crime introduces
himself as another person by using that person's data and information. This results in a victim
being placed on the criminal record who may not be aware of the crime or may not find out
about the crime until it is too late or when the court calls.  

It must be difficult for the victim to clean up their records as jurisdiction is different for each
crime and it will be very difficult to establish the true identity of the offender. you may need
to find police officers who will identify the victim and the court will investigate the charges
after an investigation.  

Financial identity theft

Financial identity theft means a victim hijacking a victim's account by stealing their personal
data. Thus, financial identity theft is the result of identity theft. The criminals' ultimate goal is
to either obtain a credit card in the victim's name or withdraw an amount from the victim's
account.   

This includes taking a loan in the victim's name, writing checks in the victim's name, or
transferring money from the victim's account. In addition, using goods and services by
impersonating someone else constitutes financial identity theft.  

Synthetic identity theft

Synthetic identity theft is the most common identity theft in which the original identities are
wholly or partially falsified. This is done by criminals by combining fake credentials and
legitimate personal data of the victim to create a false document. This fake document can be
used by the criminal to apply for a loan, obtain a duplicate license, apply for a loan, etc.   

This is of great harm to creditors who have granted a fraud credit. Victims are less affected if
their names are confused with a synthetic identity or negative assessments can affect their
creditworthiness.  

Cloning and concealing identity

Identity cloning is when someone uses someone else's identity to hide their identity. It is
mainly used by immigrants. A person may apply for a visa by using false information and
thus concealing their identity. Terrorists use identity cloning to impersonate someone else.   

So, instead of using someone's identity for financial gain or committing crimes, the offender
uses it for the life of the person whose information was obtained. 

Medical Identity Theft

Medical identity theft occurs when a criminal uses someone else's information to buy
prescription drugs, see a doctor, or claim an insurance benefit . As a result, the medical
records of the offender are added to the victim's file. Thus, this has serious implications for
the victim's medical records.  

Child identity theft

Theft in which a child's identity is used by another person for illegal gain is called child
identity theft. Anyone unknown friend or even family member who attacks children can be a
scammer.  

How identity theft occurs

There are different methods of identity theft. Some of them are described below. 
Phishing

Phishing refers to the collection of personal information by sending fraudulent e-mails to the
recipient. The recipient believes that the email was sent from some authorized source or is
what the recipient needs. For example, the bank or the company the recipient works for.  

" Smishing " and "Vishing"  

" Smishing " and "Vishing" are two hybrid versions of "Phishing".           

Smishing : In Smishing , cyber criminals use text messages to obtain victims' personal

information. Cyber criminals often use social engineering techniques to lure victims into
obtaining sensitive information. Cyber criminals usually direct their victims to either go to a
link or call a specific number. They demand immediate action to avoid damage or take
advantage of the offer, and this ultimately leads to information theft.        

Vishing: Vishing is a combination of the two words "Voice" and "Phishing". In Vishing,

cybercriminals use Voice over Internet Protocol (VOIP) or make phone calls to extract
information. Vishers often create fake caller IDs or profiles to make them appear
legitimate.       

Pharming

Pharming refers to a scam where a cybercriminal installs malicious code on a personal

computer or server, redirecting users to a deceptive website without their consent or
knowledge. Pharming disguises fake, deceptive, and data-gathering websites as legitimate
and trusted. 

Reading credit cards

Credit card fraud victims find fraudulent payment of money and charges in their
account. Surprisingly, all this happens while the victim is in possession of a credit card. 

This is a type of credit card theft where fraudsters often use a small device to steal credit card
information which includes the card number, card expiry date, card holder's name, etc. The
information is stolen with a small device called a "skimmer" when the person swipes their
credit card onto the skimmer, all data that was written on the magnetic strip of the card is
captured by the skimmer. Thieves use this information to make fraudulent transactions and to
withdraw money.      

After the information is stolen, the thief can use a cloned credit card to
make n  transactions. Victims of credit card collection are often unaware of theft. Thieves can
also put a hidden camera to steal an ATM card PIN.       

Hacking       

Cyber criminals often hack the victim's computer and then control the victim's
activities. Hacking means being authorized to access someone's computer. 

Malicious software

Malware or malware is any program or software designed to damage a victim's computer.     

