Professional Documents
Culture Documents
Supriya Maurya Tybbi Black Book Project
Supriya Maurya Tybbi Black Book Project
INDEX
1. INTRODUCTION 3
1.1 Financial fraud crimes 3
1.8 Meaning 6
2.3 Limitations 29
5.1 Conclusion 53
5.2 Suggestions 54
6. APPENDIX 55
services or other groups to map potential security holes in critical systems. A cyberterrorist is
someone
who threatens or blackmails a government or an organisation into advancing his or her
political or social goals by launching a computer-based attack against computers, networks,
or the data stored on them.
In general, cyberterrorism is defined as a terrorist act committed through the use of
cyberspace or computer resources. As a result, a simple Internet propaganda piece claiming
that bombs will be detonated during the holidays can be considered cyberterrorism.
There are also hacking activities directed at individuals, families, and organised by groups
within networks, with the goal of trying to instill fear in people, demonstrating power,
gathering information relevant to ruining people's lives, robberies, blackmailing.
1.3 CYBER EXTORTION
When a website, e-mail server, or computer system is subjected to or threatened with
repeated denial of service or other attacks by malicious hackers, cyber extortion occurs.
These hackers demand money in exchange for promising to halt the attacks and provide
"protection."
According to the Federal Bureau of Investigation, cybercriminal extortionists are increasingly
targeting corporate websites and networks, crippling their ability to operate and demanding
payment to restore service.
More than 20 cases are reported to the FBI each month, with many going unreported in order
to keep the victim's name out of the public eye.
The most common method used by perpetrators is a distributed denial-of-service attack.
However, other forms of cyber extortion exist, such as doxing extortion and bug poaching.
Ransomware is a type of cyber extortion in which malware is used to restrict file access,
sometimes threatening permanent data removal if a ransom is not paid.
According to the Kaspersky Lab 2016 Security Bulletin report, a business is attacked by
Ransomware every 40 minutes and will be attacked every 11 minutes in 2021.
With ransomware continuing to be one of the world's fastest growing cybercrimes, global
ransomware damage is expected to cost up to $20 billion by 2021.
1.4 CYBER WARFARE
The US Department of Defense notes that cyberspace has emerged as a national-level
concern as a result of several recent regional and global events. Among them is an alleged
Russian hacker attack on Estonia's infrastructure in 2007.
In August 2008, Russia allegedly carried out cyber-attacks against Georgia, this time in a
coordinated and synced kinetic and non-kinetic campaign.
Fearing that such attacks will become the norm in future warfare among nation-states, the
concept of cyberspace operations has an impact on and will be adapted by warfighting
military commanders in the future.
attribution fraud, and (3) ad-fraud services. Attribution fraud attempts to impersonate the
actions of genuine users (clicks, activities, conversations, etc.).
This category includes a variety of ad-fraud techniques, such as hijacked devices and the use
of infected users (via malware) as part of a botnet to participate in ad fraud campaigns; click
farms (companies where low-wage employees are paid to click or engage in conversations
and affiliates' offers); incentivized browsing; video placement abuse (delivered in display
banner slots); hidden ads (that will never be viewed by real users); domain spoofing ( (user is
forced to click on the ad).
All online infrastructure and hosting services that may be needed to commit identity or
attribution fraud are referred to as ad fraud services.
Services may include the creation of spam websites (fake networks of websites created to
provide artificial backlinks); link building services; hosting services; and the creation of fake
and scam pages impersonating a famous brand and used as part of an ad fraud campaign.
A successful ad-fraud campaign uses a sophisticated combination of these three types of ad-
fraud: sending fake traffic through bots using fake social accounts and falsified cookies; bots
will click on ads available on a scam page impersonating a well-known brand.
1.8 MEANING
Managing an account segment in many countries of the world was simple and reliable until
the mid-1990s; nevertheless, with the advent of innovation, the keeping money division has
seen a shift of perspective in the wonder.
Banks proposed various steps via which trades should be possible without much effort in
order to expand their client base.
These developments enabled clients to access their bank funds 24 hours a day, 7 days a
week, 365 days a year via ATMs and web-based account management systems.
Money-laundering cases have risen in tandem with the rate of innovation. Cyber hackers use
a variety of methods to steal bank information and cash.
Banks have employed a variety of specific ways to protect themselves against these crimes,
but the problem persists. Identifying the variables by banks and the issue of digital wrong
doings is one of the strategies for reducing the issue of digital wrong doings in the keeping
money segment.
Different online attacks, including as phishing, keystroke logging malware, wholesale fraud,
and others, have an impact on banks, which are the most common targets of digital wrong
doings.
1.9 CYBER CRIME IN BANKING SECTOR
A contravention involving a place of misconduct, a target, an instrument, a source, a
computer, and a network as a medium is known as digital wrong doing. These alleged crimes
have migrated to a more evolved world as a result of greater digital-based business
transactions.
These kind of cyber-assaults are on the rise all across the world, and India has seen a
significant increase in incidences of digital piracy in recent years. According to a Juniper
Exploration study from 2016, global cybercrime costs could reach 2.1 trillion dollars by
2019.
Digital crimes can be classified in a variety of ways including, digital harassment,
programmed robbery, retail fraud, spam email, online robbery.
The online crimes can be classified as:
Phishing: Is the act of attempting to mislead clients into providing their personal security
information, such as credit card numbers, bank account numbers, or other sensitive
information, by posing as a reputable company in an e-mail. The recipients may be asked to
"update," "verify," or "confirm" their account details in their messages.
Phishing is a two-step scam that involves acquiring a company's identity before using it to
defraud people by gaining their credit identities. Phishing (also known as spoofing) is a word
that refers to the rising use of the Internet by scammers. They "fish" for consumer financial
information and password data using clever lures.
Phishing has become the most widely utilised social engineering attack to date since it is
relatively simple to carry out and does not require direct connection between the hacker and
the victim (i.e., hacker does not need to phone their prey, pretending that they are a technical
support staff, etc.).
Thousands of people were emailed. The number of potential victims raises the likelihood of
someone becoming addicted. Usually, there are such attacks require three distinct procedures
to be successful.
In step 1The hacker takes the identity of an organisation and establishes a spoof website. This
is readily accomplished by reading the source code of the desired site and then copying all
visuals and HTML lines from the live site. Even an experienced user would have a difficult
time spotting the differences due to this strategy.
