DJN Blogs

Vishalakshi, Faculty of Law, Banaras Hindu University.
Date: 12.06.2021
IDENTITY THEFT AND SOCIAL MEDIA: A DETAILED ANALYSIS OF LAWS AND PROTECTION
INTRODUCTION
21st
Century has lead the revolution in technology. Humans are living in the era of
internet and the world has shrinked to data now-a-days. With the advancement of
information technology, today, everything is possible in just a single click.
People sitting in any corner of the world can meet, see and talk to other
persons sitting in other corner of the world. People can visit virtually all
across the world and even in the space. A single click can let the person know
what’s happening in other parts of the world. Everything is available on the
internet and it has become the second home of 99% of the world’s population.
One cannot imagine one’s life without internet today and even if one wants to,
it cannot be done because everything has shifted on internet. From virtual
offices to e-banking, from virtual classes to exams, from virtually meeting
loved ones to virtually travelling, from virtual shopping to virtual
treatments, everything is on and because of internet only. This revolution has
many advantages. Just two decades ago, it was impossible for common man to
think that, he can talk to other person sitting hundreds of miles away from him
just the way he is talking to the person sitting right next to him. Nobody
could have thought that messages can be sent to other persons within a fraction
of second and can be talk to them face to face. Nobody could have thought that
beauty of the world could be seen and experienced without travelling and
shopping can be enjoyed even at mid-night without going out of home. It was
just beyond the thinking of a common man that one can be taught without going
to schools and money can be withdrawn without visiting to banks as well. Information
technology made everything possible. But as it is said, excess of everything is
bad and leads to destruction. So, is in the case of internet.
Data1
is the real power and treasure today. The one who has knowledge of data is the
most intelligent person. The one who stores data is the richest and most
powerful person. The rampant usage of internet has lead destruction of privacy
of world. No doubt, internet has made lives easier but at the same time it has
made the life and privacy of the man open to threat and terrorism. It can be
invaded by anyone, anytime. The one who has knowledge how to optimize the data
and how to use software can attack into anyone’s life without his permission
and knowledge. Privacy no more exists and we are being followed by invisible
eyes everywhere, what we do, what we search, what we talk, our passwords, our
bank and other personal details everything is being recorded. Even our physical
conversation is being listened by someone. Whole world is in a trap called data
and have been confined to a place called internet.
CYBER
CRIME AND IDENTITY THEFT
The
internet is way more dangerous than what is seems to be. Human are being
controlled by those who know how to use data. Just like physical crimes,
criminal activity can be targeted by using computer, computer network or a
network device as well through internet. Such crimes that involve usage of data
are called cybercrimes and the persons committing cybercrimes are
referred as cyber criminals. Cybercrime is the most crucial crime faced
by the world and are more catastrophic than the wars.
Cybercrime
affects both the real and virtual body and includes hacktivist protests,
harassment, theft and extortion, money laundering, stalking etc. Cybercrimes
are done by accessing the information of the victim in unauthorized manner and
by breaking security like privacy, password etc. of anyone. Though there are
various types of cyber crimes but the most common of all is the cyber theft.
Almost 99% of the cybercrime on internet is carried by the means of theft which
is called as cyber theft. Cyber
theft includes identity theft, password theft, theft of information, etc.
Identity
theft/fraud is the fastest growing and most common
white-collar crime which has affected almost every person using the internet,
in insidious way. When someone illegally either by fraud or deception obtains
and uses another person’s data for stealing money or getting other benefits by
pretending to be that other person, it amounts to identity fraud. The data can
also be used by the offender to commit any other crime by using other person’s
data or identity or to tarnish that person’s public image. And the person whose
identity is used suffers various consequences such as monetary loss, loss of
reputation in the society and sometimes they are held responsible for the
perpetrator’s actions, which may cause mental trauma to them.
“For
example, they might use the credit card information to run up huge bills,
forcing the credit card firms to suffer large losses, or they might sell the
information to others who can use it in a similar fashion. Second, they might
use individual credit card names and numbers to create new identities for other
criminals. For example, a criminal might contact the issuing bank of a stolen
credit card and change the mailing address on the account. Next, the criminal
may get a passport or driver’s license with his own picture but with the
victim’s name. With a driver’s license, the criminal can easily acquire a new
Social Security card; it is then possible to open bank accounts and receive
loans—all with the victim’s credit record and background. The original
cardholder might remain unaware of this until the debt is so great that the
bank contacts the account holder. Only then does the identity theft become
visible”.2
Facebook,
Instagram, Gmail etc. have become most common places for the population today.