Malicious software is installed on the victim's computer without the victim's consent or
knowledge. The user is directed to go to a malicious website by clicking a malicious
link. Malware is often installed on the victim's computer when they try to download a movie
for free or download online games from an unauthorized site. These sites often steal the
victim's information by accessing their computer.   

Insecure websites       

The user should always make sure that the site is secure before making any transactions. An
unsecured website can lead to the theft of your personal information. The user should make
sure the site is "https" and not "http", "s" means the site is secure. This will reduce the
chances of the user ID and password being compromised.   

Weak passwords   
People often use weak passwords for social media accounts and ATM PINs. It is easier for
hackers to crack such passwords and steal victim's information. Therefore, it is always
recommended to use a longer password that is a combination of letters, numbers and special
characters. It is also recommended not to share passwords with other people.    

Reaching out to children on the Internet           

Children can easily share their passwords without realizing the consequences. Therefore,
parents must be vigilant and instruct their children not to share the password with anyone. 

Examples of identity theft

The cyber-thief can steal victim information in many ways. Some of them are discussed
below:  

Stolen checks

Cyber criminals can steal a victim's identity in many different ways. One of the most
common is stealing checks. Victims can steal a blank check or wash the ink on the check. To
protect yourself from such fraud, you should keep an eye on your bank account and regularly
check the emails received from your bank. If anything suspicious is found, you should
immediately notify the bank that you are stopping any transactions and investigating the
matter.    

ATM cards

A thief can steal information from ATM cards.

Unfair change of address

Inform a nearby post office in case you speculate that a scam has noted a difference in the
location of the post station or used the post office to send a loan or to extort a bank. Find out
where fake charge cards were sent. Inform nearby mail of your location to route all mail on
your behalf to your location. You can also talk to the postal carrier.      

Misuse of your social security number

Call a government-managed savings organization to report fraudulent use of the standard
savings number. If all else fails, you should change the number. The SSA is likely to change
this, if there is no chance that you fit their false interpretations of the victims. Likewise, ask
for a duplicate of the profit and benefit statement and check that it is accurate.    

Passports

If you do not have an international ID, please inform the ID office on paper to beware of
anyone who falsely applied for another visa. 

Telephone service

If there is no chance that your Long Separation calling card has been stolen or you find
fraudulent charges on your bill, drop the record and open another. Provide a secret word that
should be used each time the record is charged.  

Misuse of the driving license number

You may need to change your driver's license number in case someone uses yours as
distinguishing evidence on horrible checks. Call the Branch of Engine Vehicles (DMV)
office in Colombia to see if another permit has been issued in your name. Put an enforcement
warning on your permission. Go to a nearby DMV to request a different number. Likewise,
complete the DMV objection structure to start the extortion study process. Send the auxiliary
archives with the structure of reservations to the nearest DMV examination office.      

False sentences in civil and criminal matters

From time to time, victims of fraudulent acts are wrongly blamed for breaches reported by
sham violations. If there is no chance that a general judgment has been passed on your behalf
regarding the fraudulent act, contact the court where the decision was made and report that
you are a victim of data forgery. If there is no chance that you have been wrongly accused of
a crime, contact the state Branch of Equity and the FBI. A request that testifies to your
innocence.   
Is identity theft theft as defined in IPC, 1860
While identity theft is by name a special type of theft involving user data, it does not fall
under section 378 (theft) of the Independent Consultant. This is because it is used only for
movable or detachable property and is tangible in nature ( section 22 IPC).        

Electricity was stolen, but in the case of Avtar Singh v. Punjab State , the Supreme Court
ruled that this was because of section 39 of the Electricity Act and there was no intention to
extend section 378 of the IPC.          

Hence, although the identity information is binary data signals of ones and zeros managed by
streams of electronic waves such as electricity, section 378 cannot be read to account for data
or identity theft.