Typically, a log-in form will be present on the imitated website, inviting the user to submit
secret personal information. Once the data is entered, a server-side software will manage the
submission, collecting the information and sending it to the hacker, before redirecting them to
the real website, making everything appear legitimate.
The second step of a phishing campaign is the most difficult for most hackers. This does not
imply that it is technically difficult, but it is technically challenging.
The hacker will create a plausibly fraudulent e-mail, which will then be sent through a
"ghost" mailing programme, allowing the hacker to impersonate the e-source mail's address.
The primary goal of this phishing e-mail is to persuade consumers to visit a spoof website
and enter personal information that hackers are after.
Users are often asked to respond to emergency situations, such as a warning that something
bad is about to happen.
Consumers must log in right away or their accounts will be suspended; customers will be
notified if their accounts are suspended. Someone has just sent money to the user, and they
must log in right now to get it.
6 Users will typically notice a hyperlink inside the bogus e-mail that, when clicked, would
take them to a false web site where they may "log in." As previously said, the quickest
approach to spot a phoney e-mail is not to glance at the address source (which can be
changed to anything), but to look at the body of the message.
In the e-mail, double-check the English grammar. This may come as a surprise to you, but
eight out of ten scam e-mails contain blatant grammar errors. Whatever the case may be, the
trick is still effective. A server-side script will handle the user's information once they have
opened the mimic web site and "logged in." That information will be emailed to the hacker,
and the user will be redirected to the legitimate website. However, the security of a user's
financial information or secret password has now been compromised.
Vishing-A criminal conduct involving the use of a phone to gain access to an individual's and
populations financial data in order to obtain financial rewards.
Spamming-Messages distributed to a large group of people in an attempt to limit the
message's reach to those who might not understand it. Spam mail is the unsolicited
dissemination of large numbers of e-mails that promote potentially fraudulent products,
services, or investment schemes. Spam mail is intended to deceive or deceive clients into
believing they will receive a genuine product or service at a lower price.
Before the transaction, the spammer, on the other hand, requests money or sensitive security
information such as a credit card number or other personal information. The customer will
not hear from the spammer after submitting their security information. Spammers who spread
malicious code and phishing e-mails are still experimenting with social engineering and
technological advances to reach computer users.
However, according to a Symantec Intelligence Report (Symantec, 2012), spam levels have
continued to drop to 68 percent of global e-mail traffic in 2012, down from 89 percent in
2010. Political spams resurfaced in April 2012, especially targeting the populations of the
United States and France. Spam e-mails have also been sent about the complicated situation
in Syria.
Atm skimming-It is the most advanced means of trading off an ATM machine or POS by
installing a device on the keypad that duplicates the function. Skimmers use ATM machines
to collect card numbers and personal information, which is then used to carry out fraudulent
transactions.
Hacking: Hacking is one of the most thoroughly studied and contested kinds of cybercrime,
and it has become a focal point for public concern about the damage that such conduct poses
to society. "The unlawful entry and subsequent use of other people's computer systems,"
according to a straightforward definition of hacking.
Information collection or reconnaissance, scanning, and finally gaining access to the target
system are all steps of the attacks. Methods of getting information or exploiting security
flaws are all part of information gathering. It's similar to how a typical robbery is conducted.
Before attempting to rob, the robber will gather all relevant information about the location.
The computer attacker will try to find out information about the target in the same way social
an attacker may utilise engineering as a means of obtaining information. Computer or
technology-based deception and human-based deception are the two basic categories into
which all social engineering initiatives can be classified.
The technology-based method is to trick the user into thinking he or she is engaging with a
"real" computer system (for example, a popup window telling the user that the computer
application has encountered a problem) and then persuade the user to take action supply non-
public information.
The human method involves deceit, taking advantage of the victim's ignorance, and appealing
to the basic human desire to be helpful and liked. Organized crime has the financial means to
hire the people they need.
The threat of organised crime and terrorism is becoming increasingly sophisticated as our
ability to access, control, and destroy our electronic and security systems improves at a
similar rate. E-mail and the Internet are, without a doubt, the most widely used mediums of
communication and information sharing today.
Every day, little over 2 billion individuals access the Internet. Thrill-seeking hackers are
being "purchased" by criminal organisations. This is known as "script kiddies" to supply the
skills and tools, and it is referred to as "cyber child labour."
Plastic card fraud- The unauthorised use of plastic or credit cards, or the theft of a plastic
card number in order to obtain money or property, is known as plastic card fraud. Plastic card
losses in 2011 totalled £341 million, according to APACS (analysis of police and community
safety framework), the UK payments organisation. Of that, £80 million was due to fraud
abroad. Financial Fraud Action UK (Financial Fraud Action UK, 2012). Criminals usually do
this by stealing from the UK card information at cash machines and businesses in nations that
have not yet upgraded to the new standard PIN and chip.
Card-not-present (CNP) fraud is the most common type of fraud in the UK. CNP accounted
for 65 percent of total losses in 2011, totalling £220.9 million (down by 3 percent ) (Financial
deception) The fact that neither the card nor the cardholder are present at a physical till point
at a store makes it difficult to detect this form of fraud. Fraudsters employ a variety of tactics
to obtain cards and card information details, such as phishing, spamming, or breaking into a
company's database.
2012, Action UK). Any fraud involving internet, telephone, or mail order payment is
classified as CNP fraud.
1.10 INTERNET BANKING IN INDIA
Electronic transferring funds or e-managing accounts refer to saving money exercises that
rely entirely on instructional PC innovation rather than human resource. In contrast to
traditional banking, there is no physical connection between banks and their consumers in e-
managing.
E-management is the delivery of bank data and administration to clients via a variety of
delivery stages that can be accessed via a PC, mobile phone, or smart television.
RBI has convened a working group on management. The gatherings divided money into three
groups for management and administration:
Enlightening framework-This section provides information to clients about credit plans,
branch locations, and financing prices.
The customer can choose from a variety of utilities based on their specific requirements.
Unapproved individuals have no reasonable chance of entering the bank's creation structure.
Open framework-This provides information on the balance of the client's records. Clients can
inspect the information after it has been confirmed and signed with passwords.
Value based framework-Clients can make modifications to their records in this category by
using the framework.
The bank and the client, as well as the client and the outsider, go through a reversible shift.
The http and https protocols are utilised to implement this architecture.
