EXECUTIVE SUMMARY

Cyber crimes are any illegal activities committed using computer target of the criminal activity
can be either a computer, network operations. Cyber crimes are genus of crimes, which use
computers and networks for criminal activities. The difference between traditional crimes and
cyber crimes is the cyber crimes can be transnational in nature. Cyber crime is a crime that is
committed online in many areas using e-commerce. A computer can be the target of an offence
when unauthorized access of computer network occurs and on other hand it affects E-
COMMERCE.

Cyber crime can be of various types such as Telecommunication Piracy, Electronic Money
Laundering and Tax Evasion, Sales and Investment Fraud, Electronic Funds Transfer Fraud and
so on…The modern contemporary era has replaced these traditional monetary instruments from a
paper and metal based currency to ―plastic money‖ in the form of credit cards, debit cards, etc.
This has resulted in the increasing use of ATM all over the world.

The use of ATM is not only safe but is also convenient. This safety and convenience,
unfortunately, has an evil side as well that do not originate from the use of plastic money rather
by the misuse of the same. This evil side is reflected in the form of ―ATM frauds‖ that is a global
problem. Internet commerce has grown exponentially during the past few years and is still
growing. But unfortunately the growth is not on the expected lines because the credit card fraud
which has become common has retarded the e-commerce growth. Credit card fraud has become
regular on internet which not only affects card holders but also online merchants.

Credit card fraud can be done by taking over the account, skimming or if the card is stolen.
Certain preventive measures can be taken to becoming a credit card victim. The term "Internet
fraud" refers generally to any type of fraud scheme that uses one or more components of the
Internet - such as chat rooms, e-mail, message boards, or Web sites - to present fraudulent
solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds
of fraud to financial institutions or to other connected with the scheme. Some form of internet
form include: spam, scams, identity theft, phishing, spyware, internet banking fraud.

1
 INTRODUCTION

Cyber crime is like traditional crime; cybercrime can take many shapes and can
occur nearly anytime or anyplace. Criminals committing cybercrime use a number
of methods, depending on their skill-set and their goal. This should not be
surprising: cybercrime is, after all, simply 'crime' with some sort of 'computer' or
‗cyber‘ aspects.
 Cybercrime has surpassed illegal drug trafficking as a criminal
moneymaker.
 Every 3 seconds an identity is stolen.
 Without security, your unprotected PC can become infected within four
minutes of connecting to the internet.

The usage of internet service in India is growing rapidly. It has given rise to new
opportunities in every field we can think of – be it entertainment, business, sport or
education.

2
There are many pros and cons of some new types of technology which are been invented
or discovered. Similarly the new & profound technology i.e. using of INTERNET
Service, has also got some pros & cons. These cons are named CYBER CRIME, the
major disadvantage, illegal activity committed on the internet by certain individuals
because of certain loop-holes. The interest, along with its advantages, has also exposed us
to security risk that comes with come with connecting to a large network. Computer today
are being misused for illegal activities like e-mail espionage, credit card fraud, spams, and
software. piracy and so on, which invade our privacy and offend our senses. Criminal
activities in the cyberspace are on the rise

Computer crimes are criminal activities, which involve the use of information technology
to gain an illegal or an unauthorized access to a computer system with intent of damaging,
deleting or altering computer data. Computer crimes also include the activities such as
electronic frauds, misuse of devices, identity theft and data as well as system interference.
Computer crimes may not necessarily involve damage to physical property. They rather
include them manipulation of confidential data and critical information. Computer crimes
involve activities of software theft, wherein the privacy of the users is hampered. These
criminal activities involve the breach of human and information privacy, as also the theft
and illegal alteration of system critical information. The different types of computer
crimes have necessitated the introduction and use of newer and more effective security
measures.

In recent years, the growth and penetration of internet across Asia Pacific has been
phenomenal. Today, a large number of rural areas in India and a couple of other nations
in the region have increasing access to the internet — particularly broadband. The
challenges of information security have also grown manifold. This widespread nature of
cyber crime is beginning to show negative impact on the economic growth opportunities
in each of the countries. It is becoming imperative for organizations to take both
preventive and corrective action if their systems are to be protected from any kind of
compromise by external malicious element. According to the latest statistics, more than a
fifth of the malicious activities in the world originate from the Asia Pacific region. The
malicious attacks included denial-of-service attacks, spam and phishing and bot attacks.
Overall, spam made up 69% of all monitored e-mail traffic in the Asia pacific region. As
per the National Crime Report Bureau statistics, there has been a 255% increase in cyber
crime in India alone. And mind you, these are just the reported cases. In view of this,

3
various governmental and non- governmental agencies are working towards reducing
cyber crime activities.

Computer crime, cyber crime, e-crime, hi-tech crime or electronic crime generally refers
to criminal activity where a computer or network is the source, tool, target, or place of a
crime. These categories are not exclusive and many activities can be characterized as
falling in one more category. According, although the term computer crime and cyber
crime are more properly restricted to describing criminal activity in which the computer
or network is a necessary part of the crime, these terms are also sometimes used to
include traditional crimes, such as fraud, theft, blackmail, forgery, and embezzlement, in
which computer has grown, computer crime has become more important.

4
 OBJECTIVES

As cybercrime incidents are on the increase, and it menace is affecting both Government

organizations, Individuals and businesses,

 To find what are the impact of cybercrime.

 To find what is cybercrime.
 To find the way to prevent cybercrime
 To find how cybercrime takes place

5
 LITERATURE REVIEW

Defining Cyber Crime

Defining cyber crimes, as ―acts that are punishable by the Information Technology Act"
would be unsuitable as the Indian Penal Code also covers many cyber crimes, such as
email spoofing and cyber defamation, sending threatening emails etc.

Computer crime has been defined as ―unauthorized use of a computer for personal gain,
as in the illegal transfer of funds or to alter the data or property of others‖ (―Computer
Crime‖, 2007).

A generalized definition of cyber crime may be ―unlawful acts wherein the computer is
either a tool or target or both‖.

6
The history of cyber crime

The first recorded cyber crime took place in the year 1820! This is not surprising
considering the fact that the abacus, which is thought to be the earliest form of a
computer, has been around since 3500 B.C. in India, and China. The era of modern
computers, however, began with the analytical engine of Charles Babbage.

In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom.

This device allowed the repetition of a series of steps in the weaving of special fabrics.
This result in a fear amongst Jacquard‘s employee that their traditional employment and
livelihood were being threatened. They committed acts of sabotage to discourage
Jacquard from Further use of the new technology. This is the first recorded cyber crime!

Today computers have come a long way, with neural networks andnanocomputing
promising to turn every atom in a glass of water into a computer capable of performing a
Billion operations per second.

Cyber crime is an evil having its origin in the growing dependence on computer in
modern life. In a day and age when everything from microwave ovens and refrigerators to
nuclear power plants is being run on computers, cybercrime has assumed rather sinister
implications.

7
CYBERCRIMES IN INDIA

NEW DELHI: India has witnessed a 457% rise in cybercrime incidents under the
Information Technology (IT) Act, 2000 from the year 2011 to 2016, a recent
ASSOCHAM-NEC joint study said
Symantec Corp ranked India among top five countries to be affected by cyber crime,
between 2012-17, the number of internet users grew at a CAGR of 44%, of which India is
placed third after US and China.
Using latest technologies like Artificial Intelligence, Big Data Analytics, Facial
Recognition, IoT etc., to identify and catch suspects/criminals, have gained much
awareness among various law enforcement agencies. However, the implementation of
these technologies is not on a national level but on a state level, which makes it crucial for
the central government to fund and support state level law enforcement agencies to utilize
technologies to upgrade their policing methods, noted the study.
Indian government and multiple law enforcement agencies have taken lead in curbing
growing cyber crime.
State government and State police are developing new anti-cyber crime measures and
gathering methods to tackle it with the help of central government and private
organizations.

CYBERSPACE

As the cases of cybercrime grow; there is a growing need to prevent them. Cyberspace
belongs to everyone. There should be electronic surveillance which means investigators
tracking down hackers often want to monitor a cracker as he breaks into a victim's
computer system. The two basic laws governing real-time electronic surveillance in other
criminal investigations also apply in this context, search warrants which means that
search warrants may be obtained to gain access to the premises where the cracker is
believed to have evidence of the crime. Such evidence would include the computer used
to commit the crime, as well as the software used to gain unauthorized access and other
evidence of the crime. Researchers must explore the problems in greater detail to learn
the origins, methods, and motivations of this growing criminal group. Decisionmakers in
business, government, and law enforcement must react to this emerging body of

8
knowledge. They must develop policies, methods, and regulations to detect incursions,
investigate prosecute the perpetrators, and prevent future crimes. In addition, Police
Departments should immediately take steps to protect their own information systems
from intrusions. (Any entry into an area not previously occupied). Internet provides
anonymity: This is one of the reasons why criminals try to get away easily when caught
and also give them a chance to commit the crime again. Therefore, we users should be
careful. We should not disclose any personal information on the internet or use credit
cards and if we find anything suspicious in e-mails or if the system is hacked, it should be
immediately reported to the Police officials who investigate cyber crime rather than trying
to fix the problem by ourselves. Computer crime is a multi- billion dollar problem. Law
enforcement must seek ways to keep the drawback from the great promise of the
computer age. Cybercrime is a menace that has to be tackled effectively not only by the
official but also by the users by co-operating with the law.

When was the first ever cybercrime recorded?

The first cybercrime was noted in 1820 by Joseph-Marie Jacquard, a textile manufacturer
in France which produced the loom. This device allowed the repetition of a series of steps
in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees
that their traditional employment and livelihood were being threatened. They committed
acts of sabotage to discourage Jacquard from further use of the new technology. This is
the first recorded cyber-crime!

The first spam email took place in 1978 when it was sent out over the Arpanet (Advanced
Research Projects Agency Network). The first virus was installed on an Apple computer
in 1982 when a high school student, Rich Skrenta, developed the Elk cloner

Who is carrying it out?

100 per cent Security! 100 per cent security can be difficult to attain and should not
ideally be the goal. Instead, one must establish a capability that deals with incidents to
help minimise threat and loss

9
Are you facing cyber threat and not even realising it?

The information security landscape is constantly evolving. Private and public sector
organisations find it difficult to believe they could be a target for cyber-attacks. As
adversary sophistication increases, many organisations react only after the event or the
attack is underway.

The Differences between Cybercrime and Traditional Crime:

One of the differences between cybercrime and traditional crime is the evidence of the
offenses. Traditional criminals usually leave traces of a crime, through either fingerprints
or other physical evidences. On the other hand, cybercriminals rely on the Internet via
which they commit their crimes, and it leaves very little evidence about the cybercrime.
Forensic investigators usually experience great difficulty in gathering evidence that could
lead to the conviction of cybercriminals since these criminals can freely change their
identities. The Internet also allows the anonymity of its users, and this implies that
cybercriminals can use any pseudonyms for their identification. On the other hand, it is
difficult for traditional criminals to fake their gender, race, or age.

Consequently, this leads to the second difference between traditional and cybercrimes,
length of investigations. Since cybercrime involves perpetrators using falsified names and
working from remote locations, it usually takes longer to identify the real cybercriminals
and apprehend them. In most cases, cybercriminals (such as hackers) escape from arrest
because the investigators cannot locate them. Traditional crimes take shorter time period
to investigate because the criminals usually leave evidence that can be used to spot them.
For instance, traditional criminals can leave evidence such as DNA, fingerprints,
photographs and videos captured on surveillance cameras, or personal belongings such as
identity cards, and this makes it easy for investigators to identify and capture the culprits.
In addition, such evidence makes it easy for the judiciary to convict the offenders.

10
Lastly, the difference between traditional crimes and cybercrimes is the force involved.
Most of the traditional crimes (such as rape, murder, arson, and burglary among others)
involve the use of excessive force that results in physical injury and trauma on the
victims. On the other hand, cybercrimes do not require the use of any force since the
criminals merely use the identities of their victims to steal from them. For example,
cybercriminals use spoofing and phishing to obtain personal information such as credit
card numbers from their victims, or use encrypted emails to coordinate violence remotely.

REASONS FOR CYBER CRIME

1. Capacity to store data in comparatively small space: The computer has unique
characteristic of storing data in a very small space. This affords to remove or derive
information either through physical or virtual medium makes it much easier.

2. Easy to access: The problem encountered in guarding a computer system from

unauthorised access is that there is every possibility of breach not due to human error but
due to the complex technology. By secretly implanted logic bomb, key loggers that can
steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric
systems and bypass firewalls can be utilized to get past many a security system.

3. Complex: The computers work on operating systems and these operating systems in
turn are composed of millions of codes. Human mind is fallible and it is not possible that
there might not be a lapse at any stage. The cyber criminals take advantage of these
lacunas and penetrate into the computer system.

4. Negligence: Negligence is very closely connected with human conduct. It is therefore

very probable that while protecting the computer system there might be any negligence,
which in turn provides a cyber-criminal to gain access and control over the computer
system.

5. Loss of evidence: Loss of evidence is a very common & obvious problem as all the
data are routinely destroyed. Further collection of data outside the territorial extent also
paralyses this system of crime investigation.