Independent Consultant Provisions Relating to Identity Theft

Certain arrangements at the IPC, similar to fabrication and misrepresentation, were amended
by the Information Technology Act of 2000 prior to the administration of offenses such as
counterfeit archives. To include electronic records. Subsequently, the scope of such offenses
was extended to also include breaches related to information on the computer. Then falsify
and make false documents ( IPC section 464 ) and punishment in IPC section 465 , falsify
cheating motivations (segment 468), false due to injured publicity (segment 469), use as
authentic produced record (area 471), and possess a report, known to be produced and
intended to be used as certified (segment 474) can be combined with reports in IT. For
example, Segment 468 and Area 471 can be activated when a person creates an electronic
record site to trick unfortunate victims into revealing their sensitive data in order to deceive
them. In addition, area 419 can be used in situations where the accused has used data about a
person's individual character and imitates such an unfortunate victim to present false
information or deceive. Segment 420 can be used when there is no chance that "anything that
can be turned into valid security" within the meaning of the demonstration will be reviewed
to include new, distinctive person data. In addition, the Master Board of trustees on Changes
to the IT Act, 2000 recommended some changes to the IPC to include Segment 417 A, which
would give as much as three years of discipline in cheating using one type of distinguishing
evidence of another. person. It also resulted in pantomime cheating on a system or PC being
punishable by up to five years in detention and a fine in Area 419 A.30. These proposals have
not yet been incorporated into the IPC, but would gradually provide precise rules on
wholesale fraud.               
Penalties for identity theft
Under Section 66C of the IT Act of 2000, anyone who fraudulently or fraudulently uses an
electronic signature, password, or any other unique identification feature of any other person
is punishable by imprisonment of any description for a period that may be up to three years
and is punishable by a fine that may amount to one lakha of rupees.    

Provisions of the Information Technology Act of 2000

The IT Act of 2000 is India's main cybercrime law. Although its purpose was mainly to
identify e-commerce in India and did not define cybercrime as such. Prior to the 2008
amendment, Section 43 of theAct could have been used to impose civil liability for damages
not exceeding one Crore for unauthorized access to a computer system or network
(subsection a) and for helping to facilitate such an offense (subsection sol). Article 66 of the
Act only concerned hacking cybercrime, where criminal sanctions were imposed for the
destruction, deletion, alteration or reduction of the value of computer resources. If a person
has secretly obtained identity information from a computer without altering it in any way, this
provision cannot be applied. The term identity theft itself was used for the first time in a
revised version of the IT Act in 2008. Article 66 criminalizes any fraudulent or unfair
behavior in relation to section 43 of the same law. Section 66 (A), now considered
unconstitutional, covered phishing crime. Section 66 B deals with fraudulently receiving
stolen computer resources. Article 66 C explicitly provides for a penalty for identity theft and
is the only place where it is defined. On the other hand, section 66 D was inserted to punish
fraud by impersonating other people using computer resources . This provision can be seen as
similar to the recommendations of the Committee of Experts in section 419 (A) as mentioned
earlier. Several other provisions introduced into the amendment include penalties for breach
of privacy and cyberterrorism. Women and children were also granted protection under
sections 67 A and 67 B of the Act. In addition, stricter rules are laid down to protect
"sensitive personal data" in the hands of (corporate) intermediaries and service providers,
thus ensuring data protection and privacy. Only in exceptional cases in which such data may
be disclosed are they transferred to an agency authorized by the state or central government
for supervision, monitoring or interception in accordance with section 69 of the IT Act. The
scope of sensitive personal information is defined in the 2011 IT Policy. As slogan, financial
information, physical, physiological and mental health, sexual orientation, medical records
and history, and biometric information. Accordingly, depending on the method by which the
identity theft was committed, the above-mentioned laws may apply.                        
The Effects of Identity Theft 
Identity theft or identity fraud occurs when a thief accesses personal information such as
name, address, credit card or bank account numbers, social security number, phone or
account numbers, passwords, or medical insurance numbers and uses this information to
economic purposes. get.

The actions you need to take, the length of the recovery time, and the consequences of
personal data theft will largely depend on the type of identity theft you have experienced. In
extreme cases, some people have spent over six months solving financial and credit problems
related to identity theft.     

The negative effects of identity theft are often financial but can also have other consequences,
including an emotional toll. For example, if a thief commits a crime and reports your name to
the police, this is known as criminal identity theft and the authorities arrest you as a result,
you can imagine the resulting stress as well as disruption of your life until you are able to
resolve the situation. 