Web saving money, portable managing an account, RTGS, ATMs, Master Cards, Charge
Cards, and keen cards, among other things, are all examples of electronic money
management.
REASONS FOR CYBER CRIME
Negligence
Loss of proof
Easy to access
Complex
Storing information in wrong place
1.11 IMPACT OF CYBER CRIME IN BANKING SECTOR
Due to the explosive growth in cell phones with internet, the main cases have been
recognised.
Mobile phones are utilised for a variety of internet activities, including saving money online,
paying service fees online, and buying online, as well as gaining access to criminal data,
according to criminals.
In the event that the hackers are unable to obtain sufficient data, they ruin the bank's website
as a barrier to further efforts.
Apart from monetary gains from cyberattacks, the illicit business known as the Dark web
contributes to cybercrime as a means for exchanging personal data.
In this online network, sensitive information such as stolen credit card numbers, web-based
management accounts, treatment records, and authoritative access to servers is traded for
payment.
In 2017, India recorded 21,796 cyber offences, up 77 percent from 2016. The number
increased to 27,250 in 2018.... The majority of cyber-crimes were classified as ATM fraud,
10
followed by internet banking fraud. The states with the most cases were Karnataka and
Maharashtra.
As the number of mobile devices with internet access has increased, incidences of cybercrime
have become more brutal.
Smartphones are now utilised for a variety of online activities such as internet banking,
online shopping, and paying utility bills, and fraudsters are continuously looking for ways to
gain access to personal information.
1.12 HISTORY OF CYBER CRIMES
When the first polymorphic virus was released in 1992, it was the first cybercrime. One of the
early incidents of cybercrime in India was Yahoo v. Akash Arora (1999).
As the term implies, cyber-crime is a sort of crime conducted online. This is a novel sort of
criminality that has infiltrated nearly every element of Netizen life.
The phrase "cyber-crime" is not defined in Indian law, but an act known as the Information
Technology Act 2000 or the IT Act 2000 was enacted to combat these types of crimes.
While cybercrime is such a broad term, it is impossible to define it in a single or two
sentences. However, if we examine the nature of this crime, we may conclude that it is the
type of crime in which computers and computer networks are used, or more specifically,
abused, and the crime is done either 'through' or 'to' them, or both. According to an Ipsos
survey, Indians file 32 percent more complaints than Americans, Britons, and other
technologically advanced countries. The 32% figure is only for cases that have been reported,
not for those who have not.
1.13 YEARS OF CYBER CRIMES
1834-A group of thieves breach the French Telegraph System and steal stock market
information, effectively carrying out the world's first cyberattack.
1878-Two years after Alexander Graham Bell created the telephone, the Bell Telephone
Company in New York kicks a group of young boys off the grid for intentionally misdirecting
and disconnecting customer calls.
1955-Phone hacker David Condon explores a theory about how phone networks work by
whistling his phone with his "Davy Crockett Cat" and "Canary Bird Call Flute." The
computer receives the secret message, mistaking him for an employee, and connecting him to
a long-distance operator.
1969-The RABBITS Virus infects a computer after the University of Washington Data Center
downloads an application from an anonymous user. Before the machine overloads and stops
working, the unobtrusive machine makes copies of itself (breeding like a rabbit). It is thought
to be the first computer virus.
1970-1995-Kevin Mitnick uses specialised social engineering methods to break into some of
the world's most secure networks, including Nokia and Motorola, deceiving insiders into
handing over codes and passwords and then exploiting those codes to breach internal
operating systems.
11
1984-The Secret Service has authority over electronic theft under the United States
Comprehensive Crime Prevention Act.
1995-Vladimir Levin—from his flat in Saint Petersburg, Russian software developer
Vladimir Levin hacks into Citibank's New York IT system and approves a series of unlawful
transfers, eventually sending an estimated $10 million to accounts throughout the world.
1999-Virus Melissa- When a virus infects Microsoft Word documents, it immediately sends
itself as an email attachment. It sends emails to the first 50 people listed in an infected
device's Outlook email address book.
2002-An hour-long DDoS attack on the 13 root servers of the Domain Name System
threatens the whole Internet (DNS). The majority of users are unaffected.
2013-2015-global bank hack more than 100 organization. A group of Russian-based hackers
provides secure information to people all around the world.
2017-Equifax, one of the largest credit bureaus in the United States, has been hacked,
exposing 143 million client accounts. The disclosed information includes Social Security
numbers, birth dates, addresses, driver's licence numbers, and even credit card details.
1.14. EFFECTS ON CYBER CRIMES DURING COVID
COVID opened a new era of financial digitalization. For front and back-end processes have
gone digital in recent years. With all of this technological advancement, cyber-attacks are on
the rise, and attackers are actively seeking victims for malicious cyber-attacks on banking and
financial institutions' sensitive data.
Most financial sectors have gone online as a result of this new digital workforce, including
video conferencing, which has resulted in privacy concerns and phishing efforts, including
ransomware assaults. While banking sectors rely on online banking, both mobile and web
services tend to have a weak security system, resulting in an increase in cyber security
concerns.
Cybercriminals frequently target the banking industry in order to obtain customer and
employee information, which they then exploit to steal bank data and money. Cyber crooks
have been busy exploiting loopholes as a pandemic has disrupted businesses and remote
working has become a reality. The year 2020 witnessed one of the highest numbers of data
breaches ever recorded, and the trend appears to be continuing.
When the world was set on lockdown in March 2020, the total number of brute force attacks
against remote desktop protocol (RDP) increased by 197 percent, from 93.1 million in
February to 277.4 million in March. India's population increased from 1.3 million in February
to 3.3 million in March 2020.
Monthly attacks never fell below 300 million from April 2020 onwards, reaching a new high
of 409 million attacks in November 2020. India had the most number of attacks in July 2020,
with 4.5 million.
There were 377.5 million brute-force attacks in February 2021, about a year after the
epidemic began, a far cry from the 93.1 million seen at the start of 2020. In February 2021,
India alone saw 9.04 million attacks.
12
The overall number of attacks in India during January and February 2021 was estimated to
be around 15 million. According to reports, the data breach compromised 3.5 million
individuals, revealing know-your-customer papers including addresses, phone numbers,
Aadhaar cards, PAN cards, and other personal information.