11
MODE AND MANNER OF COMMITING CYBER CRIME

1. Unauthorized access to computer systems or networks / Hacking-

This kind of offence is normally referred as hacking in the generic sense. However the
framers of the information technology act 2000 have nowhere used this term so to avoid
any confusion we would not interchangeably use the word hacking for ‘unauthorized
access’ as the latter has wide connotation.

2. Theft of information contained in electronic form-

This includes information stored in computer hard disks, removable storage media etc.
Theft may be either by appropriating the data physically or by tampering them through
the virtual medium. 3. Email bombing- This kind of activity refers to sending large
numbers of mail to the victim, which may be an individual or a company or even mail
servers there by ultimately resulting into crashing.

4. Data diddling-

This kind of an attack involves altering raw data just before a computer processes it and
then changing it back after the processing is completed. The electricity board faced
similar problem of data diddling while the department was being computerised.

5. Salami attacks-

This kind of crime is normally prevalent in the financial institutions or for the purpose of
committing financial crimes. An important feature of this type of offence is that the
alteration is so small that it would normally go unnoticed. E.g. the Ziegler case wherein a
logic bomb was introduced in the bank’s system, which deducted 10 cents from every
account and deposited it in a particular account.

6. Denial of Service attack-

The computer of the victim is flooded with more requests than it can handle which cause
it to crash. Distributed Denial of Service (DDoS) attack is also a type of denial of service
attack, in which the offenders are wide in number and widespread. E.g. Amazon, Yahoo.

12
7. Virus / worm attacks-

Viruses are programs that attach themselves to a computer or a file and then circulate
themselves to other files and to other computers on a network. They usually affect the
data on a computer, either by altering or deleting it. Worms, unlike viruses do not need
the host to attach themselves to. They merely make functional copies of themselves and
do this repeatedly till they eat up all the available space on a computer's memory. E.g.
love bug virus, which affected at least 5 % of the computers of the globe. The losses were
accounted to be $ 10 million. The world's most famous worm was the Internet worm let
loose on the Internet by Robert Morris sometime in 1988. Almost brought development of
Internet to a complete halt

8. Logic bombs-

These are event dependent programs. This implies that these programs are created to do
something only when a certain event (known as a trigger event) occurs. E.g. even some
viruses may be termed logic bombs because they lie dormant all through the year and
become active only on a particular date (like the Chernobyl virus).

9. Trojan attacks-

This term has its origin in the word ‘Trojan horse’. In software field this means an
unauthorized programme, which passively gains control over another’s system by
representing itself as an authorised programme. The most common form of installing a
Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film
director in the U.S. while chatting. The cyber criminal through the web cam installed in
the computer obtained her nude photographs. He further harassed this lady.

10. Internet time thefts-

Normally in these kinds of thefts the Internet surfing hours of the victim are used up by
another person. This is done by gaining access to the login ID and the password. E.g.
Colonel Bajwa’s case- the Internet hours were used up by any other person. This was
perhaps one of the first reported cases related to cyber-crime in India. However this case
made the police infamous as to their lack of understanding of the nature of cyber-crime.

13
11. Web jacking-

This term is derived from the term hi jacking. In these kinds of offences the hacker gains
access and control over the web site of another. He may even mutilate or change the
information on the site. This may be done for fulfilling political objectives or for money.
E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the
Pakistani hackers and some obscene matter was placed therein. Further the site of
Bombay crime branch was also web jacked. Another case of web jacking is that of the
‘gold fish’ case. In this case the site was hacked and the information pertaining to gold
fish was changed. Further a ransom of US $ 1 million was demanded as ransom. Thus
web jacking is a process whereby control over the site of another is made backed by some
consideration for it

CLASSIFICATION:

The subject of cyber-crime may be broadly classified under the following three groups.
They are-

1. Against Individuals

(a). Their person &

(b). Their property of an individual

2. Against Organization

(a). Government

(b). Firm, Company, Group of Individuals.

14
Against Society at large

The following are the crimes, which can be committed against the followings group

1. Against Individuals: –

i. Harassment via e-mails.

ii. Cyber-stalking.
iii. Dissemination of obscene material.
iv. Defamation.
v. Unauthorized control/access over computer system.
vi. Indecent exposure
vii. Email spoofing
viii. Cheating & Fraud

2. Against Individual Property: -

i. Computer vandalism.
ii. Transmitting virus.
iii. Netrespass
iv. Unauthorized control/access over computer system
v. Intellectual Property crimes
vi. Internet time thefts

15
3. Against Organization: -

i. Unauthorized control/access over computer system

ii. Possession of unauthorized information.

iii. Cyber terrorism against the government organization.

iv. Distribution of pirated software etc.

The above mentioned offences may discuss in brief as follows:

1. Harassment via e-mails-

Harassment through e-mails is not a new concept. It is very similar to harassing

through letters. Recently one of my friends had received a mail from a lady wherein she
complained about the same. Her former boyfriend was sending her mails constantly
sometimes emotionally blackmailing her and also threatening her. This is a very common
type of harassment via e-mails.

2. Cyber-stalking-

The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking involves
following a person's movements across the Internet by posting messages (sometimes
threatening) on the bulletin boards frequented by the victim, entering the chat-rooms
frequented by the victim, constantly bombarding the victim with emails etc.

3. Dissemination of obscene material/ Indecent exposure/ Pornography

(basically child pornography) / Polluting through indecent exposure-

Pornography on the net may take various forms. It may include the hosting of web site
containing these prohibited materials. Use of computers for producing these obscene
materials. Downloading through the Internet, obscene materials. These obscene matters
may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind.
Two known cases of pornography are the Delhi Bal Bharati case and the Bombay case
wherein two Swiss couple used to force the slum children for obscene photographs. The
Mumbai police later arrested them.

16
TYPES OF CYBER CRIME

1. Theft of Telecommunications Services

The theft of telecommunications services is a crime. Pay Tel Communications, Inc.

reserves the right to block calls to persons that do not pay for services and to prosecute
individuals that attempt to steal these services.

Pay Tel is constantly developing new and innovative ways to identify individuals who
attempt to avoid paying for telecommunications services. Pay Tel is committed to
identifying and prosecuting individuals who steal telecommunications services.

2. Communications in Furtherance of Criminal Conspiracies

Just as legitimate organisation in the private and public sector rely upon information
systems for communication and record keeping, so too are the activities of criminal
organisation enhanced by technology.

Just as legitimate organization in the private and public sector rely upon information
systems for communication and record keeping, so too are the activities of criminal
organizations enhanced by technology.

There is evidence of telecommunications equipment being used to facilitate organized

drug trafficking, gambling, prostitution money laundering, child pornography and trade in
weapons (in those jurisdictions where such are illegal). The use of encryption technology
may place criminal communications beyond the reach of law enforcement.

In another case a rejected suitor posted invitations on the Internet under the name of a 28-
year-old woman, the would-be object of his affections, that said that she had fantasies of
rape and gang rape. He then communicated via email with men who replied to the
solicitations and gave out personal information about the woman, including her address,
phone number, details of her physical appearance and how to bypass her home security
system. Strange men turned up at her home on six different occasions and she received
many obscene phone calls. While the woman was not physically assaulted, she would not
answer the phone, was afraid to leave her home, and lost her job (Miller 1999; Miller and
Maharaj 1999).

17
One former university student in California used email to harass 5 female students in
1998. He bought information on the Internet about the women using a professor's credit
card and then sent 100 messages including death threats, graphic sexual descriptions and
references to their daily activities. He apparently made thE threats in response to
perceived teasing about his appearance (Associated Press 1999a).

Computer networks may also be used in furtherance of extortion. The Sunday Times
(London) reported in 1996 that over 40 financial institutions in Britain and the United
States had been attacked electronically over the previous three years. In England,
financial institutions were reported to have paid significant amounts to sophisticated
computer criminals who threatened to wipe out computer systems. (The Sunday Times,
June 2, 1996). The article cited four incidents between 1993 and 1995 in which a total of
42.5 million Pounds Sterling were paid by senior executives of the organisations
concerned, who were convinced of the extortionists' capacity to crash their computer
systems (Denning 1999 233-4).

5. ELECTRONIC MONEY LAUNDERING AND TAX EVASION

For some time now, electronic funds transfers have assisted in concealing and in moving
the proceeds of crime. Emerging technologies will greatly assist in concealing the origin
of ill-gotten gains. Legitimately derived income may also be more easily concealed from
taxation authorities. Large financial institutions will no longer be the only ones with the
ability to achieve electronic funds transfers transiting numerous jurisdictions at the speed
of light. The development of informal banking institutions and parallel banking systems
may permit central bank supervision to be bypassed, but can also facilitate the evasion of
cash transaction reporting requirements in those nations which have them. Traditional
underground banks, which have flourished in Asian countries for centuries, will enjoy
even greater capacity through the use of telecommunications.

18
With the emergence and proliferation of various technologies of electronic commerce,
one can easily envisage how traditional countermeasures against money laundering and
tax evasion may soon be of limited value. I may soon be able to sell you a quantity of
heroin, in return for an untraceable transfer of stored value to my "smart-card", which I
then download anonymously to my account in a financial institution situated in an
overseas jurisdiction which protects the privacy of banking clients. I can discreetly draw
upon these funds as and when I may require, downloading them back to my stored value
card (Wahlert 1996).

ELECTRONIC VANDALISM, TERRORISM AND EXTORTION

As never before, western industrial society is dependent upon complex data processing
and telecommunications systems. Damage to, or interference with, any of these systems
can lead to catastrophic consequences. Whether motivated by curiosity or vindictiveness
electronic intruders cause inconvenience at best, and have the potential for inflicting
massive harm (Hundley and Anderson 1995, Schwartau 1994).

While this potential has yet to be realised, a number of individuals and protest groups
have hacked the official web pages of various governmental and commercial
organisations (Rathmell 1997). http://www.2600.com/hacked_pages/ (visited 4 January
2000). This may also operate in reverse: early in 1999 an organised hacking incident was
apparently directed at a server which hosted the Internet domain for East Timor, which at
the time was seeking its independence from Indonesia (Creed 1999).

Defence planners around the world are investing substantially in information warfare--
means of disrupting the information technology infrastructure of defence systems (Stix
1995). Attempts were made to disrupt the computer systems of the Sri Lankan
Government (Associated Press 1998), and of the North Atlantic Treaty Organization
during the 1999 bombing of Belgrade (BBC 1999). One case, which illustrates the
transnational reach of extortionists, involved a number of German hackers who
compromised the system of an Internet service provider in South Florida, disabling eight
of the ISPs ten servers. The offenders obtained personal information and credit card
details of 10,000 subscribers, and, communicating via electronic mail through one of the
compromised accounts, demanded that US$30,000 be delivered to a mail drop in

19
Germany. Co-operation between US and German authorities resulted in the arrest of the
extortionists (Bauer 1998).

More recently, an extortionist in Eastern Europe obtained the credit card details of
customers of a North American based on-line music retailer, and published some on the
Internet when the retailer refused to comply with his demands (Mark off 2000).

7. SALES AND INVESTMENT FRAUD

As electronic commerce becomes more prevalent, the application of digital technology to

fraudulent endeavours will be that much greater. The use of the telephone for fraudulent
sales pitches, deceptive charitable solicitations, or bogus investment overtures is
increasingly common. Cyberspace now abounds with a wide variety of investment
opportunities, from traditional securities such as stocks and bonds, to more exotic
opportunities such as coconut farming, the sale and leaseback of automatic teller
machines, and worldwide telephone lotteries (Cella and Stark 1997 837-844). Indeed, the
digital age has been accompanied by unprecedented opportunities for misinformation.
Fraudsters now enjoy direct access to millions of prospective victims around the world,
instantaneously and at minimal cost.

Classic pyramid schemes and "Exciting, Low-Risk Investment Opportunities" are not
uncommon. The technology of the World Wide Web is ideally suited to investment
solicitations. In the words of two SEC staff "At very little cost, and from the privacy of a
basement office or living room, the fraudster can produce a home page that looks better
and more sophisticated than that of a Fortune 500 company" (Cella and Stark 1997, 822).

8. ILLEGAL INTERCEPTION OF TELECOMM

Developments in telecommunications provide new opportunities for electronic

eavesdropping. From activities as time-honoured as surveillance of an unfaithful spouse,
to the newest forms of political and industrial espionage, telecommunications interception
has increasing applications. Here again, technological developments create new
vulnerabilities. The electromagnetic signals emitted by a computer may themselves be
intercepted. Cables may act as broadcast antennas. Existing law does not prevent the
remote monitoring of computer radiation.

20
It has been reported that the notorious American hacker Kevin Poulsen was able to gain
access to law enforcement and national security wiretap data prior to his arrest in 1991
(Littman 1997). In 1995, hackers employed by a criminal organisation attacked the
communications system of the Amsterdam Police. The hackers succeeded in gaining
police operational intelligence, and in disrupting police communications (Rathmell 1997).

9. ELECTRONIC FUNDS TRANSFER FRAUD

Electronic funds transfer systems have begun to proliferate, and so has the risk that such
transactions may be intercepted and diverted. Valid credit card numbers can be
intercepted electronically, as well as physically; the digital information stored on a card
can be counterfeited.