In this article, we'll go over four different ways that identity theft can affect victims:

 Materially
                

 Emotionally
                

 Physically
                

 Socially
                

Financial fees

The financial difficulties that can be caused by identity theft can last months or even years
after the disclosure of personal information. Obstacles people face depend on the type of data
criminals collect.  

1.   Discussing identity thief activities in your credit files and working to restore good
credit.
2.   Cleaning and closing bank accounts and opening new accounts
3. Changing passwords
By hijacking your account, identity thieves can also seize your property and other financial
accounts, the effects of which could affect your retirement, mortgage, and education.

And identity theft isn't necessarily something to be forgotten, especially when it concerns
sensitive personal information like your Social Security number. Thieves may not use your
information for months or even years - waiting for a time when you may not be paying
attention to the risks. Thieves can also sell personal information on the dark web. You may
need to be vigilant and watch the red flags indefinitely.              

If your identity theft problem is so complex that it requires expert advice, legal fees can
increase your financial impact.

In fact, some victims eventually turn to the government for help with recovery, which shows
the potential scale of the difficulties with identity theft.

An emotional harvest

Perhaps a less visible consequence of identity theft is the emotional toll that can
follow. Identity theft is usually a faceless crime that can evoke a lot of sensitive feelings. The
first feeling victims may experience is anger. But after the first shock, other difficult and
long-term effects may emerge.   

For example, the person who raises your identity may be committing crimes on your behalf,
which can immediately harm your status and be stressful to establish. If you are applying for
a job and a criminal record comes up during the verification of your past, it can harm not only
your job but also your self-esteem. Moreover, criminal identity theft could lead to your arrest
before you can solve the problem.  

Victims can accuse themselves or their family members of not having an interest in their
personal data.

Since identity theft may be anonymous, victims may feel a sense of failure. A survey
conducted in 2016. In Center resources on identity theft on victims of identity theft shed light
on the prevalence of the emotional suffering caused by identity theft:         
 1. 74% of people reported feeling stressed
2.   69 percent reported a fear of personal financial security
3.    60 percent reported anxiety
4.    42 percent reported concerns about the financial security of family members
5.    8 reported suicidal thoughts  

When cleaning up messy traces of identity theft, emotional stress can affect sleep and
appetite, and lead to depression and isolation.

What about the emotional stress associated with answering phone calls from debt
collectors? When someone incurs a debt on your behalf, it can be difficult to prove that the
debt is not yours. In addition, you are required to take steps to prevent debt collection
companies and agencies from reporting the debt as yours.  

Physical fee

Identity theft problems can also show physical symptoms.

If someone uses your name or identity to commit a crime and you are arrested by law
enforcement, it is a very stressful situation. Before you clear your name, your arrest record
may still pop up based on your previous analysis, affecting everything from your profession
to housing choices. For example, you could lose your home if your credit and debt were
affected. You could lose your job if it affects your work, and you may miss out on new
business opportunities.   

Clearing your name from criminal charges can take a lot of effort, as you need to do
everything from finding out where the thief was arrested and providing law enforcement with
identification documents and fingerprints, to changing any invalid records from your last
name to the thief's name.

Criminals who have your Social Security Number may also gain access to your medical
benefits and even affect your medical records . This can lead to significant consequences
when you are under medical supervision or there is an emergency, and providers do not have
accurate information about your health, or you no longer have medical services to cover
you.   
Social fee

In today's cyber world, the Internet is another method of identity thieves who can access
sensitive personal information, such as passwords for emails and social media
accounts. Whether you use social media in your business or use it to keep in touch with
friends and family, hackers can destroy your name or jeopardize your work by using your
current account details and even create new, fake accounts. where they can post offensive
statements while pretending to be themselves.  

On a more basic level, recovery from identity theft can hurt your personal relationships as
you feel all of these stressors, and if you ask your family and colleagues for help and
financial support when you get back on your feet.

Identity theft can have eternal negative consequences for its victims. One of the best things to
do is act immediately to limit its impact and ask for help. 

 
 
How to prevent identity theft
There are various ways to prevent, detect and combat identity theft. They can help you reduce
your risk of identity theft. 

Discover the source      

The first step in resolving the problem is figuring out where it started. All recent actions need
to be thought through and what could have led to this. Any new site, response to an unusual
email, new software, or any registration with an e-commerce site could possibly cause this
theft.   