The definition of digital reliance can also be found in other places. "Internet and cell phone
usage skyrocketed during the lockout." People used the internet for a variety of purposes,
including everyday commerce, prescription medications, and even vacation services. People
were more vulnerable to cyber fraud as digital payments developed exponentially.
1.15 BIGGEST CYBER ATTACKS IN INDIA
1.Cyber-attack in pune- Cosmos bank
Hackers stole Rs. 94.42 crores from Cosmos bank during a recent breach in India in 2018.
Hackers gained access to the bank's ATM server, stealing all card information and wiping out
funds from 28 countries, then withdrawing the funds as soon as they were notified.
13
14
In above picture you can see that from 2010-2018 cybercrimes cases have increased in a
steady rate. This has effect the lot of organization due to which people have lost their
confidential information which has lead to financial loss also. Banks were also affected by the
cybercrimes which are taking place.
50000
40000
30000
20000
10000
0
2013 2014 2015 2016 2017 2018 2019 2020
Column2
15
India reported 11.8% increase in cyber-crime cases in 2020 which tells difference between
the before and after covid impact on cases.
1.17 STATE WISE CYBER CRIMES CASES
In
2020, the total rate of cybercrime per one lakh people climbed to 3.7 from 3.3 the previous
year. The above statistics show the state wise cases of cyber crimes. In 2018 Uttar Pradesh
was highest and Manipur was lowest. In 2019 Karnataka shows the highest case and Manipur
shows the lowest and in 2020 again Uttar Pradesh shows the highest number of cases and
Manipur remains same lowest among all the states.
1.18CYBER ATTACKS TOOLS AND METHODS
Although any Internet-based application can carry worms and other malware, Internet
messaging is not an exception. Criminals utilise these typical chat methods to steal identities
by getting to know the people they're chatting with or by spreading malware, spyware, and
viruses. In the hands of criminals, e-mails are a vital tool. Not only e-mail is one of the most
popular ways to communicate, but it's also one of the most secure.
Spamming and phishing are the quickest and cheapest methods of communication, but they
can also be readily manipulated to transmit devastating viral attacks capable of destroying an
entire business network in minutes.
Some viruses, such as (the "I Love You" virus,) are distributed through seemingly harmless
e-mail communications and can run without human intervention. Attacks on "system security
that can be carried out via the internet" are technically defined as "attacks on system security
16
that can be carried out via the internet “Electronic mail" can be divided into the following
categories:
Active content attacks exploit a variety of active HTML (hypertext mark-up language) and
other scripting features and flaws.
Buffer overflow attacks are when an attacker sends something that is too large to fit within
the e-mail recipient's fixed-size memory buffer, hoping that the part that doesn't fit would
overwrite crucial information rather than being safely deleted.
Shell script attacks—where a snippet of a UNIX shell script is placed in the message headers
in the hopes that the instructions will be executed by an inadequately configured Unix mail
client.
Threats known as staged downloaders download and install other malicious malware onto a
compromised computer. These threats give attackers the ability to alter the downloaded
component to any form of threat that suits their goals or the profile of the computer being
attacked. For example, attackers can install a Trojan that distributes spam rather than one that
steals confidential information if the targeted machine contains no data of relevance.
Any later components that will be downloaded to execute the required duties can be changed
if the attackers' objectives change. A virus is a computer programme or code that repeats
itself on other files when it comes into contact.
A virus can harm an infected computer by deleting databases or files, destroying critical
computer components like the BIOS, or transmitting a message a pornographic message sent
to everyone in an infected computer's e-mail address book computer. Botnets were first used
in 2007, according to Wikipedia.
A bot is a programme that allows cyber criminals to take control of a victim's computer
without their knowledge. This happens when cyber criminals or hackers use a worm or a
virus to install programmes on the target's computer. These infected PCs are collected in
collections. Botnets are what they're called. It's possible that the botnets are being rented by a
hacker or spammer for cyber thieves or other hackers, making it difficult for authorities to
respond to track down the true criminal.
A BBC journalist studied the world of Botnets in March 2009. Thousands of Trojan horse
malware-infected PCs, largely residential Windows PCs connected via broadband Internet
connections, were investigated by the BBC team. These PCs were used to deliver the
majority of the world's spam e-mails, as well as DDoS attacks and blackmails against e-
commerce companies. The BBC team was able to rent a global botnet of over 21,000
malware-infected PCs. Because it was largely infecting machines in less developed countries
with fewer security measures installed, this botnet was reported to be quite inexpensive.
A key logger is a software program or hardware device that is used to monitor and log each of
the keys a user types into a computer keyboard. The user who installed the program or
hardware device can then view all keys typed in by that user because these programmes and
hardware devices track the keys pressed, a hacker can readily discover user passwords and
other information that the user may wish and believe to be confidential private.
17
Employers frequently use key loggers as a monitoring technique to guarantee that employees
only use work computers for business purposes. However, key loggers can be incorporated in
spyware, allowing data to be sent to an unidentified third party.
These tools are used by cyber thieves to trick potential targets into releasing sensitive
personal data and restore it for subsequent access to the user's workstation if the information
obtained included the target ID and password.
However, key loggers can be incorporated in spyware, allowing data to be sent to an
unidentified third party. These tools are used by cyber thieves to trick potential targets into
releasing sensitive personal data and restore it for subsequent access to the user's workstation.
1.19 CYBER LAWS IN INDIA
In a nutshell, cybercrime is any illegal activity in which a computer is used as a tool, a target,
or both. Traditional criminal behaviours such as theft, fraud, forgery, defamation, and
mischief, all of which are covered under the Indian Penal Code, might be included in cyber-
crimes. The Information Technology Act of 2000 addresses a variety of new age offences that
have arisen as a result of computer abuse. Cybercrime can be classified in two ways.
Utilizing a computer to attack other computers is known as using a computer as a target e.g.
Hacking, Virus/Worm attacks, DOS attacks, and other types of attacks are all possible.
Using a computer as a weapon: Using a computer to commit crimes in the real world. For
example, cyber terrorism, IPR violations, credit card frauds, electronic funds transfer scams,
and so on. Cyber law (also known as cyber law) refers to the legal issues surrounding the use
of communications technology, particularly "cyberspace," i.e. the Internet. It is an
intersection of numerous legal topics, including intellectual property, privacy, freedom of
expression, and jurisdiction, rather than an unique field of law like property or contract. In
essence, cyber law seeks to reconcile the issues posed by human behaviour on the Internet
with the historical legal framework that governs the physical world. When the Internet was
first conceived, the founders of the Internet had no idea that it would grow into an all-
encompassing revolution that might be used for criminal purposes and would demand
control.