These social networking sites can be said to be the second home of the world.
On these sites, all the major information such as the phone number, email
address, photo, birthdate etc. is asked while creating an account. Today, the
world is so engaged in creating their social image that they have forgotten
that they are being followed by invisible eyes. This information can be used to
clone the identity in order to attack the public image, monetary status via
online banking systems and online credit card processing or as a tool to
blackmail that owner of identity. Identity theft can also be used to facilitate
some bigger crimes such as illegal immigration, terrorism and espionage. In
such cases, it is very difficult to track the person impersonating as firstly,
online transaction provides a kind of anonymity and privacy to an individual
and secondly these crimes are committed using Dark Web or Dark Net.
Dark
web
is a part of internet that isn’t visible to search engines. Dark net is
encrypted online content that is not indexed by the conventional search engines
hence, the offender cannot be traced by normal software. Only some special
software can be used to track the person. All forms of cybercrimes and white-collar
crimes takes place on Dark web. One can buy the credit card number, all the
illegal drug and arms business is carried on dark web. The counterfeit money,
hacked Netflix accounts, stolen login credientials of bank accounts, usernames,
passwords etc. can be brought through the dark net software that break into
other person’s account without being tracked.
TECHINIQUES
THROUGH WHICH IDENTITY THEFT IS COMMITTED
Phishing
and Smishing
Whenever
any website is opened to search anything, the users are asked to provide their
email id and mobile number. Normally, just to avoid that interface, users
without reading the terms and conditions, without checking that whether that
website is authentic or not, write down their email ids and mobile numbers. And
this gathered information is used by those websites to mail and message by the
users, different ads and promotions. Sometimes, fake mails such as
Congratulations! You have won XYZ amount or You can get a Car by clicking on
this link etc. is sent to them. Users blindly click on those links and fill the
required information such as bank account number etc. They fall in trap by
believing on such deceptive mails which is sent to them to gather their
sensitive information.
This
act of gathering sensitive information by sending deceptive emails to the
recipient through fake accounts is called Phishing. These emails are
often spoofed i.e., send through some different origin and show the origin
different from where it actually originated.
And
gaining the personal information of the victim through mobile number by sending
fraud text messages which directs them to move on some link or make a phone
call, is called smishing. These SMS can also be sent by internet.
Vishing
Vishing
is one of the most common ways to extract the information of the recipient that
every user may have experienced at some or the other point. Vishing is
basically the combination of Voice and Phishing i.e., sending deceptive
messages via fake phone calls. When a call is made to any person, the phone
number of the dialler can be seen on the phone of the recipient and through
phone number, the name and address of the dialer can be traced. Hence, the
offers use fake caller ID and phone numbers to call the victim. But sometimes,
users receive those phone calls in which the number isn’t visible. Who is the
person, what is his phone number, all these cannot be recorded in such cases
because the number cannot be seen on the screen. This is done by the criminal
through Voice over Internet Protocol (VOIP). The cybercriminal in vishing, call
the person posing to be a bank representative or call center employee and fool
them to disclose crucial information.
Hacking
Hacking
is a very common term and simply means unauthorized access to someone’s
computer, mobile, any other network device or accounts such as social
networking accounts or bank accounts etc. The cybercriminals unscrupulously
break into the information contained in any other networking device and control
the activities of the victim. The offence of hacking is direct infringement of
the fundamental right to privacy of the person suffering this attack as
guaranteed by the Constitution.
Hacking
has been talked in Section 66 of Information Technology Act, 2000. Section
66 deals with the offence of unauthorized access to the computer resource and
defines it as “Whoever with the purpose or intention to cause any loss,
damage or to destroy, delete or to alter any information that resides in a
public or any person’s computer. diminish its utility, values or affects it
injuriously by any means, commits hacking.”