Of course, we don't need Willie Sutton to remind us that banks are where they keep the
money. In 1994, a Russian hacker Vladimir Levin, operating from St Petersburg, accessed
the computers of Citibank's central wire transfer department, and transferred funds from
large corporate accounts to other accounts which had been opened by his accomplices in
The United States, the Netherlands, Finland, Germany, and Israel. Officials from one of
the corporate victims, located in Argentina, notified the bank, and the suspect accounts,
located in San Francisco, were frozen. The accomplice was arrested. Another accomplice
was caught attempting to withdraw funds from an account in Rotterdam. Although
Russian law precluded Levin's extradition, he was arrested during a visit to the United
States and subsequently imprisoned (Denning 1999, 55).

21
Other types of cyber crime

Hacker:

Hacker is a term used by some to mean "a clever programmer" and by

others, especially those in popular media, to mean "someone who tries to break into
computer systems."

1) Eric Raymond, compiler of The New Hacker's Dictionary, defines a hacker as

a clever programmer. A "good hack" is a clever solution to a programming

problem and "hacking" is the act of doing it. Raymond lists five possible

characteristics that qualify one as a hacker, which we paraphrase here:

 A person who enjoys learning details of a programming language or system

 A person who enjoys actually doing the programming rather than just
 theorizing about it
 A person capable of appreciating someone else's hacking
 A person who picks up programming quickly
 A person who is an expert at a particular programming language or system,
 as in "UNIX hacker"

2) The term hacker is used in popular media to describe someone who

attempts to break into computer systems. Typically, this kind of hacker

would be a proficient programmer or engineer with sufficient technical

knowledge to understand the weak points in a security system.

22
Motive Behind The Crime

a. Greed

b. Power

c. Publicity

d. Revenge

e. Adventure

f. Desire to access forbidden information

g. Destructive mindset

h. Wants to sell n/w security services

Theft:

This crime occurs when a person violates copyrights and downloads music, movies,
games and software. There are even peer sharing websites which encourage software
piracy and many of these websites are now being targeted by the FBI. Today, the justice
system is addressing this cyber crime and there are laws that prevent people from illegal
downloading.

23
Cyber Stalking:

This is a kind of online harassment wherein the victim is subjected to a barrage of online
messages and emails. Typically, these stalkers know their victims and instead of resorting
to offline stalking, they use the Internet to stalk. However, if they notice that cyber
stalking is not having the desired effect, they begin offline stalking along with cyber
stalking to make the victims‘ lives more miserable.

Identity Theft:

This has become a major problem with people using the Internet for cash transactions and
banking services. In this cyber crime, a criminal accesses data about a person‘s bank
account, credit cards, Social Security, debit card and other sensitive information to siphon
money or to buy things online in the victim‘s name. It can result in major financial losses
for the victim and even spoil the victim‘s credit history.

Malicious Software:

These are Internet-based software or programs that are used to disrupt a network. The
software is used to gain access to a system to steal sensitive information or data or
causing damage to software present in the system.

Child soliciting and Abuse:

This is also a type of cyber crime wherein criminals solicit minors via chat rooms for the
purpose of child pornography. The FBI has been spending a lot of time monitoring chat
rooms frequented by children with the hopes of reducing and preventing child abuse and
soliciting.

24
CLASSIFICATION OF CYBER CRIME

Cybercrimes can be basically divided into 3 major categories:

1) Against Individuals:

(i)Email spoofing: A spoofed email is one in which e-mail header is forged so that
mail appears to originate from one source but actually has been sent from another source.

(ii) Spamming: Spamming means sending multiple copies of unsolicited mails or mass
emails such as chain letters.

(ii)Cyber Defamation: This occurs when defamation takes place with the help of
computers and / or the Internet. E.g. someone publishes defamatory matter about
someone on a website or sends e-mails containing defamatory information.

(iv)Harassment & Cyber Stalking:

Cyber Stalking Means following the moves of an individual's activity over internet. It
can be done with the help of many protocols available such at e- mail, chat rooms, user
net groups.

25
(2) Against Property:

(i) Credit Card Fraud:

(ii) Intellectual Property crimes: These include Software piracy: illegal copying of
programs, distribution of copies of software. Copyright infringement  Trademarks
violations Theft of computer source code

(iii) Internet time theft: the usage of the Internet hours by an unauthorized person which
is actually paid by another person.

(3) Against Organisation

(i) Unauthorized Accessing of Computer:

Accessing the computer/network without permission from the owner. It can be of 2

forms:

a) Changing/deleting data:

Unauthorized changing of data.

b) Computer voyeur:

The criminal reads or copies confidential or proprietary information but the data is
neither deleted nor changed.

(ii) Denial of Service:

When Internet server is flooded with continuous bogus requests so as to denying

legitimate users to use the server or to crash the server.

(iii)Computer Contamination/ Virus Attack:

A computer virus is a computer program that can infect other computer programs by
modifying them in such a way as to include a (possibly evolved) copy of it. Viruses can
be file infecting or affecting boot sector of the computer. Worms, unlike viruses do not
need the host to attach themselves to.

26
(iv) E-mail Bombing:

Sending large numbers of mails to the individual or company or mail servers thereby
ultimately resulting into crashing.

(v)Salami Attack:

When negligible amounts are removed & accumulated in to something larger. These
attacks are used for the commission of financial crimes.

(vi)Logic Bomb:

It‘s an event dependent programme, as soon as the designated event occurs, it crashes the
computer, release a virus or any other harmful possibilities.

(vii) Trojan Horse:

An unauthorized program which functions from inside what seems to be an authorized

program, thereby concealing what it is actually doing.

(viii) Data diddling:

This kind of an attack involves altering raw data just before it is processed by a computer
and then changing it back after the processing is completed.

(4) Against Society

(i) Forgery:

Currency notes, revenue stamps, mark sheets etc can be forged using computers and high
quality scanners and printers.

(ii) Cyber Terrorism:

Use of computer resources to intimidate or coerce others.

(iii) Web Jacking:

Hackers gain access and control over the website of another, even they change the content
of website for fulfilling political objective or for money.

27
REASONS FOR CYBER CRIME

Hart in his work ―The Concept of Law‖ has said ‗human beings are vulnerable so rule of
law is required to protect them‘. Applying this to the cyberspace we may say that
computer are vulnerable (capable of attack) so rule of law is required to protect and
safeguard them against cyber crime. The reasons for the vulnerability of computers may
be said to be:

1. Capacity To Store Data In Comparatively Small Space-

The computer has unique characteristic of storing data in a very small space. This affords to
remove or derive information either through physical or virtual medium makes it much easier.

2. Eassy To Access
The problem encountered in guarding a computer system from unauthorized access is that
there is every possibility of breach not due to human error but due to the complex
technology. By secretly implanted logic bomb, key loggers that can steal access codes,
advanced voice recorders; retina imagers etc. That can fool biometric systems and bypass
firewalls can be utilized to get past many a security system.

3. Coplex

The computers work on operating systems and these operating systems in turn are
composed of millions of codes. Human mind is fallible and it is not possible that there
might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and
penetrate into the computer system.

4. Negligence

Negligence is very closely connected with human conduct. It is therefore very probable
that while protecting the computer system there might be any negligence, which in turn
provides a cyber criminal to gain access and control over the computer system

5. Loss of evidence

Loss of evidence is a very common & obvious problem as all the data are routinely
destroyed. Further collection of data outside the territorial extent also paralyses this
system of crime investigation.

28
BANKING SECTOR

The Banking Industry was once a simple and reliable business that took deposits from
investors at a lower interest rate and loaded it out to borrowing at a higher rate

However deregulation and technology led to a revolution in the Banking Industry that
saw it transformed. Banks have become global industrial powerhouses that have created
ever more complex products that use risk. Through technology development, banking
services have become available 24 hours a day, 365 days a week, through ATMs, at
online banking, and in electronically enabled exchanges where everything from stocks to
currency futures contracts can be traded. The Banking Industry at its core provides access
to credit. In the lenders case, includes access to their own savings and investments, and
interest payments on those amounts. In the case of borrowers, it includes access to loans
for the creditworthy, at a competitive interest rate. Banking services include transactional
services, such as verification of account details, account balance details and the transfer
of funds, as well as advisory services that help individuals and institutions to properly
plan and manage their finances. Online banking channels have become a key in the last
10 years.

The collapse of the Banking Industry in the Financial Crisis, however, means that some of
the more extreme risk-taking and complex securitization activities that banks increasingly
engaged in since 2000 will be limited and carefully watched, to ensure that there is not
another banking system meltdown in the future.

Banking in India originated in the last decades of the 18th century. The oldest bank
inexistence in India is the State Bank of India, a government-owned bank that traces its
origins back to June 1806 and that is the largest commercial bank in the country. Central
banking is the responsibility of the Reserve Bank of India, which in 1935 formally took
over these responsibilities from the Imperial Bank of India, regarding it to commercial
banking functions. After India independent in 1947, the Reserve Bank was nationalized
and given broader powers. In 1969 the government nationalized the 14 largest
commercial banks; the government nationalized the six next largest in 1980.

29
CREDIT CARDS FRAUDS

INTRODUCTION TO CREDIT CARDS

Credit was first used in Assyria, Babylon and Egypt 3000 years ago. The bill of
exchange- the forerunner of banknotes - was established in the 14th century. Debts were
settled by one-third cash and two-thirds bill of exchange. Paper money followed only in
the 17th century. The first

advertisement for credit was placed in 1730 by Christopher Thornton, who offered
furniture that could be paid off weekly.

From the 18th century until the early part of the 20th, tallymen sold clothes in return for
small weekly payments. They were called "tallymen" because they kept a record or tally
of what people had bought on a wooden stick. One side of the stick was marked with
notches it represent the amount of debt and the other side was a record of payments. In
the 1920‘s, a shopper‘s plate - a "buy now, pay later" system - was introduced in
the USA. It could only be used in the shops which issued it. In 1950, Diners Club and
American Express launched their charge cards in the USA, the first "plastic money".

30
 In 1951, Diners Club issued the first credit card to 200 customers who could use it
at 27 restaurants in New York. But it was only until the establishment of standards for
the magnetic strip in 1970 that the credit card became part of the
information age .The first use of magnetic stripes on cards was in the early
1960's, when the London Transit Authority installed a magnetic stripe system.
San Francisco Bay Area Rapid Transit installed a paper based ticket the same size
as the credit cards in the late 1960's. The word credit comes fro m Latin,
meaning ―TRUST‖.

IF CARD IS STOLEN

When a credit card is lost or stolen, it remains usable until the holder notifies the
bank t h a t t h e ca r d i s l o s t ; mo s t b a n k s h a v e t o l l - f r e e t e l e p h o n e
nu mb e r s wi t h 2 4 - ho u r s u p po r t t o encourage prompt reporting. Still, it
is possible for a thief to make unauthorized purchases on that card up until the
card is cancelled. In the absence of other security measures, a thief could
potentially purchase thousands of dollars in merchandise or services before the card
holder or the bank realize that the card is in the wrong hands.

In the United States, federal law limits the liability of card holders to $50 in the event of
theft, regardless of the amount charged on the card; in practice, many banks will waive
even this small payment and simply remove the fraudulent charges from the
customer's account if the customer signs an affidavit confirming that the charges
are indeed fraudulent. Other countries generally have similar laws aimed at
protecting consumers from physical theft of the card

The only common security measure on all cards is a signature panel, but signatures
are relatively easy to forge. Many merchants will demand to see a picture ID,
such as a driver's license, to verify the identity of the purchaser, and some credit cards
include the holder's picture on the card itself. However, the card holder has a right to
refuse to show additional verification, and asking for such verification may be a
violation of the merchant's agreement with the credit card companies.

31
Self-serve payment systems (gas stations, kiosks, etc.) are common targets for
stolen cards, as there is no way to verify the card holder's identity. A common
countermeasure is to require the user to key in some identifying
information, such as the user's ZIP or postal code. This method may deter casual
theft of a card found alone, but if the card holder's wallet is stolen, it may be trivial for
the thief to deduce the information by looking at other items in the wallet. For
instance, a U.S. driver license commonly has the holder's home address and ZIP code
printed on it.

Banks have a number of countermeasures at the network level, including

sophisticated real-time analysis that can estimate the probability of fraud based
on a number of factors. For example, a large transaction occurring a great
distance from the card holder's home might be f l a g g e d a s s u s p i c i o u s .
Th e me r c h a n t ma y b e

instructed t o call the bank fo r verification , to decline the transaction, or even to hold the card
and refuse to return it to the customer.
Stolen cards can be reported quickly by card holders, but a compromised account can be
hoarded by a thief for weeks or months before any fraudulent use, making it difficult to
identify the source of the compromise. The card holder may not discover fraudulent use
until receiving a billing statement, which may be delivered infrequently.

Compromised Accounts

Card account information is stored in a number of formats. Account numbers are

embossed or imprinted on the card a magnetic stripe on the contains the data in machine
readable format. Fields can vary, but the most common include:

 Name of card holder

 Account number

 Expiration date

32
Many Web sites have been compromised in the past and theft of credit card data
is a major concern for banks. Data obtained in a theft , like addresses or phone
numbers, can be highly useful to a thief as additional card holder verification.