Change your passwords regularly          

The most basic mistake people make is keeping the same password for a long
time. Passwords should be changed every now and then and immediately after any identity
theft. The new password must not be closely related to the old password.   
Contact your institutions       

Immediately after identity theft, you must secure your details with a bank, lender or insurance
company, etc. Closing an account that has been accessed without permission must be closed
and a new account must be opened. 

Check your computer for virus        

Identities can be stolen via viruses or malware, but they can still hide in your computer and
attack again. To avoid this, you need to update your antivirus or seek help from an expert.  

There are certain warning signs or indicators that people need to be aware of and should
always keep in mind to prevent identity theft: 

1. Unexpected verification phone call from the bank

2. Warning or notification from the bank
3.  Unexplained entries in the credit report
4. Low charges on your bank statement
5. Unknown purchases on your card statement
  

6.  Receiving bills or bills for services you don't have

These indicators can help with identity fraud. 

How to report an identity theft to the police

Identity theft is the theft and use of someone else's information for financial gain. Victims
must immediately file a complaint with the nearest police station or Cybercrime Unit as this
qualifies as proof of identity theft. Proof can save you if a thief impersonates you by
committing a crime. A police complaint is also required to file a compensation claim from
banks. It can also help you get new accounts and renew your insurance. Police stations gave
numbers so that they could provide immediate help to those in need. According to Art. 154 of
the Code of Criminal Procedure, each police officer is required to record a notification of a
crime.       
  For security solutions, call: + 91-9717495402          
                

 For
                 background verification please call: + 91-
9978990585  
Cyberpolice in India
In the current scenario, cybercrime is at its peak in our country. These crimes increased after
demonetization as demonetization increased the number of online banking transactions. The
increase in these crimes has led to the establishment of the Cyber and Information Security
Division (C&IS), which deals with cybersecurity matters, cybercrime, national information
security policy and guidelines, and the implementation of NISPG and NATGRID etc.   

Crime and Crime Tracking Network and Systems (CCTNS)

In 2009, this department was created under the C&IS, which was approved by the Cabinet
Committee to establish a nationwide network infrastructure for an information technology-
enabled crime tracking and detection system. It included approximately 15,000 police
stations. Cyber Police Station includes a trained officer and equipment to track
and analyze digital crimes.     

Predictive Policing 

Predictive Policing needs to use data mining, statistical modeling , and machine learning on

crime-related datasets to understand likely locations of police intervention. As in
2013, Jharkhand Police and the National Informatics Center began developing data mining
software that can help them investigate criminal trials by scanning online records.         

Delhi Police with the help of the Indian Space Research Organization (ISRO) is trying to
develop a tool dictionary method known as CMAPS or Crime Analytics mapping and
predictive system. The system will identify crime scenes by linking Delhi police data with
ISRO satellite images and locating them on a map. With the help of CMAPS, the Delhi police
cut analysis time from 15 days to 3 minutes.      

Hyderabad City Police is trying to build a base known as an "Integrated People Information
Hub" that can provide a "360-degree view" of a nation's nation, including their names,
aliases, family details, addresses, and other information by a document containing their
passports, aadhar card and rights driving.       

Anyone can file a complaint through the online crime reporting system known as Digital
Police, controlled by the Indian Ministry of the Interior. It is a SMART Police Initiative that
provides citizens with a platform to file complaints online. The portal also provides access to
authorities authorized by the state to use the National Database of Crime Records for
investigation, policy making, data analysis, research, and service provision to citizens.        

The police also use various fake social media accounts to help with monitoring and
investigations. People are surprised to see how people can commit identity theft using social
media. So the police are trying to understand the mechanics and trying to control the crime
using social media.   

Identity theft cases in cybercrime

Social media plays an important role in people's lives. It's a tool that helps people stay
connected. Apps like Instagram, Facebook, Twitter and Linkedin provide us with ways that
we can stay connected all the time. Abusing or sharing these applications is harmful as it can
lead to identity theft.      

There are different cases where we can understand cybercrime:

Fraud in the Call Center Pune Citibank MphasiS   

In this case, former employees of MphasiS Ltd defrauded US Citibank customers with an

amount of around Rs. 1.5 cents. To commit this fraud, unauthorized access to personal data in
the electronic space of customer accounts was used.       