There are a lot of disturbing things going on in online these days. Because of the Internet's
anonymous character, it is easy to participate in a wide range of criminal actions with
impunity, and those with intellect have been badly utilising this aspect of the Internet to
perpetuate illicit operations in cyberspace as a result, India requires Cyber laws.
Cyber law is significant because it encompasses nearly all elements of transactions and
activities on and with the Internet, the World Wide Web, and Cyberspace. At first glance,
Cyber laws may appear to be a highly technical field with little relevance to ordinary
Cyberspace operations.
The truth, on the other hand, is that nothing could be further from the truth. Every action and
reaction in Cyberspace has certain legal and Cyber legal implications, whether we recognise
it or not. The internet is similar to life. It's interesting, and we spend a lot of time here doing
fun activities, but it's not without its drawbacks.
18
With the advancement of technology and widespread Internet access, cybercrime has become
a fairly routine event. There are numerous ways in which we might become victims of
criminal cyber activity, ranging from breaking into computers to conducting fraudulent online
transactions.
1. Information technology act 2000
The Information Technology Act, 2000, was enacted by the Indian government to restrict
such acts that infringe an Internet user's rights. The Information Technology Act, which was
enacted in 2000, governs Indian cyber legislation. The main goal of this Act is to provide
ecommerce with trustworthy legal protection by making it easier to register real-time records
with the government. The ITA, which was passed by India's Parliament, emphasises the harsh
fines and penalties that protect the e-governance, e-banking, and e-commerce sectors. The
scope of ITA has now been expanded to include all of the most recent communication
devices.
Section 43-People who destroy computer systems without the owner's authorization are
subject to this law. In such instances, the owner is entitled to full recompense for the total
loss.
Section 66- If a person is found to have committed any of the acts listed in section 43
dishonestly or fraudulently, this section applies. In such cases, the penalty might be up to
three years in prison or a fine of up to Rs. 5 lakh.
Section 66B- includes the penalties for receiving stolen communication equipment or
computers in a fraudulent manner, which confirms a possible three-year sentence. Depending
on the severity, this term can also be followed by a fine of Rs. 1 lakh.
Section 66C- This section looks into identity thefts involving impostor digital signatures,
password hacking, and other unique identification elements. If found guilty, a three-year
sentence could be accompanied by a fine of Rs.1 lakh.
Section 66D- This section was added on the fly, with the goal of punishing cheaters who use
computer resources to impersonate others.
19
The Companies Act of 2013 is referred to by business stakeholders as the legal requirement
for the refinement of daily operations. This Act's directives cement all required techno-legal
compliances, putting less compliant businesses in a legal bind.
The Companies Act of 2013 gave the SFIO (Serious Frauds Investigation Office) the
authority to prosecute Indian corporations and their directors. SFIOs have also become much
more proactive and harsh in this area after the notification of the Companies Inspection,
Investment, and Inquiry Rules, 2014.
All regulatory compliances, including cyber forensics, e-discovery, and cybersecurity
diligence, are well-covered by the legislature. The Companies (Management and
Administration) Rules, 2014 establishes tight requirements for corporate directors and leaders
in terms of cybersecurity obligations and responsibilities.
4. NIST Compliance
As the most trusted global certifying organisation, the National Institute of Standards and
Technology (NIST) has approved the Cybersecurity Framework (NCFS), which provides a
standardised approach to cybersecurity.
The NIST Cybersecurity Framework includes all necessary rules, standards, and best
practises for effectively managing cyber-related risks. The flexibility and cost-effectiveness
of this system are top priorities. It increases critical infrastructure resilience and protection
by:
Providing for better cybersecurity risk interpretation, management, and reduction — to
reduce data loss, data abuse, and subsequent restoration expenses.
Identifying the most crucial activities and operations in order to concentrate on securing them
Organizations that secure important assets must be able to demonstrate their trustworthiness.
Aids in the prioritisation of investments in order to maximise the cybersecurity return on
investment.
Regulatory and contractual requirements are addressed.
Supports the information security programme as a whole.
20
Every district court must establish a Cyber Court to hear and give orders in situations where
the legal system cannot keep up.
Evidence in the Digital Age Digital evidence should be certified by authenticators. An
independent Bureau will be in charge of this.
India-based websites and services should have their own set of rules. This includes services
that are based in India but have a foreign origin.
Personal information about Indian residents should be stored on Indian servers. (In the US,
this is referred to as HIPAA compliance.)
Payment Systems and Financial Services should be subject to the IT Act's stringent
regulations, which include a 30-day resolution timeframe.
1.21 FUTURE OF CYBER LAWS IN INDIA
In recent years, cybercrime has increased dramatically, including phishing, identity theft, and
fraud. However, the existing laws do not provide enough or complete coverage. In addition,
we expect India's cybercrime penetration to become more consolidated.
In particular, we anticipate India's cybercrime penetration to become more consolidated. This
stresses the need for more effective and deterrent legal structures as well as stricter legislation
to combat cybercrime. One of the most anxiously awaited developments in Indian cyber law
is the National Cyber Security Strategy.
This strategy aspires to be a comprehensive set of guidelines for individuals, policymakers,
and other stakeholders, and even a follow-up to the 2013 National Cyber Security Policy. The
initiative will most likely offer more light on the optimal response mechanisms for
government and other companies to improve cyber security.
India will need to begin drafting a distinct national cyber security law as soon as possible.
The need for such a law is vital because it will be a key weapon in protecting India's cyber
security and cyber sovereign interests. In a time when many other countries have already
begun enacting specialised cyber security legislation, India is somewhat behind the curve. In
this case, appropriate action is required.
In the future, the government should focus on more effective methods to combat cybercrime.
More relevant improvements in Indian cyber law are also hoped for, including permitting
legal measures to handle the challenges posed by fast evolving technologies.
1.22 CASE STUDIES
1.
On September 20, 2007, IT experts attempted to reclaim control of the Maharashtra
government's hacked official website. The website http://www.maharashtragovernment.in
remained unavailable.
The Maharashtra government website has been hacked, according to Vice President Pastor
and Home Priest R.R Patil. He promised that the state government will investigate the
hacking and instructed the Digital Wrongdoing Branch to look into it. Patil stated that if
necessary, the state would recruit private IT experts in this area.