Mail/Internet Order Fraud

The mail and the Internet are major routes for fraud against merchants who sell and ship
products, as well Internet merchants who provide online services. The industry term
for catalog order and similar transactions is " Card No t Present " ( CNP ) , meaning
that t he ca rd is not physically available for the merchant to inspect . The
merchant must rely on the holder ( or someone purporting to be the holder) to
present the information
on the card by indirect means, whether by mail, telephone or over the Internet when the
cardholder is not present at the point of sale
.It is difficult for a merchant to verify that the actual card holder is indeed authorizing the
purchase. Shipping companies can guarantee delivery to a location, but they are not
required to check identification and they are usually are not involved in processing
payments for the merchandise. A common preventive measure for merchants is to allow
shipment only to an address approved by the cardholder, and merchant banking systems
offer simple methods of verifying this information.
Additionally, smaller transactions generally undergo less scrutiny, and are less likely to
be investigated by either the bank or the merchant, since the cost of research and
prosecution usually far outweighs the loss due to fraud. CNP merchants must take
extra precaution against fraud exposure and associated losses , and they pay higher
ratest merchant banks forthe privilege of accepting cards. Anonymous scam artists bet on
the fact that many fraud prevention features do not apply in this environment.
Merchant associations have developed some prevention measures, such as single use
card numbers, but these have not met with much success. Customers expect to be able to
use their credit card without any hassles, and have little incentive to pursue additional
security due to laws limiting customer liability in the event of fraud. Merchants can
implement these prevention measures but risk losing business if the customer chooses not
to use the measures

33
Account Takeover

There are two types of fraud within the identity theft category:

1. Application Fraud.

2. Account Takeover

1. Application Fraud.

Application fraud occurs when criminals use stolen or fake documents to open an account
in someone else‘s name. Criminal may try to steal documents such as utility bills and
bank statements to build up useful personal information.

2. Account Takeover.

Account takeover involves a criminal trying to take over another person‘s account, first
by gathering information about the intended victim, then contacting their bank or credit
issuer- masquerading as the genuine cardholder-asking for mail to be redirected to a new
address. The criminal then reports the card lost and asks for a replacement to be sent. The
replacement card is then used fraudulently.

34
CYBER CRIME IN BANKING SECTOR AUTOMATED TELLER MACHINE

The traditional and ancient society was devoid of any monetary

instruments and the entire exchange of goods and merchandise was
managed by the ―barter system‖. The use of monetary instruments as a unit of
exchange replaced the barter system and money in various denominations was used as the
sole purchasing power. The modern contemporary era has replace these traditional
monetary instruments from a paper and mental based currency to ―plastic money‖
in the form of credit cards, debit cards, etc. This has resulted in the increasing use of
ATM all over the world. The use of ATM is not only safe but is also convenient. This
safety and convenience, unfortunately, has an evil side as well that do not originate from
the use of plastic money rather by misuse of the same. This evil side is reflected in the
form of “ATM FRAUDS” that is a global problem. The use of plastic money is increasing
day by day for payment of shopping bills, electricity bills, school fees, phone bills,
insurance premium, travelling bills and even petrol bills. The convenience and safety that
credit cards carry with its use has been instrumental in increasing both credit card
volumes and usage. This growth is not only in positive use of the same but as well as the
negative use of the same. The world at large is struggling to increase the convenience and
safety on the one hand and to reduce it misuse on the other.

WAYS TO CARD FRAUDS

35
Some of the popular techniques used to carry out ATM crime are:

1. Thought card Jamming ATM‘s card reader is tampered with in order to trap a
customer‘s card. Later on the criminal removes the card.
2. Card Skimming, is the illegal way of stealing the card‘s security information from
the card‘s magnetic stripe.
3. Card Swapping, through this customer‘s card is swapped for another
card without the knowledge of cardholder.
Website Spoofing, here a new fictitious site is made which looks authentic to the
user and customers are asked to give their card number. PIN and other information,
which are used to reproduce the card for use at an ATM.

HOW TO USE CASH MACHINE

36
Be aware of other around you. If someone close by the cash machine is behaving
suspiciously or make you feel uncomfortable, choose another. Make sure you check the
machine before you use it for any signs of tampering. Examine the machine for stick on
boxes, stick on card entry slots etc. If you find it difficult to get your card into the slot, do
not use it, go to another machine.
If there is anything unusual about the cash machine report it to the bank and police or the
owner of the premises immediately. Under no circumstances should members of the
public attempt to remove a device as it‘s possible the offender may be nearby.

What Precaution Should Be Taken While Leaving Cash Machine

37
Once you have completed a transaction, discreetly put your money and card away before
leaving the cash machine. If you lose your card in cash machine, cancel the card
immediately with the card issuer‘s 24-hour emergency line, which can be found on your
last bank statement. Do not assume that your bank automatically knows that the machine
has withheld your card. Again, beware of help offered by "well meaning strangers".
Dispose of your cash machine receipt, mini-statement or balance enquiry slip with care.
Tear up or preferably shred these items before discarding them.

Card Fraud Also Happens In The Home:

Cardholder should also be warned of the risks of verifying bank details at home in
unsolicited telephone conversations. Always call the person back using the advertised
customer telephone number, not the telephone number they may give you.

1. Do Not Click On Hyperlinks Sent To You By Email Asking You To Confirm Your
Bank Details Online:

Hyperlinks are links to web pages that have been sent to you by email and may open a
dummy website designed to steal your personal details. Phone your bank instead on their
main customer number or access your account using the bank's main website address.
Use good antivirus and firewall protection.

NEVER Write Down Your Pin:

People make life very easy for pickpockets if they write down their PIN and keep it in
their purse or wallet. Do not write down your PIN. If you have been given a number
that you find difficult to remember, take your card along to a cash machine and change
the number to one that you will be able to remember without writing it down.

PREVENTION FOR ATM CARDS

38
 Most ATM fraud happens due to the negligence of customers in using, and more
importantly, negligence of banks in educating their customers about the matters that
should be taken care of while at an ATM. The number of fraud in India is more in regard
to negligence of the Personal Identification Number (PIN), than by sophisticated crimes
like skimming. Banks need to develop a fraud policy – the policy should be written and
distributed to all employees, borrowers and depositors. The most important aspect for
reducing ATM related fraud is to

1. Look for suspicious attachment. Criminals often capture information through ATM
skimming– using devices that steal magnetic strip information. At a educate the
customer. Here is a compiled list of guidelines to help your customer from being an
ATM fraud victim: glance, the skimmer looks just like a regular ATM slot, but it‘s an
attachment that captures ATM card number. To spot one, the attachment slightly protrudes
from the machine and may not be parallel with the inherent grooves. Sometimes, the
equipment will even cut off the printed labels on the ATM. The skimmer will not obtain
PIN numbers, however. To get that, fraudsters place hidden cameras facing the ATM
screen. There‗s also the helpful bystander (the criminal) who may be standing by to kindly
inform you the machine has had problems and offer to help. If you do not feel safe at any time,
press the ATM cancel button, remove your card and leave the area immediately.

2. Look for suspicious attachment. Criminals often capture information through ATM
skimming– using devices that steal magnetic strip information. At a Minimize your time
at the ATM. The more time you spend at the ATM, the more vulnerable you are. If you
need to update your records after a transaction, one is advised do it at home or office,
but not while at the ATM. Even when depositing a cheque at the ATM, on should not
make/sign the cheque at the ATM. After the transaction, if you think you are being
followed, go to an area with a lot of people and call the police.

3. Mark smart deposits. Some ATMs allow you to directly deposit checks and cash into
your accounts without stuffing envelopes. As for the envelope-based deposit, make sure
they go through-if it gets jammed and it doesn‘t fully go into the machine, the next
person can walk up and it out. After having made the ATM deposit, compare your
record with the account statements or online banking records.

RESEARCH METHODOLOGY

39
A research design specific a procedure for conducting and controlling the research
project. Every research must explicitly state its plan about collection and analysis of data.
It is the descriptive research which the study is conducted and deals with the procedures
used in the study for the purpose of investigation. Research Methodology in the context
of the topic includes the cases of cyber crime happen in India.

Research Design
This study is adopted as descriptive research to provide detailed and comprehensive
explanation of a phenomena.

Sampling Method
The sample method we are using is to collect data by online source through different
web portals and reports.

Sample Area
The sample area of the study will be restricted to the country India.

Methods of Data collection

The analysis tools would include

1. Primary data.
No primary data were used
2. Secondary data
The secondary data have collected from online source and after analyzing it the data
is input in the project the data are collected from different web portals and the data
from were, we collected the links are mentioned in bibliography.

DATA ANALYSIS & INTEREPRETATION

40
Cybercrime will create over $1.5 trillion in profits in 2018

“By erring on the side of caution, by making projections from a small, rather than large
number of revenue categories and by opting for lower, rather than higher points on the
estimate range, the aim was to understand whether the assumption that cybercrime is a
lucrative form of offending has any basis in what is actually happening within the
cybercrime economy. The surprisingly high figures that were eventually derived certainly
suggest that we need to think more seriously about the attractions and how these might be
tackled. For even if the figure for total revenues from cybercrime is only accurate up to a
point, the fact that it is a deliberately conservative one means that its inaccuracies at least
involve only underestimates, rather than overestimates.”

In other words, there’s a very good chance that the actual numbers skew much, much higher. 

Cybercrime Annual revenue

0% 0%
11%

Illegal online markets

Trade secret IP theft
Data Trading
Crime / Caas
Ransomware
33%
56%

41
Crime Annual Revenues Illegal
online markets $860 Billion
Trade secret, IP theft $500 Billion
Data Trading $160 Billion
Crime-ware/CaaS $1.6 Billion
Ransomware $1 Billion
Total Cybercrime Revenues $1.5 Trillion
Read more at: https://www.thesslstore.com/blog/2018-cybercrime-statistics/

How much money does Ransomware make?

In 2016, the US Federal Bureau of Investigation estimated that Ransomware payments
would reach $1 billion. Two years later that shows no signs of slowing down. Here’s a
sampling of some of the highest-profile Ransomware from the past five years as well as
how much money it made.

Ransomware Date Profits

CryptoLocker 2013 ~$3 million
CryptoWall 2014-2016 ~$18-320 million
Locky $7.8-$150 million
Cerber $6.9 million
WannaCry 2016 $55,000-$140,000
Petya/NotPetya $10,000

Read more at: https://www.thesslstore.com/blog/2018-cybercrime-statistics/

As you can see, some of the higher-profile cases of Ransomware didn’t see much return
financially. The Petya/NotPetya figure in particular is fairly eyebrow-raising given how
prolific the ransomware seemed to be at the time. But, there is a distinction to be made
between ransomware that was designed to make money and ransomware that was
designed primarily for disruption. Petya/NotPetya would appear to be in the latter

42
category.

Share of cyber crime attacks across India in 2016 and 2017

2016-2017
80
70
60
50
40
30 Series 1
Axis Title 20 Column2
10
0
e e re
rim ism ag fa
r c tiv o n ar
be ck pi rw
Cy Ha r es b e
be Cy
Cy
Axis Title

This statistic illustrates the share of cyber crime attacks across India in 2016 and 2017, by
motivation. The main motivation behind the cyber attacks across the country in 2017 was
cybercrime with a share of approximately 77.40 percent, up from a share of about 72.1
percent across the country in 2016.

INDIAN SCENARIO

In India, where total number of installed ATM‘s base is far less than many developed
countries. ATM-related frauds are very less. But they could increase as more and more
ATM‘s will penetrate in the country, the bank should create awareness among customers
about the card-related frauds to reduce the number of frauds in future. In India, Indian
Banks Association (IBA)can take lead to kick started.

43
The ATM fraud is not the sole problem of banks alone. It is a big threat and it requires a
coordinated and cooperative action on the part of the bank, customers and the law
enforcement machinery. The ATM frauds not only cause financial loss to banks but they
also undermine customers‘ confidence in the use of ATMs. This would deter a greater use
of ATM for monetary transactions. It is therefore in the interest of banks to prevent ATM
frauds. There is thus a need to take precautionary and insurance measures that gives
greater ―protection‖ to the ATMs, particularly those located in less secure areas. The
nature and the extent of measures to be adopted will, however, depend upon the
requirements of the respective banks.

Cyber Crime in India:-

While I have a huge collection of international cyber crimes I thought it may be more
relevant if we discuss Indian Cyber crime case studies. However if any of you is
interested in international case studies please do reach me. I have not arranged the
following section in an order to create flow of thought for the reader. And it is possible
there is a drift from the taxonomy which we have defined in the beginning.

Insulting Images of Warrior Shivaji on Google - Orkut19

An Indian posts ‘insulting images’ of respected warrior-saint Shivaji on Google’s Orkut.

Indian police come knocking at Google’s gilded door demanding the IP address (IP
uniquely identifies every computer in the world) which is the source of this negative
image. Google, India hands over the IP address.

No such incident in India would be complete without a few administrative slip-ups. The
computer with that IP address is using Airtel, India as the ISP to connect to the internet
and Orkut. Airtel gives police the name of an innocent person using a different IP
address. How two IP addresses could be mixed-up in a sensitive police case is anyone’s
guess.