Credit
Card Skimming
The
digitalization of banks and cashless payment schemes across the world poses the
risk of monetary loss to the card holder anytime and anywhere. People find it
easier to carry the cards rather than having cash in their pockets. But it is
also easier and convenient for the cybercriminals as well to access those cards
in unauthorized manner and withdraw money from the bank accounts of the
individual. The surprising part of such method is that all these happens while
the card is in the possession of the victim. Card gets swiped and charges are
levied on the individual without his knowledge.
For
any transaction, the credit card needs to be swiped on a small device called skimeer.
This skimmer, collects the information such as, credit card number, the expiry
date, full name of the individual etc. The cybercriminals can steal these
pieces of information through the skimmer and then n number of cards can be
cloned from these information to make fraudulent transactions.
Weak
Password
People
while creating their accounts on social media or while generating bank account
passwords or ATM pins, are asked to generate some strong passwords. But this is
often neglected by the users and they create very common passwords such as
12345678 or 87654321 or they put their birth dates or full names or combination
of name and birthdates as passwords. These information of a persons like his
name and birthdate is very common and is known by almost everyone knowing him.
Hence, it becomes easier for the offenders to break these passwords and enter
into the victim’s privacy. Thus, it is always advised by the banks or the
social medial sites to use long passwords with a combination of upper and lower
alphabets, numbers and special characters.
Malicious
software
It
is often advisable to check the authenticity of the website before entering any
personal information of before clicking on any link given in the website.
Authenticity of the website can be checked by clicking on the link of the
website. If the link starts with http, it means that the source is not secured
one and so one must avoid filling any information there. If the link starts
with https, it means that the website is a secured platform. ‘s’ means the
website is secured. It will reduce the chances of users’ information getting
compromised.
Unauthorized
websites, often contain various links which on clicking direct the person to
some other website or some applications start installing without users’
permission. It is very often seen that these malicious websites, start showing
information such as “your phone contains viruses, click here to clean your
phone” or “click here to win XYZ amount.” Malicious softwares also get
installed without user’s knowledge when he tries to download some movies, songs
or games from unauthorized sources. These malwares are especially designed to
harm the computer or mobile phone of the user.
WHAT
FIGURES SAY?
According
to National Crime Record Bureau, India recorded 9622, 1192, 12317 and 21796
cybercrimes in the years 2014, 2015, 2016 and 2017 respectively.3
And according to the same bureau, the year 2018 recorded 27248 cybercrimes out
of which, 55.2% (15,051 out of 27248) were registered for the motive of fraud.4According
to the Norton Cyber Security Insights Report 2016, 49% of India’s online
population, or more than 115 million Indians, are affected by cybercrime at
some point making the country ranking second in terms of highest number of
victims.
LAWS
GOVERNING INDENTITY THEFT IN INDIA
Identity
theft is a crime that is committed with the use of data and internet. The Act
that governs the internet related issues is Information Technology Act, 2000.
IT Act,2000 is the parent act which deals with the laws governing all types of
cybercrimes including the identity theft. But identity theft is a kind of theft
and fraud which is done steal, cheat, defame the victim and can also be used to
make forged/false documents. Hence, provisions of IPC is also invoked with IT
Act. After the IT Act, certain changes were made to the Indian Penal Code to
add different electronic means such as “electronic record”.5
Identity
Theft Under Indian Penal Code
Section
463–
This section defines Forgery as “Whoever makes any false document or false ‘electronic
record’ or part of a document or electronic record with intent to cause damage
or injury, to the public or to any person, or to support any claim or title, or
to cause any person to part with property, or to enter into any express or
implied contract, or with intent to commit fraud or that fraud may be
committed, commits forgery”.
Section
464–
According to this section a person is said to make a false document when-
“First—
Who dishonestly or fraudulently—
makes,
sign, seals or executes a document or part of a document;
makes
or transmits any electronic record or part of any electronic record;
affixes
any digital signature on any electronic record;
makes
any mark denoting the execution of a document or the authenticity of the
digital signature, with the intention of causing it to be believed that such
document or part of document, electronic record or digital signature was made,
signed, sealed, executed, transmitted or affixed by or by the authority or a
person by whom or by whose authority he knows that it was not made, signed,
sealed, executed or affixed; or
Secondly—
who, without lawful authority, dishonestly or fraudulently, by cancellation or
otherwise, alters a document or an electronic record in any material part
thereof, after it has been made, executed or affixed with digital signature
either by himself or by any other person, whether such person be living or dead
at the time of such alteration; or
Thirdly—
who dishonestly or fraudulently causes any person, sign, seal, execute or alter
a document or an electronic record or to affix his digital signature on any
electronic record knowing that such person by reason of unsoundness of mind or
intoxication cannot, or that by reason of deception practiced upon him, he does
not know the contents of the document or electronic record or the nature of the
alteration”.
