"Phishing – The Modern Day Techdemic"
Divik Mathur
4 April 2021 7:14 PM IST
With COVID-19 surmounting, there awaits something more. You may start wondering, what it is? So let me just introduce you to the new 'techdemic' that approaches us. Along with the ceaseless time came advancement which has been appreciated and facilitated all around the world, but as they say where there is a right, there is a wrong too. This global village which is connected with...
With COVID-19 surmounting, there awaits something more. You may start wondering, what it is?
So let me just introduce you to the new 'techdemic' that approaches us. Along with the ceaseless time came advancement which has been appreciated and facilitated all around the world, but as they say where there is a right, there is a wrong too. This global village which is connected with its internet highways enabling our access to anywhere anytime endangers our personal security by being prone to cyber-attacks. This practice of ambushing is termed as Phishing and it is as fishy as it sounds. As defined in oxford dictionary the term means, 'fraudulent practice of sending email purporting to be from reputable companies in order to induce individuals to reveal personal information such as passwords and credit card numbers'. To put it in plain words it's a cybercrime that targets individuals via email, telephone or text message wherein cybercriminals pose themselves as legitimate institution luring individuals to share their sensitive data. The primary objective backing such oblique activity is to trick the recipients of email, text or calls to undertake desired actions of criminals with user's device or account getting infected with malware or even being hacked. The term traces its origin back to 90's through America Online (AOL) which was a leading internet service provider in America, when a group of hackers personated themselves as employees of company and grabbed all their personal credentials.
Modern day cybercriminals attempt phishing through numerous ways: Email phishing, Spear phishing, Angler phishing, Vishing and Smishing. Attackers, by way of slithering our personally identifiable information such as confidential data, PAN number, communication details, health conditions etc., impersonate and use the identity for committing crimes and infiltrating corporate systems. The compromised email addresses are even for sale on dark web marketplaces
At this juncture, it is crucial for us now to unwind on how we can keep ourselves aloof from phishers. According to the technoids, it is advisable not to click on a link in message or email if the source is unknown and if the URL of website doesn't start with "https" or if we don't find a closed padlock icon we should also refrain from entering sensitive information or downloading files.
This techdemic also surged with pandemic in India when the malpracticers used COVID-19 themes such as brand impersonation, scamming and business email compromise which even led government of India to issue an advisory bewaring individuals and business enterprises of malicious actors' phishing at large scale and planning attacks. The advisory was issued by India's nodal cyber security agency, Indian Computer Emergency Response Team (CERT-In). The email ID expected to be used for such phishing campaign was somewhat similar to 'ncov2019@gov.in'. Through the medium of fake apps victims device is used as a tool for spying, accessing to their phone data, camera and microphones.
With digital infrastructure scenario rapidly becoming congruent the Information and Technology Act, 2000 of India with its subsequent amendment in 2008 added new provisions to cover and deal with Phishing practice in India.
Section 43 of the Information and Technology Act, 2000 provides for a wide range of activities such as hacking into a computer network, data theft, introducing and spreading viruses through computer networks, damaging computers or computer networks or computer programme, disrupting any computer or computer system or computer network, denying an authorized person access to a computer or computer network, damaging or destroying information residing in a computer etc. which is penalized under Section 66 of the Act with imprisonment for a term which may extend to three years or with fine which may extend to up to five lakh rupees or with both.
Application of section 1(2) read with section 75 of the Information and Technology Act, 2000 empowers invocation of the power of extra territorial jurisdiction of the nation that is the fact regarding nationality of offender or whether the crime is committed in or outside India becomes immaterial and so it applies to any person who tries to harm the computer system or network located in India either by operating inside or outside India.
Section 77A of the IT Act provides that, subject to certain exceptions, all offences under the IT Act for which the punishment is imprisonment for a term of 3 (three) years or less, are compoundable. The provisions of sections 265B and 265C of the Code of Criminal Procedure, 1973 ("CrPC") shall apply with respect to such compounding.
Section 77B of the IT Act provides that notwithstanding anything contained in the CrPC, all offences punishable with imprisonment of 3 (three) years and above under the IT Act shall be cognizable and all offences punishable with imprisonment of 3 (three) years or less shall be bailable.
Furthermore, as per the Indian Penal Code, phishing can attract liability under the heads of cheating, mischief, forgery and abetment. Possible ancillary action in a phishing case could occur under the Trade Marks Act, 1999 and the Copyright Act, 1957.
Speaking for rights of the victim, they can report against such a phishing attack by filing complaint on National Cyber Crime Reporting Portal which is an initiative of Government of India to facilitate complainants to report cybercrime complaints online, this portal is dealt by law enforcement agencies/ police based on the information available in the complaints. One can also walk in to file a written complaint with the cyber-crime cell of the city or in its absence a FIR can be lodged.
As we tread upon our individual journeys in this contemporary era, there arises a need for netizens to remain more equipped with arms and tools against such crimes. Although there were amendments made in the Information and Technology Act, 2000 but they don't suffice seeing the changing pace and rapid evolution of technological minds. With India propelling towards digitization, time for a comprehensive Data Protection Bill has arrived. Unlike India other countries like USA, Canada, Australia, Singapore, China, United Kingdom and Brazil with their California Privacy Rights Act, Digital Charter Implementation Act, Australia's Privacy Act, Personal Data Protection Act, Personal Information Protection Law, Data Protection Act have taken a step forward towards legislating or amending their respective acts in order to curb with growing and changing needs of time.
At the end of the day, it's must for us to remain aware and alert at all times while dealing within the sensitive sphere of technology that can simultaneously protect and destroy something extremely valuable to us.
Views are Personal