An innocent Indian, Lakshmana Kailash K, is arrested in Bangalore and thrown in jail for
3 weeks. Eventually, his innocence is proved and he is released in Oct, 2007.

44
A number of news media report this incident. American citizen and India lover
Christopher Soghoian (home page http://www.dubfire.net/chris/) studies Informatics at
Indiana University and researches/writes about security, privacy and computer crime.
Christopher does an excellent article on this topic for the blogs at respected tech media
group CNET.

Like all good writers, Christopher Soghoian, gives Google, India a list of questions so
that he can give a balanced perspective to the millions of CNET readers.

How does Google, India respond?

The only comment was: "Google has very high standards for user privacy and a clear
privacy policy, and authorities are required to follow legal process to get information. In
compliance with Indian legal process, we provided Indian law enforcement authorities
with IP address information of an Orkut user."

Not surprisingly, Google is a keen to play this down as Yahoo is being hauled over the
coals by US Congress for handing over an IP addresses and emails to the Chinese
Government which resulted in a Chinese democracy activist being jailed.

Techgoss contacted Christopher and asked him for a list of the questions he had put to
Google.

The following were the questions that Christopher put to Google which were never
answered. Sometimes what you do not say says more about what you have done.

1. Can Google speak at all to the specifics of this incident?

2. If so, can Google confirm if they released ip addresses or any other log information to
the Indian police regarding this incident.

3. If Google did hand over log information, did the Indian police have a warrant/court
order, or did they merely request it?

4. Does Google feel in any way responsible for the man's accidental arrest and jailing?

5. Speaking more generally, without going into the specifics of this incident...Has Google
ever in the past handed over user information (including logs) to Indian law
enforcement/authorities without a court order/search warrant?

45
6. In this case, the crime the man was accused of (defaming a 300 year old historical
figure) does not exist in the US. Will Google conform to the laws of each country it does
business in, or will it defer to American concepts of freedom of speech and the press?

7. Does Google reveal information to other countries for "crimes" that would not
normally be an illegal in the US? For example, the ip addresses of people in Saudi Arabia
and other conservative Muslim countries who search for adult, consensual pornography?

8. Is the log data for Orkut stored in India, or is it stored elsewhere? If the data is not
stored in India, is Google still responsible for giving it to the Indian authorities?

How does it Airtel react to rectify its mistake?

Firstly, with an immediate, unqualified apology. In itself, a positive first step.

Techgoss (techgoss.com) had heard rumors about Airtel also offering monetary
compensation to the person wrongly jailed. But Airtel is being coy about possible
financial compensation. An Airtel spokesperson issued the following statement to
techgoss.com

“Airtel are aware of this incident and deeply distressed by the severe inconvenience
caused to the customer. We are fully cooperating with the authorities to provide all
information in this regard and we are in touch with the customer. We have robust internal
processes, which we review frequently to make them more stringent. We have conducted
a thorough investigation of the matter and will take appropriate action”.

Does this mean the customer will get compensation? It is not clear either way. Let’s wait
and see. It is interesting to see that despite the arrest he is still with Airtel. Now that’s
loyalty to your telecom company.

What is the current Scenario?

Finally he has demanded that he be compensated for the injustice meted out to him! The
illegally accused and detained techie in the Chatrapati Shivaji defamation picture case on

46
Orkut, Lakshmana Kailas K, has slapped a ten page legal notice on Telecom giant Bharti
Airtel, the Principal Secretary (Home) of the state government in Maharashtra, India and
the Assistant Commissioner of Police (Financial & Cyber crime unit) demanding that an
amount of 20 crores be paid as damages.

The software engineer has also sent a copy of the legal notice to the National Human
rights commission. Lakshmana had spent a harrowing 50 days in police custody accused
of a crime he had never committed just because an IP address sought by the police was
wrongly supplied by Bharti Airtel. The legal notice smacks of his anger with the police
and judiciary making a mockery of the rights of an individual and the pitiable conditions
of the Yerwada jail where he was detained with a number of hardened criminals. He is
reported to have been beaten by a lathi and asked to use the same bowl to eat and to use in
the toilet.

Kenneth L. Haywood

Kenneth L. Haywood (born 1964) became involved in a 2008 controversy in the Indian
city of Mumbai after his wireless connection was allegedly used by terrorists to transmit a
message to Indian news networks before their attacks. It was subsequently revealed that
Haywood had been living a double life as an "executive skills trainer" and a Christian
pastor, while the firm that he worked for was a probable front for evangelical religious
activities. Haywood was not charged by Indian authorities in connection with the blasts,
which occurred at Ahmedabad and Surat, in late July 2008.

Financial crimes

Wipro Spectramind lost the telemarketing contract from Capital one due to an organized
crime.The telemarketing executives offered fake discounts, free gifts to the Americans in
order to boost the sales of the Capital one. The internal audit revealed the fact and
surprisingly it was also noted that the superiors of these telemarketers were also involved
in the whole scenario.

Cyber pornography

Some more Indian incidents revolving around cyber pornography include the Air Force
Balbharati School case. In the first case of this kind, the Delhi Police Cyber Crime Cell
registered a case under section 67 of the IT act, 2000. A student of the Air Force

47
Balbharati School, New Delhi, was teased by all his classmates for having a pockmarked
face.

Online gambling

Recent Indian case about cyber lotto was very interesting. A man called Kola Mohan
invented the story of winning the Euro Lottery. He himself created a website and an email
address on the Internet with the address 'eurolottery@usa.net.' Whenever accessed, the
site would name him as the beneficiary of the 12.5 million pound.After confirmation a
telgu newspaper published this as a news. He collected huge sums from the public as well
as from some banks for mobilization of the deposits in foreign currency. However, the
fraud came to light when a cheque discounted by him with the Andhra Bank for Rs 1.73
million bounced. Mohan had pledged with Andhra Bank the copy of a bond certificate
purportedly issued by Midland Bank, Sheffields, London stating that a term deposit of
12.5 million was held in his name.

Intellectual Property crimes

These include software piracy, copyright infringement, trademarks violations, theft of

computer source code etc. In other words this is also referred to as cybersquatting.
Satyam Vs. Siffy is the most widely known case. Bharti Cellular Ltd. filed a case in the
Delhi High Court that some cyber squatters had registered domain names such as
barticellular.com and bhartimobile.com with Network solutions under different fictitious
names. The court directed Network Solutions not to transfer the domain names in
question to any third party and the matter is sub-judice. Similar issues had risen before
various High Courts earlier. Yahoo had sued one Akash Arora for use of the domain
name ‘Yahooindia.Com’ deceptively similar to its ‘Yahoo.com’. As this case was
governed by the Trade Marks Act, 1958, the additional defence taken against Yahoo’s
legal action for the interim order was that the Trade Marks Act was applicable only to
goods.

48
Email spoofing

Recently, a branch of the Global Trust Bank experienced a run on the bank. Numerous
customers decided to withdraw all their money and close their accounts. It was revealed
that someone had sent out spoofed emails to many of the bank’s customers stating that the
bank was in very bad shape financially and could close operations at any time.
Unfortunately this information proved to be true in the next few days.

But the best example of the email spoofing can be given by the Gujarat Ambuja
Executive’s case. Where he pretended to be a girl and cheated the Abu dhabi based NRI
for crores by blackmailing tactics.

Cyber Defamation

India’s first case of cyber defamation was reported when a company’s employee started
sending derogatory, defamatory and obscene e-mails about its Managing Director. The e-
mails were anonymous and frequent, and were sent to many of their business associates to
tarnish the image and goodwill of the company.

The company was able to identify the employee with the help of a private computer
expert and moved the Delhi High Court. The court granted an ad-interim injunction and
restrained the employee from sending, publishing and transmitting e-mails, which are
defamatory or derogatory to the plaintiffs.

Cyber stalking

Ritu Kohli has the dubious distinction of being the first lady to register the cyber stalking
case. A friend of her husband gave her telephonic number in the general chat room. The
general chatting facility is provided by some websites like MIRC and ICQ. Where person
can easily chat without disclosing his true identity. The friend of husband also encouraged
this chatters to speak in slang language to Ms. Kohli.

Unauthorized access to computer systems or networks

49
However, as per Indian law, unauthorized access does occur, if hacking has taken place.
An active hackers’ group, led by one “Dr. Nuker”, who claims to be the founder of
Pakistan Hackerz Club, reportedly hacked the websites of the Indian Parliament,
Ahmedabad Telephone Exchange, Engineering Export Promotion Council, and United
Nations (India).

IPR Theft

Jun 23, 2009 at 0119 hrs IST

The economic offences wing (EOW) of the Pune police on Monday arrested a software
engineer Asma Sandip Thorve (37), a resident of Uday Society in Sahkar Nagar, for
allegedly cheating Brainvisa Technologies to the tune of Rs 46.5 crores, by stealing their
source code. Earlier, the police had arrested software engineer Sameer Ashok Inamdar
(36) of Kondhwa in the same case.

According to the police, Inamdar resigned from Brainvisa Technologies in August 2006.
He allegedly stole the source code and other secret information of Brainvisa Technologies
and started his own company. Owner of Brainvisa Technologies Nitin Hemchandra
Agarwal had lodged a police complaint alleging that the company lost Rs 46.5 crores due
to this.

A team, led by assistant commissioner Pushpa Deshmukh, arrested Thorve, who was
Inamdar’s business partner and allegedly provided him the confidential data of Brainvisa.

Thorve worked as senior manager, business development, for Brainvisa from May 2004
to December 2005 and there on as vice president till December 2008, after which she
joined Inamdar as a partner. Thorve was produced before court on Monday and has been
remanded to police custody till June 26.

Email bombing (DoS)

In one case, a foreigner who had been residing in Simla, India for almost thirty years
wanted to avail of a scheme introduced by the Simla Housing Board to buy land at lower
rates. When he made an application it was rejected on the grounds that the scheme was
available only for citizens of India. He decided to take his revenge. Consequently he sent
thousands of mails to the Simla Housing Board and repeatedly kept sending e-mails till
their servers crashed.

50
Data diddling

The NDMC Electricity Billing Fraud Case that took place in 1996 is a typical example.
The computer network was used for receipt and accounting of electricity bills by the
NDMC, Delhi. Collection of money, computerized accounting, record maintenance and
remittance in he bank were exclusively left to a private contractor who was a computer
professional. He misappropriated huge amount of funds by manipulating data files to
show less receipt and bank remittance.

Internet time theft

This connotes the usage by an unauthorized person of the Internet hours paid for by
another person. In May 2000, the economic offences wing, IPR section crime branch of
Delhi police registered its first case involving theft of Internet hours. In this case, the
accused, Mukesh Gupta an engineer with Nicom System (p) Ltd. was sent to the
residence of the complainant to activate his Internet connection. However, the accused
used Col. Bajwa’s login name and password from various places causing wrongful loss of
100 hours to Col. Bajwa.

Delhi police arrested the accused for theft of Internet time.

On further inquiry in the case, it was found that Krishan Kumar, son of an ex army
officer, working as senior executive in M/s Highpoint Tours & Travels had used Col
Bajwa’s login and passwords as many as 207 times from his residence and twice from his
office. He confessed that Shashi Nagpal, from whom he had purchased a computer, gave
the login and password to him. The police could not believe that time could be stolen.
They were not aware of the concept of time-theft at all. Colonel Bajwa’s report was
rejected. He decided to approach The Times of India, New Delhi. They, in turn carried a
report about the inadequacy of the New Delhi Police in handling cyber crimes. The
Commissioner of Police, Delhi then took the case into his own hands and the police under
his directions raided and arrested Krishan Kumar under sections 379, 411, 34 of IPC and
section 25 of the Indian Telegraph Act. In another case, the Economic Offences Wing of
Delhi Police arrested a computer engineer who got hold of the password of an Internet
user, accessed the computer and stole 107 hours of Internet time from the other person’s
account. He was booked for the crime by a Delhi court during May 2000.

51
SBI arm wins cybersquatting case - Peeyush Agnihotri - Tribune News Service

Chandigarh, August 24

SBI Card and Payment Services Private Limited, the credit card arm of the State Bank of
India (SBI), received a shot in the arm when it won a case of cybersquatting against
Domain Active Pty Limited, an Australian dotcom company.

The judgement, a notification of which was received earlier this week, was delivered by
the administrative tribunal constituted by the World Intellectual Property Organisation
(WIPO), Geneva. Established in 1998, SBI Card and Payment Services Private Limited is
a joint venture between GE Capital Services, the largest issuer of private label credit
cards in the world, and the State Bank of India (SBI), the largest Indian bank. SBI holds
60 per cent stake while GE 40 per cent.

The venture offers a range of credit cards — SBI Classic Card, SBI Gold Card, SBI
International Card, SBI Doctors Card. It also has a number of city affinity cards (SBI
Kolkata Card, SBI Mumbai Card, SBI Delhi Card, SBI Hyderabad Card, SBI Bangalore
Card), commanding sales of over one million.

It all began when Domain Active Pty Limited, an Australian entity, floated a website on
the domain name, www.sbicards.com, and even ‘tricked’ financial big–time entities like
Chase Manhattan into advertising on the site.