Under the Information Technology Act 2000, the use of electronic documents is considered a
criminal offense when it comes to the use of "written documents", "breach of trust", "fraud",
"conspiracy" etc. Sections 66 and 43 of the Information Technology Act of 2000 And people
are subject to imprisonment and fines and must pay compensation to victims. 

Sony Sambandh Case  
In this case, Sony India Private Ltd has filed a complaint against non-resident
Indians. Sony Sambandh website has helped them ship Sony products to friends and family in
India after paying online.    

It all started when Barbara Campa gifted a Sony color TV and wireless headphones
to Arif Azim in Noida. She made a credit card payment. After all the procedures were
completed, the company delivered the goods to Arif Azim. Later, the credit card company
informed the company about the transaction. They said the actual owner of the credit card
refused to purchase and said the transaction was unauthorized.        

The company filed a complaint with the Central Bureau of Investigation under sections 418,
419 and 420 of the IPC. Following the investigation, Arif Azim was arrested and said he had
accessed and abused a credit card number while working in a call center .      

It was India's first criminal conviction in 2013, and the CBI recovered the headphones and
TV. The CBI proved the case with evidence, and the defendant pleaded guilty. The court
accused Arif under Art. 418, 419, and 420 IPC and showed leniency towards the boy as he
was only a 24-year-old young boy and the first to be sentenced, releasing him on probation
for one year.     

The case of the NSP bank

This is one of the main cybercrime cases where a bank intern broke up with the girl he was
about to marry. Later, the girl created a fake email id and started sending emails to the boy's
foreign customers from the bank's computer. This resulted in the loss of the company's
customers. The company sued the bank and was held responsible for sending emails through
the bank's server.    

Andhra Pradesh tax case

In Andhra Pradesh, government officials exposed a businessman. He owned a plastics

company and was arrested by the Department of Vigilance, and the department regained
Rs. 22 crore cash from his house.   
The accused used to present vouchers to prove the legality of his business, but the vigilance
department operated his computer and found that the accused was running five companies
under the hood of one company, and issued illegal or duplicate vouchers representing his
sales records and save tax. 

SMC Pneumatics Pvt. Ltd. vs Jogesh Kwatra    

This is the first instance of cyber defamation in India, the accused Jogesh Kwatra works at

the plaintiff's company and began to share derogatory, demeaning, defamatory, obscene and
offensive emails with other employees and employers and other companies associated with
his company around the world just to defame the company as well as his physician, Mr. RK
Malhotra.          

The plaintiff filed a lawsuit with the Court, in which it was found that the e-mails sent by the
accused were highly defamatory, obscene and insulting. The lawyer added that the defendant
only wanted to destroy the plaintiff's reputation in India and around the world. Thus, the
accused is limited to sending such e-mails, and anyone who indulges in such activities will be
released.   

After all the arguments, the court issues an ex parte order to stop sending this type of e-mail,
and the judge also prevented him from posting, transmitting or causing any defamatory or
offensive things.  

The case of Bazee.com

In December 2004, the CEO of bazee.com was arrested because his website was selling a CD
with questionable content. The album was also available in the markets in Delhi. This case
raises the question of who is responsible here, the ISP or the content provider. The CEO was
later released on bail to prove that he was a service provider and not a content provider. This
case raised many questions regarding the handling of cybercrime cases.     
State of Tamil Nadu vs. Suhas Katti  

This case is important in cyber law cases as the judgment was delivered within 7 months. In
this case, a man who was a known friend of a divorced woman's family posted indecent,
defamatory and degrading news about the woman. He sent e-mails to a woman to gather
information via a fake account in the victim's name. As a result, the woman received many
unwise phone calls, believing that he cares for her.        

In February 2004, a woman filed a complaint and the police found the man and arrested him
over the next few days. The accused wanted to marry you, rather she married another person,
which later ended in divorce. This made the accused try to contact her again. She dismissed
him again, which forced the accused to start harassing him via the internet.    

The defendant was charged under section 67 of the Information Technology Act 2000 and
sections 469 and 509 of the IPC. The defense's arguments stated that some of the
documentary evidence presented here did not qualify as evidence under section 65B of
the India Evidence Act, and all e-mails may be distributed by her ex-husband and her ex-
husband is trying to frame the defendant. . Rather, the court focused on the lead witness, the
owners of the internet cafe, and all the evidence.        