21
After re-establishing the site, the Middle Easterner News learned that programmers may have
obliterated the majority of the site's content. The hackers were identified as Program Cool Al-
Jazeera, according to IT officials, and they were based in Saudi Arabia. The official site has
been influenced by malware on a few occasions before, but has never been hacked, according
to a senior government IT officer.
People were misused through internet techniques for booking air tickets, and three people
were held accountable for the on-line Visa scam. The Digital Wrongdoing Examination Cell
in Pune aided these parties.
Mr. Parvesh Chauhan, an extra security officer with ICICI Prudential, gripped one of his
clients. According to information provided by the police, one of the clients received a
notification for purchasing airline tickets while his master card was in his possession. When
he learned of the problem, he went straight to the bank. The tickets were purchased via online
methods.
After further investigation, it was discovered that the data was obtained from the State Bank
of India. Shaikh worked in the Visa department and had access to the new client information.
He also told Kale about the information.
Kale then passed this information on to his friend Lukkad, who used the information to book
air tickets and sell them for the same amount of money. DCP Sunil Pulhari, the head of the
Digital Cell, was involved for eight days before catching the criminals.
In February 2017, a phishing attempt on UTI bank's website resulted in the bank being caught
in a phishing campaign. A geo cities URL was sent to the client's email addresses, requesting
personal details such as login Id and password. IT officials eventually learned that the page's
website admin was a man named Petr Stastny, whose email address could be seen on the
page.
The Monetary Office Wing of the Delhi Police has been alerted about the case, according to
top UTI bank officials. The bank has also enlisted the help of Melbourne-based Extortion
Watch Worldwide, a leading organisation that monitors phishing and works to prevent it.
2.
INDIA’S FIRST ATM CARD FRAUD
A group linked to digital malfeasance was nabbed by Chennai cops. Deepak Prem Manwani,
a 22-year-old man who was discovered breaking into an ATM in June, was apprehended by
the police. When he was apprehended, he had Rs 7.5 lakh in cash from two ATMs in
Chennai's The Nagar and Abiramipuram, according to the police report. He had already taken
Rs 50,000 from an ATM in Mumbai.
Manwani was a Pune-based MBA dropout who was hired by a Chennai-based corporation.
From a web bistro, he began his misdeeds. He had some European acquaintances who used to
send him $5 credit cards from a handful of different American banks. The administrator of
the European site devised an intriguing strategy to obtain the clients' individual ID numbers.
That institution drew a sizable following. Evidently, Manwani and other supporters got into
the arrangement of this pack and purchased a large amount of material on specified terms,
and are essentially in an agreement on a decent sharing foundation. Manwani also learnt how
22
to make 30 plastic cards with critical information on them, which he used to break into
ATMs.
The FEI launched an inquiry after receiving numerous complaints from charged Visa clients
and banks in the United States, and alerted the CBI in New Delhi that a universal pack had
evolved in India as well.
3.
CITIBANK MPHASIS CALL CENTER FRAUD IN PUNE
Ex-employees of MPhasiS Ltd Msource's BPO arm cheated Citibank's US customers to the
tune of Rs 1.5 crores. It was one of those cybercrime situations that sparked a slew of
questions, notably about the role of "Data Protection."
The crime was clearly perpetrated by gaining "Unauthorized Access" to the clients'
"Electronic Account Space." As a result, it falls within the heading of "Cyber Crimes."
Since any IPC offence committed with the use of "Electronic Documents" might be regarded
a crime with the use of "Written Documents," ITA-2000 is adaptable enough to accept parts
of crime not covered by ITA-2000 but covered by other statutes. In addition to the part in
ITA-2000, terms like "cheating," "conspiracy," "breach of trust," and so on apply in the
aforesaid instance.
The infraction is recognised in both Sections 66 and 43 of the ITA-2000. As a result, the
individuals involved are subject to imprisonment, fines, and a duty to pay damages to the
victims up to a maximum of Rs 1 crore per victim, for which the "Adjudication Process"
might be used.
4.
CASE OF SONY .SAMBANDH.COM
In 2013, India received its first cybercrime conviction. It all started when Sony India Private
Ltd, which controls the website www.sony-sambandh.com and targets Non-Resident Indians,
filed a complaint. NRIs can use the website to send Sony products to friends and relatives in
India after paying for them online.
The company guarantees that the products will be delivered to the intended recipients.
According to the cybercrime case study, in May 2002, someone using the name Barbara
Campa logged onto the website and ordered a Sony Colour Television and a cordless
headphone. She provided her credit card information and asked for the items to be sent to
Arif Azim in Noida. The credit card company cleared the payment, and the transaction was
completed. The items were delivered to Arif Azim after the company completed the necessary
due diligence and inspection procedures.
The company took digital images of Arif Azim accepting the item at the time of delivery. The
transaction was completed at that point, but after one and a half months, the credit card
company alerted the company that the purchase was unlawful because the genuine owner had
denied making it.
23
The company reported internet cheating to the Central Bureau of Investigation, which opened
an investigation under Indian Penal Code Sections 418, 419, and 420. Arif Azim was detained
once the case was examined. Arif Azim obtained the credit card number of an American
national while working at a call centre in Noida, which he exploited on the company's
website, according to investigations.
In this one-of-a-kind cyber fraud case, the CBI retrieved the colour television and cordless
headphone. The CBI had enough evidence to prove their case in this case, thus the accused
accepted his guilt. Arif Azim was found guilty under Sections 418, 419, and 420 of the Indian
Penal Code, marking the first time that cybercrime has been found guilty.
The court, on the other hand, believed that because the accused was a young boy of 24 years
old and a first-time offender, a liberal approach was required. As a result, the court sentenced
the accused to a year of probation.
The decision has enormous ramifications for the entire country. Apart from being the first
cybercrime conviction, it has demonstrated that the Indian Penal Code may be effectively
applied to some types of cybercrime that are not covered under the Information Technology
Act 2000. Second, a decision like this sends a strong message to everyone that the law cannot
be manipulated.
5.
CYBER ATTACK ON COSMOS BANK
In an extraordinarily daring cyber attack in August 2018, the Pune branch of Cosmos bank
was robbed of Rs 94 crores. The thieves were able to move the money to a Hong Kong bank
by hacking into the main server. In addition, the hackers gained access to the ATM server in
order to obtain information about numerous VISA and Rupay debit cards.