The SBI arm, which had already registered the domain name with Fabulous.Com Pty.
Ltd, lodged a complaint on March 16 at the World Intellectual Property Organisation
(WIPO), Geneva.

The WIPO Administrative Panel found that the Australian entity’s website could have
attracted potential attention from the public because of its affiliation with SBI Cards’
products and services. At the same time it created a risk of confusion with the
products/services and trademark as to the source, sponsorship, affiliation or endorsement
of its website.

The panel’s independent verification showed that the current use of the Australian firm’s
website, www.sbicards.com, was practically the same. The panel held that the respondent
(Domain Active Pty Limited) “has registered the disputed domain name in bad faith”.

52
Talking exclusively to The Tribune from New Delhi, Mr Rodney D. Ryder, who
represented SBI Cards, said that it was a clear case of cyber fraud and cybersquatting.
“The judgement has come as big relief. No penalty could, however, be imposed on the
errant firm since at WIPO we have not been able to evolve a consensus on what should be
the proper damage/compensation amount as the cases involve the jurisdiction clause,” he
said.

Credit Card Frauds

Amit Tiwari had many names, bank accounts and clients. None of them were for real.
With a plan that was both ingenious and naïve, the 21-year-old engineering student from
Pune tried to defraud a Mumbai-based credit card processing company, CC Avenue, of
nearly Rs 900,000.He was arrested by the Mumbai Police on August 21, 2003 after nearly
an year of hide and seek with CC Avenue. He's been charged for cheating under Section
420.

CC Avenue verifies and validates credit cards of buyers for over a thousand e-commerce
Web sites. It conducts checks like IP mapping, zip code mapping and reverse lookup of
telephone numbers.Amit Tiwari found a way to bypass them.In May 2002, Col Vikram
Tiwari signed up for CC Avenue's services. In November, he requested the company to
deal with his son, Amit, who offered Web designing services on www.mafiaz.com. CC
Avenue's security team confirmed his credentials through bank signature verification,
driving license and his HDFC Bank debit card. Everything was genuine.Amit processed
several transactions, worth Rs 311,508, via CC Avenue from November 2002 to February
2003. Then the transactions stopped.In April 2003, CC Avenue began receiving charge-
backs from the credit card holders, who denied using mafiaz.com's Web designing
service.Amit had assumed the identities of these 'customers', and purchased mafiaz.com's
services with credit card details that he found on the Net. He was both the buyer and the
seller.Calls to Amit's house in Lucknow went unanswered. Legal notices came back
unclaimed. Amit had disappeared without a trace.

Three-in-one fraudster

In June 2003, Sachin Deshpande and Jeevan Palani signed separate agreements with CC
Avenue to provide Web designing services through their sites www.infocreek.org and
www.ewebsitestarter.com. The company's risk-management team found that both these

53
sites had ripped off content and even the client list from foreign sites with similar names.
The modus operandi was similar to Amit's. Vishwas Patel, the CEO of CC Avenue, spoke
to Sachin over the phone and found that he sounded just like Amit - "young and
immature". They decided to hold back payment.

Then, a person called Shoaib Sharif sought the services of CC Avenue. Vishwas and his
team again spotted a similar pattern. They held back payment on various pretexts. "He
sounded desperate," says Vishwas. So they decided to trap him.

Trapped

CC Avenue's accounts manager asked Shoaib to come to Mumbai to collect a cheque of

Rs 40,000. On August 21, a young man walked into Vishwas's office. He introduced
himself as Shoaib Sharif. Vishwas immediately recognized him as Amit. (He had seen
Amit's photograph from his driver's license). Vishwas then called the Mumbai Police,
who rushed to his office and picked up the lad. At the Santa Cruz police station, the boy
confessed right away.

India's First ATM Card Fraud

The Chennai City Police have busted an international gang involved in cyber crime, with
the arrest of Deepak Prem Manwani (22), who was caught red-handed while breaking into
an ATM in the city in June last, it is reliably learnt.

The dimensions of the city cops' achievement can be gauged from the fact that they have
netted a man who is on the wanted list of the formidable FBI of the United States.

At the time of his detention, he had with him Rs 7.5 lakh knocked off from two ATMs in
T Nagar and Abiramipuram in the city. Prior to that, he had walked away with Rs 50,000
from an ATM in Mumbai.

While investigating Manwani's case, the police stumbled upon a cyber crime involving
scores of persons across the globe.

Manwani is an MBA drop-out from a Pune college and served as a marketing executive
in a Chennai-based firm for some time. Interestingly, his audacious crime career started in
an Internet cafe. While browsing the Net one day, he got attracted to a site which offered

54
him assistance in breaking into the ATMs. His contacts, sitting somewhere in Europe,
were ready to give him credit card numbers of a few American banks for $5 per card. The
site also offered the magnetic codes of those cards, but charged $200 per code.

The operators of the site had devised a fascinating idea to get the personal identification
number (PIN) of the card users. They floated a new site which resembled that of a reputed
telecom company's. That company has millions of subscribers. The fake site offered the
visitors to return $11.75 per head which, the site promoters said, had been collected in
excess by mistake from them.

Believing that it was a genuine offer from the telecom company in question, several lakh
subscribers logged on to the site to get back that little money, but in the process parted
with their PINs.

Armed with all requisite data to hack the bank ATMs, the gang started its systematic
looting. Apparently, Manwani and many others of his ilk entered into a deal with the gang
behind the site and could purchase any amount of data, of course on certain terms, or
simply enter into a deal on a booty-sharing basis.

Meanwhile, Manwani also managed to generate 30 plastic cards that contained necessary
data to enable him to break into ATMS.

He was so enterprising that he was able to sell away a few such cards to his contacts in
Mumbai. The police are on the lookout for those persons too.

On receipt of large-scale complaints from the billed credit card users and banks in the
United States, the FBI started an investigation into the affair and also alerted the CBI in
New Delhi that the international gang had developed some links in India too.

Manwani has since been enlarged on bail after interrogation by the CBI. But the city
police believe that this is the beginning of the end of a major cyber crime.

Work at Home scams Exposed

Cyber Crime Cell of Crime Branch, C.I.D., Mumbai Police have arrested a person by
name Sripathi Guruprasanna Raj, aged 52 yrs who is the Chairman and Managing
Director of Sohonet India Private Ltd., a company based in Chennai. Many complainants
based in Mumbai had complained to the Cyber Crime Investigation Cell, that the said

55
company has duped them each for Rs. 4,000/- and Rs. 6,000/- by promising them with
monthly income of Rs. 15,000/-.

Case of Cyber Extortion

He does not know much about computer hacking, yet 51-year-old cyber criminal Pranab
Mitra has stunned even the cyber crime investigation cell of Mumbai police with his
bizarre fraud on the Net. Mitra, a former executive of Gujarat Ambuja Cement, was
arrested on Monday for posing as a woman and seducing online an Abu Dhabi-based
man, thereby managing to extort Rs 96 lakh from him. Investigating officer, Assistant
Commissioner of Police, J.S. Sodi, said Mitra has been remanded to police custody till
June 24, and has been booked for cheating, impersonation, blackmail and extortion under
sections 420, 465, 467, 471, 474 of the IPC, read with the newly formed Information
Technology Act.

Mitra posed as a woman, Rita Basu, and created a fake e-mail ID through which he
contacted one V.R. Ninawe. According to the FIR, Mitra trapped Ninawe in a ‘‘cyber-
relationship’’ sending emotional messages and indulging in online sex since June
2002.Later, Mitra sent an e-mail that ‘‘she would commit suicide’’ if Ninawe ended the
relationship. He also gave him ‘‘another friend Ruchira Sengupta’s’’ e-mail ID which
was in fact his second bogus address. When Ninawe mailed at the other ID he was
shocked to learn that Mitra had died. Then Mitra began the emotional blackmail by
calling up Abu Dhabi to say that police here were searching for Ninawe. Ninawe
panicked on hearing the news and asked Mitra to arrange for a good advocate for his
defence. Ninawe even deposited a few lakh in the bank as advocate fees. Mitra even sent
e-mails as high court and police officials to extort more money. Ninawe finally came
down to Mumbai to lodge a police case.

ICICI Bank Phishing

Did you know that e-mails, long considered the most convenient form of communication,
can actually spring some nasty surprises for you? Recently, a few ICICI Bank customers
in Mumbai, to their utter dismay, discovered that e-mails can be extremely hazardous, if
not to their health, at least to their security.These ICICI Bank customers received an e-
mail from someone who posed as an official of the bank and asked for sensitive
information like the account holder's Internet login name and password and directed them

56
to a Web page that resembled the bank's official site.When some customers wrote in to
find out what the e-mail was about, the bank officials registered a complaint with the
police.

New as it may be in India, it is actually a popular banking scam, a warning against which
had been issued by many international banks including Barclays and Citibank. rediff.com
presents a guide that will help readers understand what the scam is about and how they
can stay clear of it.

What happened in the case of the e-mail scam involving ICICI Bank? A few customers of
ICICI Bank received an e-mail asking for their Internet login name and password to their
account. The e-mail seemed so genuine that some users even clicked on the URL given in
the mail to a Web page that very closely resembled the official site.The scam was finally
discovered when an assistant manager of ICICI Bank's information security cell received
e-mails forwarded by the bank's customers seeking to crosscheck the validity of the e-
mails with the bank. Such a scam is known as 'phishing.'

Cyber Lotto an Effective Tool of Frauds

"It is a classic case of cyber crime, the first of its kind in Andhra Pradesh," was how
Vijayawada Police Commissioner Sudeep Lakhtakia summed up the case of cheating and
fraud registered against Kola Venkata Krishna Mohan, the self-styled winner of the multi-
million dollar Euro lottery. Mohan admitted that he did not win the 12.5 million pound
Euro lottery in November 1998, as he had claimed, but merely played fraud to make good
his losses in gambling. "With the help of computers, the accused took the people for a
ride," the Vijayawada police commissioner pointed out. Mohan, using the Internet and
forged documents, allegedly cheated banks and several persons to the tune of 60 million
rupees.

Kola Mohan was arrested by the Vijayawada city police on Monday in connection with
cases of fraud and forgery registered against him. He was remanded to judicial custody
till December 13 by Fifth Metropolitan Magistrate K B Narsimhulu. He was shifted to the

57
district jail at Gandhinagar in Vijayawada. Mohan was accused of cheating the Andhra
Bank to the tune of Rs 1.73 million.

By perpetrating the multi-million rupee fraud, Mohan has achieved the dubious
distinction of allegedly committing the first and biggest cyber crime in Andhra. The state,
incidentally is making rapid strides in information technology, thanks to the initiative of
cyber-savvy Chief Minister N Chandrababu Naidu.

A compulsive gambler who played cards regularly at high stakes in various clubs in the
coastal city, Mohan told newsmen at the police commissioner's office at Vijayawada on
Monday that he had lost as much as Rs 30 million in 1998 when a gambling syndicate led
by a real estate dealer and a restaurant-owner cheated him.

"I was on the look-out to make good the losses by hook or crook. During a visit to
London, I learnt about the Euro lottery. I staked some money on it in vain. Then, I
invented the story that I won the lottery. I created a website and an email address on the
Internet with the address 'eurolottery@usa.net.' Whenever accessed, the site would name
me as the beneficiary of the 12.5 million pound (that is, $ 19.8 million or Rs 840 million)
Euro-lottery," Kola Mohan recalled.

A Telugu newspaper in Hyderabad received an email that a Telugu had won the Euro
lottery. The website address was given for verification. The newspaper sent the query and
got the "confirmation" since Kola Mohan had himself created and manipulated the
website

Collective Scam in Call Center

The telemarketing project for an American credit-card company was just coming to an
end in January when an internal audit at the Wipro Spectra mind call center in Navi
Mumbai, India, discovered something very alarming: an organized ring of about 60 call-
center agents had been systematically scamming U.S. consumers for two months.
Supervisors had told the agents to spice up their sales pitch for the client, Capital One
Financial Services, by making false claims about free gifts and membership fees,
according to press reports. The scam even bypassed Wipro’s sophisticated call-
monitoring system.

58
Reliance made to pay the Consumer

After conducting its own audit, Capital One, located in McLean, Virginia, rescinded the
contract with Wipro in March. But its misadventure--and other recent departures from
India by U.S. clients--has confirmed many doubts and concerns about the booming
business of outsourcing call centers, and also is serving as a catalyst for human resources
to develop more effective approaches to managing offshore workers. Experts and
consultants believe that companies can meet the challenges and save millions of dollars
by improving training and implementing tighter oversight of offshore call agents. Some
U.S. companies have even installed their own teams at offshore call centers. "Capital One
represents some of the challenges of outsourcing

Pune BPO-Scam

Pune BPO scam was claimed to be the first scam in India. In April 2005, five employees
of MsourcE in Pune were arrested for allegedly pulling off a fraud worth nearly $425,000
from the Citibank accounts of four New York-based account holders.