As a result, the Court found the man guilty and charged him with imprisonment and a
fine. This is the first case convicted under Art. 67 of the Information Technology Act of
2000. 

Nasscom vs. Ajay Sood and others   

This case has a landmark ruling as this case defines "phishing" on the Internet as an illegal
activity involving a court order and recovery. In this case, the reason is the National
Association of Software and Service Companies ( Nasscom ) which is the main software
association in India. The accused were an employment agency hired by Nasscom to search
for heads and recruit.           

Defendants send e-mails to third parties on behalf of Nasscom to receive confidential data
that they can use in headhunting. So, phishing is an internet scam where a person pretends to
be an association that collects personal information from customers, such as passwords or
access codes, etc. So, phishing is collecting personal information by falsely presenting itself
as a legitimate site and using it for its own benefit.    

The court appointed a commission to inspect the accused's premises, thanks to which they
found two hard drives from which the accused sent e-mails to customers. The offensive e-
mails were downloaded and counted as evidence. The accused used various fictitious
identities to avoid recognition and take legal action.   

Later, the accused pleaded guilty, and both sides wanted to resolve the dispute through a
compromise. Defendant had to pay Rs. 1.6 million for defendants for damages and
infringement of their trademark rights.   

This case is very important as it introduces "phishing" into our legal system and proves that
any person who infringes intellectual property rights will pay compensation. This case
brought faith in the Indian judiciary that can protect intangible property rights.  

Cyber Attack on Cosmos Bank

In August 2018, there was a cyber attack on the Cosmos Bank branch in Pune which emptied
around Rs. 94 crores. The attackers broke into the main server and transferred the money to a
Hong Kong bank, and also traced the details of various Visa and Rupay debit cards .           

Hackers found and exploited the link between the centralized system and the payment
gateway, meaning neither the bank nor the account holders were aware of the money being
transferred. 

The attack was huge and one-of-a-kind, as the first malware attacked terminated all
communication between the payment gateway and the bank. The attack caused a great deal of
damage as 14,000 transactions were made in 28 countries with 450 cards and 2,800
transactions with 400 cards in India.  

BSNL, Unauthorized Access

In this case, the Joint Academic Network (JANET) was hacked, which restricted access to
authorized users by changing their passwords and deleting / adding files to their account. The
accused also made changes to the BSNL database on his internet user account.  

The company filed a cybercrime case, and the CBI began an investigation and discovered that
broadband internet was being used without any permission. Various VPNs have been accused
of hacking servers from different cities.  

The accused was later imprisoned for a year and paid a fine of Rs. 5000 under section 66 of
the Information Technology Act of 2000 and section 420 of the IPC. 

How to protect yourself from identity theft

To protect yourself from identity theft, start to think about the future and try to minimize the
risk of being a victim. The ultimate goal is to build a sufficient number of obstacles and
ensure the protection of access to personal data. There are different steps a person can take to
protect themselves from identity theft:  

Mandatory use of passwords         

This is the first step a person needs to take to protect themselves from identity theft. Mostly
people think that setting a password is not necessary or that it is so much work for
nothing. However, in the current situation, not using passwords is not really safe as
cybercrime is increasing gradually. A phone without a password is like a house without a
door, anyone can access it. Therefore, everyone needs to set passwords for their phone,
computer, and all of their financial accounts to protect against identity theft, and the password
must be strong and unpredictable.      

Shuffle your passwords         

Always try to set a different password, because if every password is the same, a scammer can
easily access all accounts with just one password. So, having your passwords mixed up can
actually prevent an identity thief from gaining access to your data. Your name and date of
birth cannot be your password, as they are predictable and need to be changed from time to
time or whenever you believe your account has been hacked.   
Stay away from suspicious websites and links         

Everyone needs to avoid dubious websites or suspicious links in emails or texts as they can
be an identity thief trap. Scams generally use websites that are similar to your financial
institution, lender, bank, or credit card company to gain access to your
information. Therefore, no one should ever enter their login credentials on unknown or
suspicious sites.  