Section
468–
This section punishes the person committing the offence of forgery with the
intention that the document or electronic record forged is going to used for
the purpose of cheating the other person with imprisonment up to 7 years and
fine. This offence is compoundable and non-bailable.
Section
469–
This section deals with the provisions of forgery for the purpose of harming
the reputation of any person or knowing that it is likely to be used for that
purpose. The person committing offence under this section shall be punishable
with fine and imprisonment.
Section
471–
According to this section whoever used any forged document as a genuine
document, knowingly or which he has reason to believe that the document is
forged shall be held liable in the same manner as he himself has forged that
document. Offence under this section is a cognizable and bailable offence.
The
terms “dishonestly” and “fraudulently” are defined under sections
24 and 25 of the Indian Penal Code,1860. The offence of Identity
theft is always committed by the offenders with the intention to cause wrongful
loss to the victim by intentionally downloading, extracting or copying his data
and information through network devices to or wrongful gain the other. It is
always committed by dishonestly taking away the identity or data of the person
to steal something or to harm his reputation in the society or to commit any
other crime. Hence, the above provisions of IPC also come into picture while
dealing with the case of identity theft.
Identity
Theft Under Information Technology Act, 2000
Section
43–
If any person without permission of the owner damages to computer, computer
system, etc. he/she shall be liable to pay compensation to the person so
affected
Section
66–
“If any person, dishonestly or fraudulently, does any act referred to in
section 43, he shall be punishable with imprisonment for a term which may
extend to three years or with fine which may extend to five lakh rupees or with
both”.
Section
66 B–
This section was added by the Information Technology (Amendment) Act,2008 and
deals with the punishment for dishonestly receiving stolen computer resource or
communication device. This offence is punishable with imprisonment for a term
which may extend to three years or with fine which may extend to rupees one
lakh or with both.
Section
66 C- This section prescribes the punishment for identity
theft and defines the term as “Whoever, fraudulently or dishonestly make use of
the ‘electronic signature’6, password or any other unique
identification feature of any other person, shall be punished with imprisonment
of either description for a term which may extend to three years and shall also
be liable to fine with may extend to rupees one lakh”.7The
Information Technology (Amendment) Act,2008 made certain changes in the
existing Act and several new section along with this section and new terms were
added. The term electronic signature was also added by the Parliament through
this amendment.
Offence
under this section is cognisable and bailable.
Section
66 D–
This section was inserted to punish cheating by impersonation using computer
resources. This section defines as “Whoever, by means for any communication
device or computer resource cheats by personating, shall be punished with
imprisonment of either description for a term which may extend to three years
and shall also be liable to fine which may extend to one lakh rupees”8.
The instances where fake profiles are created on social media or fraud e-mail
accounts for the purpose of cheating, the cases of data theft of infringement
of privacy by illegal access are punishable under this section. Offences under
this section are cognisable and bailable.
PREVENTION,
REMEDIES AND RECOVERY
Identity
theft in majority of cases have been found to have committed on those persons
who were negligent in handelling their data or who had shared any piece of
their sensitive information to some other persons at some point. Hence, it is
often advisable not to share any personal information with anyone else. While
cybercrimes can be committed by the offenders and after tight security, account
of celebrities is also sometimes hacked and even the social media account of a
US President was hacked by the hackers. So, it cannot be said that by taking
precautions, such crimes can be prevented completely but yes, the chances can
be reduced. Changing passwords every 2-3 months, generating strong password
with a combination of upper & lower case alphabets, numbers and special
characters and changing password immediately in case of suspicion can be one
way to reduce the chances. Temporarily deactivating the account after changing
the password in case of suspicion or after any identity theft is a way to
protect the account. One should immediately contact the bank or lender etc. to
protect the records and temporarily or permanently close the account when
someone tries to access without permission.
Identity
can also be stolen by the use of viruses and malwares. Constantly checking and
cleaning of viruses through security software must also be done to avoid
greater harm.