The switching system, which connects the centralised system to the payment gateway, was
hacked, which meant neither the bank nor the account holders were aware of the money
transfer.
According to the multinational cybercrime case study, a total of 14,000 transactions were
carried out using 450 cards across 28 countries. A total of 2,800 transactions were completed
across the country utilising 400 different cards.
This was the first malware attack of its sort, and it effectively shut down all connection
between the bank and the payment gateway.
6.
COMPUTER SOURCE DOCUMENTS WAS TEMPERED
Tata Indicom personnel were arrested in a case of manipulation involving the modification of
the electronic 32-bit number (ESN) that is programmed into cell phones. Reliance Intercom
was the target of the theft. The court later decided that because the source code was tampered
with, it was necessary to use Section 65 of the Information Technology Act.
7
24
25
The high court recognised the trademark rights of the plaintiff and passed an ex-parte ad
interim injunction restraining the defendants from using the trade name or any other name
deceptively similar to Nasscom. The court further restrained the defendants from holding
themselves out as being associated with or a part of Nasscom.
A commission was established by the court to search the defendants' homes. The local
commissioner assigned by the court took custody of two hard drives from the machines from
which the defendants sent false e-mails to various parties. The incriminating emails were
subsequently extracted from the hard drives and presented in court as evidence.
During the course of the Indian cyberlaw lawsuit, it became obvious that the defendants, in
whose names the illegal e-mails were sent, were false identities fabricated by an employee on
the defendants' orders in order to evade detection and legal action. Fictitious names were
removed from the list of defendants in the case after this fraudulent act was discovered.
Following that, the defendants admitted to their illegal actions, and the parties reached an
agreement by recording a compromise in the court proceedings. According to the terms of the
settlement, the defendants agreed to pay the plaintiff Rs1.6 million in damages for
infringement of the plaintiff's trademark rights.
The hard drives seized from the defendants' premises were also ordered to be handed over to
the plaintiff, who would be the rightful owner of the hard discs. These case achieves two
significant milestones: it places "phishing" within the scope of Indian law, despite the lack of
explicit legislation; and it dispels the myth that there is no "damages culture" in India for
infringement of intellectual property rights.
This decision supports IP owners' faith in the Indian court system's competence and desire to
safeguard intangible property rights, as well as sending a strong message to IP owners that
they can do business in India without surrendering their intellectual property rights.
10.
BANK NSP CASE
The Bank NSP case, in which a bank management trainee was engaged to be married, is one
of the most well-known cybercrime instances. Using the corporate computers, the pair
exchanged several emails. After they broke up, the girl made up fake email addresses like
"Indian bar associations" and sent emails to the boy's international clients. She did this on the
bank's computer. The boy's business lost a lot of customers, so he went to court against the
bank. The bank was found responsible for emails sent through its system.
26
Set up Strict Access Control Policies- Instead of allowing access to part-time workers,
contractors, and others, limit access to staff who truly require it. Strict Access Management
Policies are established by granting rights to personnel who need them to secure your
organisation from within.
Employee awareness is increasing-Banks must implement a comprehensive training
programme to educate their employees to deal with cyber-attacks.
Prepare a Disaster Recovery Plan-Having a backup plan for data protection can help you
avoid data loss and minimise downtime after an interruption. This is only possible if you
routinely backup your data.
Encrypt Your Information-Cryptography is one of the strategies for encrypting data and
ensuring the safety of your most sensitive digital assets.
Cybersecurity education-Cybersecurity training is essential for cybersecurity professionals to
improve their knowledge of pertinent information and to put their cyber-awareness to the test
by covering all areas of data security and keeping them up to date.
Educating to customers-The customer should be aware of various bank frauds, and steps
should be taken to educate them about security components so that they do not become
victims of cybercrime. The rate of cybercrime can be reduced if a client is aware and reports
a specific case of cybercrime promptly.
The norms and regulations of E-Managing an Account should be explained to a client.
Customers can be made aware of this via posting it on the bank's website, handing it out in
the mail, sending communications, and receiving training, among other methods.
Training the employees of bank-Banks must direct introduction programmes for their
employees. Misrepresentation counteractive action procedures must be made aware of the
personnel. It can be done more effectively by distributing pamphlets and periodicals. The
centre’s money-saving arrangement programming includes a discussion of the factors that
contribute to cybercrime and the steps that must be taken to prevent it.
International Collaboration to Combat Cybercrime-Since the internet is multinational in
nature, it necessitates cooperation between states to combat cybercrime. Despite the fact that
there are a few deals and consumption estimates, India has yet to develop a sound technique
that includes legal and technical measures as well as authoritative capabilities.
The expanded regional application of the IT Act of 2000 poses a problem in the examination,
arraignment, and expulsion of foreign nationals. India should effectively link as part of the
global cybercrime network focused on Asia, Europe, and America in order to seek assistance
and contribute to global cybercrime challenges.
Using strong passwords-Maintaining unique password and username combinations for each
account while resisting the urge to write them down. Weak passwords are easy to crack. The
following password combinations are more likely to be hacked.
Passwords can be created using keyboard patterns, such as -wrtdghu.
Using simple combinations -sana1999, jan2000, etc.
27
28
groups have made a significant contribution to information sharing: newcomers can benefit
from the experience and advice of more experienced hackers.
However, hacking is more inexpensive than ever: prior to the cloud computing era, spamming
or scamming required a dedicated server, server management, network configuration, and
maintenance skills, knowledge of Internet service provider standards, and so on.
A mail software-as-a-service, on the other hand, is a scalable, low-cost, mass, and
transactional e-mail-sending service for marketing purposes that might easily be set up for
spam. A cybercriminal could use cloud computing to leverage his or her attack, such as brute-
forcing a password, expanding the reach of a botnet, or helping a spamming campaign.
Awareness-Criminals are increasingly attempting to steal sensitive information such as
banking or credit card information as technology progresses and more people rely on the
internet to keep sensitive information. People all throughout the world are growing more
vulnerable to cybercrime.
Raising knowledge of how information is safeguarded and the methods criminals use to steal
it is becoming increasingly important. There were 269,422 complaints filed with the FBI's
Internet Crime Complaint Centre in 2014. A total loss of $800,492,073 was stated when all
claims were added together.
