2. WHAT ISACYBER
CRIME?
Cyber crime is an ‘umbrella’ term for lots of different types of crimes
which either take place online or where technology is a means
and/or target for the attack. It is one of the fastest growing criminal
activities across the world, and can affect both individuals and
businesses.
In this context, the fraud will result in obtaining a benefit by:
• Altering in an unauthorized way. This requires little technical
expertise and is a common form of theft by employees altering the
data before entry or entering false data, or by entering unauthorized
instructions or using unauthorized processes.
• Altering, destroying, suppressing, or stealing output, usually to
conceal unauthorized transactions. This is difficult to detect.
• Altering or deleting stored data.
3. The IT revolution gave birth to cyber frauds such as hacking,
identity theft, and popularly phishing that saw an upsurge
over a decade, and cybercrime is a newly evolved crime. As
we are emerging to a cashless and more digitalised banking
system we have become more vulnerable to cybercrimes
such as phishing, which means sending an e-mail that falsely
claims to be a particular enterprise that asks for sensitive
financial information. Phishing is an attempt to scam the user
into surrendering private information that will then be used by
the scammer for his own benefit. The person who attacks
users with spoofed e-mails and fraudulent websites that looks
very similar to the real ones thus fooling the recipients into
giving out their personal data. Most phishing attacks ask for
banking details such as card numbers, internet banking and
passwords. In India, the Reserve Bank of India makes people
aware of such frauds from time to time through advertisings. A
recent example of Phishing was the popular “Jamtara Case”
where few villagers from the district duped people across the
country through banking fraud. Although there are no specific
law on Phishing, the Information Technology Act, 2000
penalised phishing and other IT and data frauds.
INTRODUCTION:
4. BACKGROUND:
The case deals with Phishing, which is kind of Internet fraud. A
fraudulent personation was done in the name of “National
Association of Software and Service Companies” also known as
“NASSCOM” which is India's premier software association.
Defendants were operating a placement agency involved in
recruitment and headhunting. Disguised as NASSCOM,
defendants, in order to obtain personal data from various
addresses, which they could then use for head-hunting, went on
the website as if they were a legitimate selection and recruitment
firm. An employee of the defendant created fictitious e-mail Ids
and sent them in the name of NASSCOM to third parties with a
view to extract personal data. The accused used different
fictitious identities to avoid recognition and legal action. Plaintiff
NASSCOM has then filled the suit inter alia praying for a decree
of permanent injunction restraining the defendants or any person
acting under their authority from circulating fraudulent E-mails
purportedly originating from the plaintiff of using the trademark
'NASSCOM' or any other mark confusingly similar in relation to
goods or services. A similar case of significance is Autodesk, Inc.
& Anr. v. Mr. Prashant Deshmukh & Ors.[1]in which the Delhi
High Court granted the plaintiff permanent injunction sought for
as punitive damages against the defendant for copyright and
registered trademarks infringement.
5. PLAINTIFF:
The plaintiff in this case was the National Association of Software and
Service Companies (Nasscom), India’s premier software association.
The defendants were operating a placement agency involved in head-
hunting and recruitment. In order to obtain personal data, which they
could use for purposes of head-hunting, the defendants composed and
sent e-mails to third parties in the name of Nasscom.The high court
recognised the trademark rights of the plaintiff and passed an ex-parte
ad-interim injunction restraining the defendants from using the trade
name or any other name deceptively similar to Nasscom.The court
further restrained the defendants from holding themselves out as being
associates or a part of Nasscom.
The application was filed under Order 23 Rule 3 CPC by NASSCOM
praying for a decree of permanent injunction restraining the defendants
or any person acting under their authority from circulating fraudulent E-
mails purportedly originating from the plaintiff of using the trademark
'NASSCOM' or any other mark confusingly similar in relation to goods or
services.The infringement of the trademark was done to gather data of
the third parties which caused punitive damages to the plaint.The data
was then used for phishing by using the trademarks of NASSCOM.
6. COURT’S
JUDGEMENT:
The Delhi High court-appointed commission to carry out
research at the defendant’s place where two hard disks of the
computers from which the fraudulent e-mails were sent by the
defendants to various parties were taken into custody by the
local commissioner appointed by the court. The offending e-
mails were then retrieved from the hard disks and presented as
evidence in court. After subsequent findings, the defendants
admitted their illegal activities and agreed to suffer decree to pay
a sum of 1. 6 million INR for damages caused to the plaintiff for
violation of trademarks rights and also the hard disks were
handed over to the plaintiff which was found at the defendant’s
place. In the suit proceedings, the settlement was accepted on
record, the Code of Civil Procedure (CPC) in Rule 3A of Order
23 states: "No suit shall lie to set aside a decree on the ground
that the compromise on which the decree is based was not
lawful."[3] Hence, Suit would stand decreed as the compromise
effected between the parties and as contained in IA No.