Government
has also created cybercrime portal. In case of any suspicion or in case one has
become the victim of fraud and has lost money from account, it should be
immediately reported to the cybercrime branch through the online portal. It can
also be reported by visiting to the nearest police station directly. Filing a
complaint is very important for getting qualified as a proof of identity theft.
This complaint is also required if the victim decides to file for the
compensation from the bank. And this complaint can save the victim from further
damage and threats.
At
present various agencies have been set up by the government to look into the
matters relating to cybercrime and cyber security such as Cyber and Information
Security Division (C&IS). This body deals with the matters related to Cyber
Security, Cyber Crime, National Information Security Policy & Guidelines
and implementation of NISPG and NATGRID, etc.
Apart
from different bodies set up by central government, various states and UTs have
also specialised cells which deals by cyber matters. Different technologies
such as cyber mapping, analytics and predictive system, data mining,
statistical modelling is being used by governments to protect the citizens and
reduce the cybercrime.
CONCLUSION
In present time, use of
Information technology is at its peak. Recent scenarios have forced the world
to move to Internet and make is the new village on this planet. Despite having
a number of advantages, the disadvantages are more and will shadow the advantages
completely in the upcoming years. Humans are already in control but the
upcoming years will witness the AI controlling humans mind and all the activity
of the man-kind. Saddest part is that, no body can get out of this trap and no
body can live without this trap. But, awareness, consciousness and precautions
can reduce the harm and chances to much extent. Internet should be used but
wisely. Red flags given by the attackers can be read sometimes when they send
fraud messages and emails, when someone on behalf of bank calls and asks for
account number and passwords and OTPs. These are sensitive information and no
bank or any organization asks for these pieces. Government is doing its part but
Indian Laws in current times is not very complex and up to the mark for
cybercrimes. The very pitfall of IT Act is that it lacks extra-territorial
jurisdiction. Extra territorial jurisdiction means the power of the state
extends beyond its territorial jurisdiction i.e., the IT Act is only applicable
withing the Indian territory, and hence, only those identity thefts which are
committed by the computer or device sourcing in the Indian Territory can be
considered as cybercrimes. It is important here to note that 20-25% of the
cybercrimes takes place in the country by the offenders sitting outside the
Indian subcontinent and due to the lacuna, the instances are left unreported.
More or less, the exact definitions of various crimes are also missing which
are the need of the hour and strict enforcement of the laws and strict
punishment should be made to create deterrence among the offenders. Under IT
Act, cybercrime is a compoundable and bailable offence, imprisonment is also
provided for three years only, such provisions cannot be said to be the stringent
punishment, these are inadequate punishments. The intention and knowledge of
the offender that he is doing a wrongful act which not only affects the
monetary conditions of the victim but also creates a deep effect on his mental
conditions and social reputation, in some cases, it has also been reported that
some victims have ended their lives. And the criminals, after committing such
offences, get bail and sometimes the victim is forced to compromise. Therefore,
these punishments need revisions. But on individual basis also, people have
become careless in handeling their data. In the name of some money or reward
they share their sensitive information with other persons without having a
second thought. Here it must be noted that self-awareness is must. People
should realise their duties and responsibilities towards themselves and others.
Youth should come forward and take up the responsibility of training the weaker
section of the society who are more vulnerable to this crime.
REFERENCES
1The Information
Technology Act, 2000, § 2 (1) (o)
2BRITANNICA, https://www.britannica.com/topic/cybercrime/Identity-theft-and-invasion-of-privacy (last visited
Apr. 8,2021).
3livemint, https://www.livemint.com/companies/news/cyber-crime-cases-in-india-almost-doubled-in-2017-11571735243602.html (last visited
Apr. 8, 2021).
4 National Crime
Record Bureau, Crime Report 2018, Page no.- xiii.
5The Information
Technology Act, 2000, § 2 (1) (t)
6Defined under
section 2(1) (ta) of the IT ACT, 2000 as “electronic signature” means
authentication of any electronic record by a subscriber by means of the
electronic technique specified in the Second Schedule and includes digital
signature
7Added by
Information Technology Amendment Act, 2008
8Added by
Information Technology Amendment Act, 2008
http://lawtimesjournal.in/identity-theft-is-it-a-modern-crime/
Recent Comments