Gurgaon BPO Scam

In June 2005, the tabloid Sun , in a sting operation, purchased the bank account details of
1,000 Britons for about 5.50 dollars companyInfinity E- Search

Bangalore BPO Scam

In June 2006, Nadeem Kashmiri sold the customer credit card information to a group of
scamsters who used the information to siphon off nearly £233,000 or roughly Rs. 1.8
crore from bank accounts of UK-based customers.Data theft makes IT firm quit India

Published on Fri, Oct 13, 2006 at 11:48, New Delhi: After registering a case against an
employee who had allegedly stolen data, the Gurgaon-based IT firm Acme Telepower
Management waited for something to happen. A week later they have decided to stop
operating out of India and move to Australia. It seems like this is the beginning of a
domino effect, even as India's antiquated police force tries to deal with new age crime like
data theft. Acme Telepower is claiming a national loss of Rs 750 crore. They are saying
it's all because an ex-employee named Sachidanand Patnaik who allegedly stole research
and handed it over to his new employer - a competitor in the power industry solutions
space. On Thursday, the board of Acme met after a Gurgaon Sessions court granted bail

59
to Patnaik and decided it was time to pack their bags. "We are disappointed in the system.
Patents and research are not protected, so we are not sure if the law will be able to protect
us,” GM Marketing, Acme, Sandeep Kashyap said. Acme employs around 1,100 people,
who will be affected by the firm’s move to Australia that will happen over the next eight
months. Most of the 70 people in the Research and Development section will be the first
to move. For the rest, the future is unclear. According to Acme, only a small
manufacturing operation will remain in India, but they say they will take care of their
employees and that their reason for leaving is simple. "The fact that the main accused has
got bail and the others got a clean chit has disappointed us completely,” Kashyap said.
However, the lawyer for Sachidanand Patnaik says they are giving up too soon and that
this trend could have dangerous repercussions. "If the reason they are leaving India is
because the main accused has got bail, then it is contempt of court,” Patnaik's lawyer,
Vakul Sharma said. When people lost faith in the system in the past, there was little they
could, outside of rallying against everything wrong with the world. However, today
people have a choice. They can simply move on. But the question remains - will the
system respond?

Government and Defense sites Attacked and used 14 May, 2008

Though

the commercial sectors are the sectors having maximum (85 per cent of total

defacement in commercial sector) incidents of defacement of government sites,

which usually have critical information pertaining to security of the country,

are on continuous rise. Recently, Defense

Research and development Organisation (DRDO) site was used to distribute

malware.The

incidents of defacing government sites are increasing by leaps and bounds. In

2005 only, 25 government sites were defaced and the number was increased to 70

in 2006. In February 2006, websites of

60
Government of Punjab were targeted. All the

websites of Government of Rajasthan were hosted on the same server and in

November 2006, all the sites were defaced at very short intervals of one to two

days. Every year, there is an increase in the total number of website

defaced in India.

In 2005 only, 373 deface were reported, which had gone to 1226 in the year

2006.

Similar instances

After Pokhran II test on May 11 – May 13, 1998, a group of hackers called ’Milworm’
broke into Bhabha Atomic Research Centre (BARC) site and posted anti Indian and anti-
nuclear messages

In 1999, website of Indian Science

Congress Association was defaced and the hacker posted provocative comments about
Kashmir

Cyber Crime Convictions & Judgments21

Case 1: First

Conviction in India

A complaint was filed in by Sony India Private Ltd, which runs a website calledsony-
sambandh.com, targeting Non Resident Indians. The website enables NRIs tosend Sony
products to their friends and relatives in India after they pay for it online.The company
undertakes to deliver the products to the concerned recipients. InMay 2002,someone
logged onto the website under the identity of Barbara Campaand ordered a Sony Colour
Television set and a cordless head phone.A lady gaveher credit card number for payment
and requested that the products be deliveredto Arif Azim in Noida. The payment was duly
cleared by the credit card agencyand the transaction processed. After following the
relevant procedures of duediligence and checking, the company delivered the items to
Arif Azim.

61
At the time of delivery, the company took digital photographs showing thedelivery being
accepted by Arif Azim.The transaction closed at that, but after one and a half months the
credit cardagency informed the company that this was an unauthorized transaction as
thereal owner had denied having made the purchase.The company lodged a complaint for
online cheating at the Central Bureau of Investigation which registered a case under
Section 418, 419 and 420 of the

Indian Penal Code.

The matter was investigated into and Arif Azim was arrested. Investigationsrevealed that
Arif Azim, while working at a call centre in Noida gained accessto the credit card number
of an American national which he misused on the company’s site.

The CBI recovered the colour television and the cordless head phone.The accused
admitted his guilt and the court of Shri Gulshan Kumar MetropolitanMagistrate, New
Delhi, convicted Arif Azim under Section 418, 419 and 420 ofthe Indianpenal Code —
this being the first time that a cyber crime has been convicted.

The court, however, felt that as the accused was a young boy of 24 years and afirst-t ime
convict, a lenient view needed to be taken. The court thereforereleased the accused on
probation for one year.

Case-2: First juvenile accused in a cyber crime case.

In April 2001 a person from New Delhi complained to the crime branch regarding
thewebsite. Amazing.com, he claimed, carried vulgar remarks about his daughter anda
few of her classmates. During the inquiry, print-outs of the site were taken and
proceedings initiated.

After investigation a student of Class 11 and classmate of the girl was arrested. The
juvenile board in Nov 2003 refused to discharge the boy accused of creating a website
with vulgar remarks about his classmate.The accused’s advocate had sought that his client
be discharged on the groundthat he was not in a stable state of mind. Seeking discharge,
the advocatefurther said that the trial has been pending for about two years.

62
While rejecting the accused’s application, metropolitan magistrate SantoshSnehi Mann
said: ‘The mental condition under which the juvenile came into conflict with the law shall
be taken into consideration during thefinalorder.’ Mann, however, dropped the sections of
Indecent Representation of Women(Prohibition) Act.The accused would face trial under
the Information Technology Act and for intending to outrage the modesty of a woman.
She held the inquiry could not be closed on technical ground, especially when the
allegations were not denied by the accused.

Case 3: First case convicted under Information Technology Act 2000 of India.

The case related to posting of obscene, defamatory and annoying message about
adivorcee woman in the yahoo message group. E-Mails were also forwarded tothe victim
for information by the accused through a false e-mail account opened by him in the name
of the victim. The posting of the message resulted in annoying phone calls to the lady in
the belief that she was soliciting. Based on a complaint made by the victim in February
2004, the Police traced the accused to Mumbai and arrested him within the next few
days. The accused was a known family friend of the victim and was reportedlyinterested
in marrying her. She however married another person.This marriage later ended in
divorce and the accused started contacting her once again. On her reluctance to marry
him, the accused took up the harassment through the Internet.

On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000, 469 and 509 IPC

before The Hon’ble Addl. CMM Egmore by citing 18 witnesses and 34 documents and
material objects. The same was taken on file in C.C.NO.4680/2004. On the prosecution
side 12 witnesses were examined and entire documents were marked. The Defence
argued that the offending mails would have been given either by ex-husband of the
complainant or the complainant her self to implicate the accused as accused alleged to
have turned down the request of the complainant to marry her. Further the Defence
counsel argued that some of the documentary evidence was not sustainable under Section
65 B of the Indian Evidence Act. However, the court based on the expert witness of
Naavi and other evidence produced including the witness of the Cyber Cafe owners came
to the onclusion that the crime was conclusively proved.

63
The court has also held that because of the meticulous investigation carried on by the IO,
the origination of the obscene message wastraced out and the real culprit has been
brought before the court of law. In this case Sri S. Kothandaraman, Special Public
Prosecutor appointed by the

Government conducted the case.

Honourable Sri.Arulraj, Additional Chief Metropolitan Magistrate, Egmore,delivered the

judgement on 5-11-04 as follows:

“The accused is found guilty of offences under section 469, 509 IPC and 67 ofIT Act
2000 and the accused is convicted and is sentenced for the offence toundergo RI for 2
years under 469 IPC and to pay fine of Rs.500/-and for theoffence u/s 509 IPC sentenced
to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence
u/s 67 of IT Act 2000 to undergo RIfor 2 years and to pay fine of Rs.4000/- All
sentences to run concurrently.”

Case 4: Father & son convicted under IT act in Kerala.

The Additional District and Sessions Court here has upheld a lower court’sverdict in the
first cyber case filed in the State sentencing a Pentecostal Church priest and his son to
rigorous prisonment in 2006.

Disposing of the appeal filed by the priest T.S. Balan and his son, AneeshBalan, against
the order of the Chief Judicial Magistrate, on Wednesday,

Additional District Judge T.U. Mathewkutty said it was time the government toeffective
measures to check the growing trend of cyber crimes in the State.The court upheld the
magistrate’s order sentencing the two to three-year rigorous imprisonment and imposing a
fine of Rs. 25,000 under Section 67 of the information technology (IT) Act; awarding six

64
months rigorous imprisonment under Section 120(B) of the Indian Penal Code; and
ordering one year rigorous imprisonment and imposing a fine of Rs. 10,000 under Section
469 of the code.The court revoked the sentence under Section 66 of the IT Act. The cyber
case dates back to January-February 2002 and the priest and his son became the first to be
convicted of committing a cyber crime.

The two were found guilty of morphing, web-hosting and e-mailing nude pictures of
Pastor Abraham and his family.

Balan had worked with the pastor until he fell out with him and was shown thedoor by the
latter.Balan joined the Sharon Pentecostal Church

later.The prosecution said the duo had morphed photographs of Abraham, his son,Valsan
Abraham, and daughter, Starla Luke, and e-mailed them from fake mail IDs with
captions.

The morphed pictures were put on the web and the accused, who edited a local magazine
called The Defender, wrote about these photos in his publication. Valsan received the
pictures on the Internet and asked his father to file a complaint to the police. A police
party raided the house of Balan and his son at Perumbavoor and collected evidences.The
magistrate’s verdict came after a four-year trial, for which the court had to procure a
computer with Internet connection and accessories.The police had to secure the services
of a computer analyst too to piecetogether the evidences. Twenty-nine witnesses,
including the Internet service provider and Bharat Sanchar Nigam Ltd., had to depose
before the court.

Case 5: Well-known orthopedist in Chennai got life.

Dr. L Prakash stood convicted of manipulating his patients in various ways,forcing them
to commit sex acts on camera and posting the pictures and videos on the Internet. The 50-
year-old doctor landed in the police net in December 2001 when a young man who had
acted in one of his porn films lodged a complaint with the police.Apparently the doctor
had promised the young man that the movie would be circulated only in select circles
abroad and had the shock of his life when he saw himself in a porn video posted on the
web Subsequent police investigations opened up a Pandora's box. Prakash and his
younger brother, settled in the US had piled up close to one lakh shots and video footages,
some real and many morphed.

65
They reportedly minted huge money in the porn business, it was stated.Fast track court
judge R Radha, who convicted all the four in Feb 2008 , alsoimposed a fine of Rs 1.27
lakh on Prakash, the main accused in the case, and Rs 2,500 each on his three associates -
Saravanan, Vijayan and Asir Gunasingh.The Judge while awarding life term to Prakash
observed that considering the gravity of the offences committed by the main accused,
maximum punishment under the Immoral Trafficking Act (life imprisonment) should be
given to him and no leniency should be shown.

The Judge sentenced Prakash under the Immoral Trafficking Act, IPC, Arms Act and
Indecent Representation of Women (Prevention) Act among others.

Case 6:Juvenile found guilty for sending threatening email.

A 16 year old student from Ahmadabad who threatened to blow up Andheri Railway
station in an email message was found guilty by the Juvenile court in Mumbai. A private
news channel received an email on 18 March 2008 claiming sender as Dawood Ibrahim
gang saying a bomb would be planted on an unspecified train to blow it up. The case was
registered in Andheri Police station under section 506 of IPC and transferred to cyber
crime investigation cell. During Investigation CCIC traced the cyber cafe from which the
email account was created and threatening email

was sent.

Cafe owner told police about friends which had come that day to surf the net.Police
Summoned them and found that the system which was used to send emai was accessed by
only one customer. On 22nd March 08, police arrested the boy a Class XII science
student who during interrogation said that he sent the email for fun of having his prank
flashed as “breaking news’’ on television.

CASE STUDY

INDIA'S FIRST ATM CARD FRAUD

The Chennai City Police have busted an international gang involved in cyber crime, with
the arrest of Deepak Prem Manwani (22), who was caught red-handed while breaking into
an ATM in the city in June

66
last, it is reliably learnt. The dimensions of the city cops' achievement can be g a u g e d
f r o m the fact t h a t t h e y h a v e n e t t e d a ma n who is on the wa n t e d list of
the formidable FBI of the United States. At the time of his detention, he had with him
Rs 7.5 lakh knocked off from two ATMs in T Nagar and Abiramipuram in the city. Prior
to that, he had walked away with Rs 50,000 from an ATM in Mumbai.

While investigating Manwani's case, the police stumbled upon a cyber crime involving
scores of persons across the globe.

Manwani is an MBA drop-out from a Pune college and served as a marketing executive
in a Chennai-based firm for some time.

Interestingly, his audacious crime career started in an Internet cafe. While browsing the
Net one day, he got attracted to a site which offered him assistance in breaking into the
ATMs. His contacts, sitting somewhere in Europe, were ready to give him credit card
numbers of a few American banks for $5 per card. The site also offered the magnetic
codes of those cards, but c h a r g e d $200 p e r c o d e . The operators of the site had
devised a fascinating idea to get the personal identification number (PIN) of the card
users. They floated a new site which resembled that of a reputed telecom companies.