2351/2005. Said application shall form lawful part of the decree
to be drawn. The high court recognised the trademark rights of
the plaintiff and passed an ex-parte ad interim injunction in
favour of plaintiff restraining the defendants from using the trade
name or any other name deceptively similar to NASSCOM. The
court further restrained the defendants from holding themselves
out as being associated with or a part of NASSCOM.
7. LEGACY:
This case is a landmark in the history of the IP rights and recognised the
need for specific legislation for phishing. This judgement laid a precedent in
India to decide on the technicalities of the scam done in the internet world,
the court further elaborated that the typical phishing scam involves persons
who presented online bank and siphon case from the banking accounts after
conning customers into handing over confidential banking details which were
than used for conning third parties, targeting individuals and companies.
While the cyber world is used by almost all the company, it has also been
grossly misused by some fraudulent companies. There was a time when
cybercrime was very hard to detect but as our agencies getting more
advanced it has ease the work of judiciary to ensure speedy justice to the
aggrieved parties. Phishing via emails is the most common fraud that was
also seen in this case, the defendant used emails to collect the data such
type of fraud is also known as email spoofing which means a spoofed e-mail
may be said to be one, which misrepresents its origin. It shows its origin to
be different from which actually it originates. The only act that exists in India
to govern the crimes of the cyber world is the Information Technology Act,
2000 while this act helps in bringing justice it also provides security. In this
judgement it was stated that there are no specific legislation for spoofing, the
number of mobile internet and email users keep on increasing day by day
and the whole data is stored virtually. The Honourable Delhi High Court
declared in the said order that phishing is an illegal act done in the internet
world. The relief was provided to the plaintiff by compensating the loss in
monetary terms and the party was assured that their rights are protected; it
also assured not only the specific entities but all those who wish to do
business in India. While assuring damage protection the court and the Indian
Judiciary also assured the business owners their right of owning and using
intellectual property. The case dealt widely with phishing, trademarks and
reputation of the aggrieved.
8. GOVERNMENT
POLICIES:
After such landmark cases the Government of India has
come up with various policies and research in cyber frauds
such as phishing. India has several authorities which deal
with cybersecurity, the Computer Emergency Response Team
(CERT-In) are assigned in each state which objective is to
secure India’s cyberspace. The National Security Council
Secretariat (NSCS) has sent a detailed analysis of India
cyber threats. The National Cyber Security Policy, 2013 [5]
aims at protecting the businesses, individuals and the
Government. Under Section 70A of the Information
Technology Act, 2000[6], the National Critical Information
Infrastructure Protection Centre was established. A position
by Prime Minister’s Office is designated as National Cyber
Security Coordinator for advising the Government. The
Reserve Bank of India also issues an advisory to the banks
from time to time to ensure adequate protection of critical
functions and processes. Although it is challenging to draft
umbrella legislation, the judiciary paved the way to help
interpret the existing laws.
9. PREVENTIONS:
Keep software and operating system updated
Keeping your software and operating system up to date ensures that you
benefit from the latest security patches to protect your computer.
Use anti-virus software and keep it updated
Using anti-virus or a comprehensive internet security solution like Kaspersky
Total Security is a smart way to protect your system from attacks. Anti-virus
software allows you to scan, detect and remove threats before they become
a problem. Having this protection in place helps to protect your computer and
your data from cybercrime, giving you piece of mind. Keep your antivirus
updated to receive the best level of protection.
Use strong passwords
Be sure to use strong passwords that people will not guess and do not
record them anywhere. Or use a reputable password manager to generate
strong passwords randomly to make this easier.
Never open attachments in spam emails
A classic way that computers get infected by malware attacks and other
forms of cybercrime is via email attachments in spam emails. Never open an
attachment from a sender you do not know.
Do not click on links in spam emails or untrusted websites
Another way people become victims of cybercrime is by clicking on links in
spam emails or other messages, or unfamiliar websites. Avoid doing this to
stay safe online.
10. PREVENTIONS:
Do not give out personal information unless secure
Never give out personal data over the phone or via email unless you are
completely sure the line or email is secure. Make certain that you are
speaking to the person you think you are.
Contact companies directly about suspicious requests
If you are asked for personal information or data from a company who
has called you, hang up. Call them back using the number on their
official website to ensure you are speaking to them and not a
cybercriminal. Ideally, use a different phone because cybercriminals can
hold the line open. When you think you’ve re-dialed, they can pretend to
be from the bank or other organization that you think you are speaking
to.
Be mindful of which website URLs you visit
Keep an eye on the URLs you are clicking on. Do they look legitimate?
Avoid clicking on links with unfamiliar or URLs that look like spam. If
your internet security product includes functionality to secure online
transactions, ensure it is enabled before carrying out financial
transactions online.
Keep an eye on your bank statements
Spotting that you have become a victim of cybercrime quickly is
important. Keep an eye on your bank statements and query any
unfamiliar transactions with the bank. The bank can investigate whether
they are fraudulent.
A good antivirus will protect you from the threat of cybercrime.