Never provide personal information        

Another way of scamming is by calling people such as credit card companies or banks and
providing situations where personal information can be asked. In fact, no organization will
ever call you and ask for personal information such as account number, PIN or anything
else. Therefore, no one should disclose their personal data to anyone over the phone.     

Protect documents containing personal data         

It is always a good idea to destroy all physical private records and statements that contain
personal or financial information that may cause problems in the future. They can also use
receipts to collect personal information, so people should carry them home and throw them
away.  

Limit exposure

Everyone must have a limited number of credit cards in their wallet to reduce damage in the
event of theft. Carrying your original ID in your wallet is also dangerous. People should carry
duplicate ID cards in their wallets.   

How to prevent fraud in business

Fraud prevention in business is very important as business affects many people's lives. Unlike
individuals, an attack on a company can threaten the livelihoods of many people and their
dependents. So, there are some ways people can protect their business from fraud:  

Go to digital statements
In the current scenario, credit card bills, bank statements, confidential files, and other
important documents could be used to attack a business. Most of these documents are mailed,
and to prevent the risk of theft, you can turn off paperwork and switch to digital statements.  

While most businesses cannot transition to a paperless situation, they can rather change their
banking and other financial procedures to electronic, which will only take a few minutes and
can completely help close the risk. Switching to electronics saves time and money.   

Invest in a high-quality shredder

It may be fun, but the theft from trash cans and trashcans is happening all over the world and
also in movies. People can easily eliminate this risk by purchasing a high-quality document
shredder for the office.  

Build a secure archiving system

Every business or business has its own important documents that should be kept in a safe
place. These documents can be used to attack a company, customers or employees, so these
documents must be in a safe place and only higher authorities have access to them.  

Best digital security

Now that you've secured all your documents, it's time to secure your digital data. A regular
wireless internet router cannot protect digital assets, so adding other features will help
protect:   

 Strong dams
                

 VPN for external access

                

 Safe off-site data storage

                

 Scheduled scanning for viruses and malware

                

 Automatic updates of Windows and other programs

                

 Secured wireless networks

                

 Mainframe physical access protection

                
Planned access to user data

To keep your company's data safe, there must be multiple layers of system security. Only
those who really need it and have permission to do so have access to these data files. This
means that everyone in the company cannot access every file.   

For the daily use of computers, people need to have their own login credentials that
they can not share with anyone, and also the user ID should have access to a specific
system.   

Use of strong passwords

Strong passwords are always necessary as they play a very important role in security. Strong
passwords like random long with some symbols will be impossible to guess by anyone.  

How to prevent fraud in banks

Identity theft is increasing day by day in the past six years. It is imperative to secure banks
against identity theft. There are simple ways to prevent identity theft:  

Multi-factor authentication       

This may be the best approach in the security framework. This multi-factor authentication
helps as there will be a series of passwords or questions to help keep your valuable
information safe from fraud. Only higher authorities will know the passwords, which will
reduce the chances of fraud in the bank.   

Monitor transactions       

The bank needs to monitor all transactions and should raise limits on the mainframe which
detects anything suspicious. 

Controlling transactions          
Controlling transactions with different people can help in this situation. This means that for
each transaction, one person initiates the transaction, another person approves it, and a third
person actually completes the transaction. 

Lack of staff is not a problem as banks can set up an automatic clearing house (ACH) that can
confirm sending and receiving transactions over the phone.

Raise awareness of frauds        

Informing customers about scams is very important as this problem is increasing. Helping

clients understand the current situation and answer their questions.  

Digital banking        

Encourage customers to engage in digital banking and help them understand the dynamics of
digital banking. 

How to prevent social media scams

There are certain ways to prevent social media fraud:

1. Use all security settings provided by multimedia platforms. These can be, for
example, captcha puzzles, privacy settings, or security settings. Everything helps to
protect your account.   
2. Never share your login details with anyone, not even people you trust. Even they can
put you at risk when using your account.  
3. Be aware of every information you share and don't share any personal or highly
sensitive information on your social media. 
4. Never reuse your passwords. Always set a new password for each account. 
5. Always add famous people. 
CONCLUSION
As cybercrime fraud and crime increase, the government is faced with defining rules and
regulations to protect people's interests and help them prevent mishaps on the
Internet. Certain laws aim to protect "sensitive personal information" through "data protection
and privacy policies".