That company has millions of subscribers. The fake site offered the visitors to
return$11.75 per head which, the site promoters said, had been collected in excess by
mistake from them. Believing that it was a genuine offer from the telecom company in
quest subscribers logged on to the site to get back that little money, but in the process
parted with their PINs.

Armed with all requisite data to hack the bank ATMs, the gang started its systematic
looting . Apparently, Manwani and many others of his ilkentered into a deal with the
gang behind the
site and could purchase any amount of data, of course on certain terms, or simply enter
into a deal on a booty-sharing basis.

Meanwhile, Manwani also managed to generate 30 plastic cards that contained necessary
data to enable him to break into ATMS.

He was so enterprising that he was able to sell away a few such cards to his contacts in
Mumbai. The police are on the lookout for those persons too.

67
On receipt of large-scale complaints from the billed credit card users and banks in the
United States, the FBI started an investigation into the affair and also alerted the CBI in
New Delhi that the international gang had developed some links in India too.

Manwani has since been enlarged on bail after interrogation by the CBI. But the city
police believe that this is the beginning of the end of a major cyber crimeion, several lakh.

Cyber Attacks on India(2018)

Out of the top 10 most targeted countries by cyber attackers, India ranks fourth and
cybersecurity defenders are facing a lot of threats from these cyber criminals. cyber
attacks is an illegal activity and is continuously increasing in India for financial loot.

Cyber Attack is an attempt to destroy or infect computer networks in order to extract or

extort money or for other malicious intentions such as procuring necessary information.

cyber attacks alter computer code, data or logic via malicious code resulting in
troublesome consequences which can compromise the information or data of the
organizations to make it available to cybercriminals. Cyber attacks consist of various
attacks which are hacking, D.O.S, Virus Dissemination, Credit Card Fraud, Phishing or
Cyber Stalking

Major and Minor Cyber Attacks in India 2018

SIM Swap Fraud

In August 2018, two men from Navi Mumbai were arrested for cybercrime. They were
involved in fraudulent activities concerning money transfers from the bank accounts of
numerous individuals by getting their SIM card information through illegal means.

68
url: https://www.testbytes.net/wp-content/uploads/2018/08/8.png

These fraudsters were getting the details of people and were later blocking their SIM
Cards with the help of fake documents post which they were carrying out transactions
through online banking.

They were accused of transferring 4 crore Indian Rupees effectively from various
accounts. They even dared to hack the accounts of a couple of companies.

Prevention: The information required for such a scheme is gathered via various public
domains and is misused later. Sharing personal information with unknown applications
and domains can help in minimizing the risk of having your personal information
reaching people with malicious content.
Fraudsters use the victim’s information in various scams and trick them into fraudulent
activities. It is advisable therefore that the site where n individual is entering his banking
or other details should be verified for authenticity, as scammer uses the fake site to get the
information directly from prospective victims

69
Cyber Attack on Cosmos Bank
 A daring cyber attacks was carried in August 2018 on Cosmos Bank’s Pune branch
which saw nearly 94 Crores rupees being siphoned off.
Hackers wiped out money and transferred it to a Hong Kong situated bank by hacking the
server of Cosmos Bank. A case was filed by Cosmos bank with Pune cyber cell for the
cyber attack. Hackers hacked into the ATM server of the bank and stole details of many
visa and rupee debit cards owners.

The attack was not on centralized banking solution of Cosmos bank. The balances and
total accounts statistics remained unchanged and there was no effect on the bank account
of holders. The switching system which acts as an interacting module between the
payment gateways and the bank’s centralized banking solution was attacked.

Url: https://www.testbytes.net/wp-content/uploads/2018/08/Master.jpg

The Malware attack on the switching system raised numerous wrong messages
confirming various demands of payment of visa and rupee debit card internationally. The
total transactions were 14,000 in numbers with over 450 cards across 28 countries.

On the national level, it has been done through 400 cards and the transactions involved
were 2,800. This was the first malware attack in India against the switching system which
broke the communication between the payment gateway and the bank.

Prevention: Hardening of the security systems by limiting its functions and performance
only to authorized people can be the way forward.
Any unauthorized access to the network should immediately set an alarm to block all the
access to the bank’s network. Also, to minimize risk, enabling a two-factor authentication
might help.

Through testing, potential vulnerabilities can be fished out and can make the entire digital
part of the banking system safe.

ATM System Hacked in Kolkata

70
In July 2018 fraudsters hacked into Canara bank ATM servers and wiped off almost 20
lakh rupees from different bank accounts. The number of victims was over 50 and it was
believed that they were holding the account details of more than 300 ATM users across
India.

The hackers used skimming devices on ATMs to steal the information of debit card
holders and made a minimum transaction of INR 10,000 and the maximum of INR 40,000
per account.

On 5 August 2018, two men were arrested in New Delhi who was working with an
international gang that uses skimming activities to extract the details of bank account.

Prevention: Enhancement of the security features in ATM and ATM monitoring systems
can prevent any misuse of data.
Another way to prevent the fraudulent activity is to minimize the risk of skimming by
using lockbox services to receive and transfer money safely.

This uses an encrypted code which is safer than any other payments.

Websites Hacked: Over 22,000 websites were hacked between the months of April 2017
and January 2018. As per the information presented by the Indian Computer Emergency
Response Team, over 493 websites were affected by malware propagation including 114
websites run by the government. The attacks were intended to gather information about
the services and details of the users in their network.
Prevention: Using a more secure firewall for network and server which can block any
unauthorized access from outside the network is perhaps the best idea.
Personal information of individuals is critical for users and cannot be allowed to be taped
into by criminals. Thus, monitoring and introducing a proper network including a firewall
and security system may help in minimizing the risk of getting hacked.

Security Testing and its Significance

Hackers and criminals are getting smarter every day. Counter measure is to predict their
attack and block it in the most effective way possible before any unfortunate events

In Testing, mostly 4 major types of testing ate performed

 Network security

 System software security

71
  Client-side application security

 Server-side application security

Judicial Reformations

In India cyber crime cases are registered under three broad categories they are
Information technology act, Indian penal code, and other State Level Legislations (SLL).
The following are the cases registered under IT Act7.

•Tampering of electronic documents – sec. 65 of IT Act

•Loss or damage to computer utility or resource – sec 66(1)

•Hacking – sec. 66(2)

•Electronic obscenity – sec. 67

•Failures of order of certifying authority – sec. 685

•Unauthorized access to computer system – sec. 70

•Misrepresentation – sec. 71

•Fake digital signature publishing – sec. 73

•Fake digital signature – sec. 74

•Privacy/confidentiality breach – sec. 72

•And many other crimes8.

Regulation by the Government for Handling Cybercrime Cases

The Ministry of Home Affairs advised the state governments and union territories to
handle cyber crime cases by building cyber crime cells equipped with technical
infrastructure. Cyber crime police stations, trained cyber crime experts for detecting the
crimes, filling the cases, Investigation and prosecution of cyber crime cases. Government

72
has implemented a plan for developing cyber forensic tools and setting up cyber forensics
labs. CERT-In (Indian Computer Emergency Response Team) and also CDAC (Centre
for Development of Advanced Computing) giving advanced training for the law
enforcement agencies, cyber forensics labs and also Judiciary officer on collecting the
evidences, analysis and preservation and finally presenting the collected the evidences in
court.

GENERAL TIPS ON AVOIDING POSSIBLE INTERNET FRAUD

SCHEMES

1. Don’t Judge by Initial Appearances

It may seem obvious, but consumers need to remember that just because something
appears on the Internet- no matter how impressive or professional the Web site looks -
doesn‘t mean it's true. The ready availability of software that allows anyone, at minimal
cost, to set up a professional-looking Web site means that criminals can make their Web
sites look as impressive as those of legitimate e-commerce merchants.

1. Be Careful About Giving Out Valuable Personal Data Online

If you see e-mail messages from someone you don't know that ask you for personal data
-such as your Social Security number, credit-card number, or password - don't just send
the data without knowing more about who's asking. Criminals have been known to send
messages in which they pretend to be (for example) a systems administrator or Internet
service provider representative in order to persuade people online that they should
disclose valuable personal data.

2. Be Especially Careful About Online Communications with Someone Who Conceals

His True Identity

If someone sends you an e-mail in which he refuses to disclose his full identity, or uses an
e-mail header that has no useful identifying data (e.g., "W6T7S8@provider.com"), that
may be an indication that the person doesn't want to leave any information that could
allow you to contact them later if you have a dispute over undelivered goods for which

73
you paid. As a result, you should be highly wary about relying on advice that such people
give you if they are trying to persuade you to entrust your money to them.

3. Watch Out for "Advance-Fee" Demands

In general, you need to look carefully at any online seller of goods or services who wants
you to send checks or money orders immediately to a post office box; before you receive
the goods or services you've been promised. Legitimate startup "dot.com" companies, of
course, may not have the brand - name recognition of long - established companies ,
and still be fully capable of delivering what you need at a fair price. Even so, using the
Internet to research online companies that aren't known to you is a reasonable step to take
before you decide to entrust a significant amount of money to such companies.

2. SUGGESTIONS ON CYBER MONEY LAUNDERING

Because of the nature of Cyber money laundering, no country can effectively deal with it
in isolation. Cyber money laundering has to be dealt with at organizational [Bank or
Financial Institution], national.

AT ORGANIZATIONAL [BANK] LEVEL

The banking and other financial organisations can reduce the quantum of money
laundering by following the guidelines issued by central banks of respective
countries in letter and spirit. The old principle of ‗Knowing the customer‘ well will help a
great deal.

FINDINGS

74
 Cyber incidents are multiplying at an alarming pace and they are increasingly
becoming more complex causing multiple disruptions in businesses and
economies.
 Day by day the cyber attacks are increasing.
 There are different techniques which of cyber through which a cyber attacker can
use to harm any person.
 Most of the cases where of stealing money and attacks.

CONCLUSION

75
As we know day by day the cyber attacks are increasing the cyber attacks are perform for
mostly to harm or stole the secure data of Government, Organization, etc. Some cyber
attacker does the attacks only for the fun purpose.

Cyber security is among the top challenges being faced by many organizations in the
country; coupled with the digital transformation journey, which several companies are
either undergoing or plan to undergo. As businesses expose themselves to evolving
technology and digital ecosystems, they need to ensure that the risk exposure due to cyber
is managed.

Cyber attacks in the current era have become more specialized and concentrated in nature,
targeting specific organizations and individuals. With the attack pattern becoming more
directed, the impact due to incidents have made alarming damages spanning financial
losses, disruption of operational services, erosion of shareholder value and trust. There is
a need to understand this threat comprehensively, given the threat is constantly evolving,
and create an effective cyber resilient environment to withstand these testing times.

It is seen that with an increased trend of attacks, top management of organizations are
now beginning to understand the need for cyber intelligence, cyber resilience, and
measures to decrease the impact from cyber attacks.

LIMITATION OF STUDY

76
 The main limitation is the time frame.
 The content collected for the report was hard to judge because of acts which make
me to go through more in depth.

BIBLIOGRAPHY

77
 https://telecom.economictimes.indiatimes.com/news/india-saw-457-rise-in-
cybercrime-in-five-years-study/67455224
 https://www.paytel.com/faq/the-theft-of-telecommunications-service-is-a-crime/
 https://economictimes.indiatimes.com/industry/banking/finance/banking/2019-
may-finally-put-an-end-to-indias-banking-woes/articleshow/67342863.cms
 https://www.thesslstore.com/blog/2018-cybercrime-statistics/
 http://it.slashdot.org/article.pl?sid=07/09/19/036203
 http://www.dnaindia.com/money/report_antivirus-war-hots-up-withmonthly-
plans_1198789
 http://www.isc2.org/PressReleaseDetails.aspx?id=3238
 The 2009 “Tour of Cyber Crimes” by Joe St Sauver, Ph.D. (joe@uoregon.edu),
http://www.uoregon.edu/~joe/cybercrime2009/
 http://www.newworldencyclopedia.org/entry/Cybercrime#Credits
 http://www.newworldencyclopedia.org/entry/Cybercrime#Credits

 http://www.cbintel.com/AuctionFraudReport.pdf
 http://searchcrm.techtarget.com/sDefinition/0,,sid11_gci1000478,00.html
 http://www.state.gov/www/regions/africa/naffpub.pdf
 http://ezinearticles.com/?Reshipping-Fraud---A-Home-Business-Con&id=582426
 http://www.paid-survey-success.com/online-scams-high-yield-investment-
programs-hyip/
 http://www.consumerfraudreporting.org/Education_Degree_Scams.php
 http://www.healthwatcher.net/dietfraud.com/Dietcraze/scams_belldietpatch.html
 http://reviews.ebay.com/BEWARE-COUNTERFEIT-ITEMS-BEING-SOLD-AS-
AUTHENTIC_W0QQugidZ10000000004551474
 http://www.smokersclubinc.com/modules.php?
name=News&file=article&sid=2373
 http://www.theregister.co.uk/2002/03/28/online_gambling_tops_internet_ca
 https://www.testbytes.net/blog/cyber-attacks-on-india-2018/

78