Cybercrime, on the other hand, does not appear to be on the typical person's radar. There are
1.5 million cyber-attacks every year, which translates to almost 4,000 attacks per day, 170
attacks per hour, or roughly three attacks per minute, with research finding that only 16
percent of victims have asked the perpetrators to stop. Anyone who uses the internet for any
reason can become a victim, which is why it is critical to understand how to stay safe when
online.
OBJECTIVES
To identify if people are aware about the cybercrime which are taking place through
online mediums.
To know what measure they have taken to prevent cybercrime or to protect their
systems from it.
29
To analyse if they know about the cyber laws which are made for the people’s
welfare.
For studying how much active they are on internet.
SCOPE OF STUDY
The study's scope includes the current state of cybercrime in the India.as the scope of
cybercrimes is more offense. This study will make a significant impact on the cyber-
crimes. It will educate the policymakers, legislators and researchers about the issues and
problems for combating the crime. The findings of this research are designed to assist the
government in improving existing laws in relation to information as well as technological
security. This study will focus on the current state or future prospects of cybercrime and
prevention, as well as the effectiveness of laws, public awareness, and respect for laws
and government actions, all of which are recognised as major concerns of the day and
demand special attention. This current component is expected to be viewed as a critical
and important resource for personnel working on this topic. Individuals, particularly those
interested in and concerned about the field, will benefit from the study's conclusions. In
addition, this research will pave the path for a variety of other options. It will also help
the students to know about the cyber-crimes in India which are taking place .The laws
that have been made to control it will provide all the information.
LIMITATIONS
The sample size covered is small.
The study is limited to Mumbai region.
Due to less time and less geographical boundaries data collected was limited.
The survey is carried out in a limited amount of time.
The study is conducted considering the prevailing conditions, which are subject to
change in future.
This study focuses on the cyber-crimes in Indian e-banking sector only.it does not
cover the whole financial sector.
SIGNIFICANCE OF STUDY
30
This research is regarding customers view how much they know about the cyber-crimes
which are happening in today’s world like hacking, phishing debit and credit card fraud, atm
fraud, automatic deduction of money, etc. It will also highlight their concerns about security,
privacy, and the secrecy of their personal information, as well as the possible benefits, such as
how this technology will allow users to multitask and operate with their hands free, resulting
in a better experience industry understanding because it will have access to a massive amount
of data and information. It advises its consumers to purchase the appropriate level of security.
This survey can assist in answering people's questions and concerns, as well as resolving
issues, thereby retaining and educating them about technology.
It will make them aware of the software. People will get to know that they can install
antivirus software in their system. Banking sector will modify their system making the
security high they will get to know about the consumers’ point of view in online banking. It
will make them understand why some of the consumers are not doing online banking.
Hence this study will in making changes in system they will get clear perception to some
extent and in future more people will start online banking.
RESEARCH METHODS
UNIVERSE MUMBAI
31
3. REVIEW OF LITERATURE
32
of crooks who are adept at navigating the Internet. Cyberspace, also known as the World
Wide Web, is an intangible and dynamic environment. This study contends that cyber-crime,
often known as e-crime, is a new type of company that employs high-tech criminals. This
paper examines an overall view of cybercrime, the culprits of cybercrime, and their
motivations. I also want to discuss in detail the various cybercrimes, as well as the unique
challenges and response issues that may be encountered during the prevention, detection, and
investigation. It also outlines the various sections of India's IT Act 2000 and proposes new
provisions. Cyber-crime chances have grown in parallel with the spectacular rise of the
Internet. Computer crimes increasingly encompass extortion, child pornography, money
laundering, fraud, software piracy, and corporate espionage, to mention a few, as a result of
the fast use of the Internet around the world.
It is apparent that the digital economy fits into the commerce framework in many ways. We
can investigate how digital platforms and cross-border information flows establish
transnational marketplaces and affect foreign investment patterns. Most information products
and services are commercialised and exchanged between countries. We can also try to think
of information as a factor of production and evaluate its flows in the same way we do with
33
data flows of capital or labour. The trading model, on the other hand, has flaws. It places a
premium on national borders in a way that contradicts the international nature of digital
interactions. Specifically, It is unavoidable that some will perceive or construe quantitative
studies of Web information flows, such as the data shown above, as a troubling "trade
imbalance" that requires policy remedies to "equalise" the flow between countries. This will
very certainly result in restrictive policies that create national barriers to the flow of data. It is
necessary to define a concept of digital exchanges among online users before studying
"international trade" in the digital economy. An open and liberal digital economy increases
the potential for specialised human exchanges of information and ideas, as well as
commercial items, by maximising the options for digital exchanges as well as services.
People may "search, receive, and impart information and ideas [...] regardless of frontiers,"
and the myriad activities permitted by that capability are the foundation of both social and
commercial value. The social, communicative, and productive capabilities produced by
unrestricted information flows is a by product of the economic value. Individuals and groups
can communicate freely through a discovery process to unleash new sources of value for
entrepreneurs In this regard, open digital exchange plays an important role component of
human rights. The internet's international nature is owing in part to the historical accident of
how the internet emerged, and in part to the high transaction costs involved with attempts to
border digital information flows.
The data gathered by the researcher from multiple respondents was analysed in order to draw
findings and to provide recommendations.
34
The collected data has been analysed and evaluated in this chapter to better understand the
respondents' perspectives on the topic cyber-crimes in banking sector how much they know
about these crimes what measures they have taken how much time they have become victim.
In this data it is also shown that how much percent of people are aware about the laws which
have been made for the public welfare.
The information gathered has been organised into tables and can be analysed using pie charts
and bar graphs.
The data collected resulted in the creation of 17charts in all. The following sections provide a
brief description of the analysis and interpretation.
35
2 25-34 23 22.8%
3 35-50 5 5%
4 50 & ABOVE 0 0
AGE
36
2 NO 19 18.8%
3 MAYBE 17 16.8%
37
38
PIE CHART SHOWS THE CLASSIFICATION ON THE BASIS OF HOW MUCH ACTIVE
THEY ARE ON INTERNET
The diagram shows the division of number of hours spent on internet by the people.
In this we can see that 21.8% spent 1-2 hours, 34.7% spent 3-5 hours, 26.7% spent 5-10
hours, 16.8% spent more than 10 hours on the internet. Most of the people spent 3-5 hours on
the internet but some people are there who spent more than 10 hours on internet.
People are much rely on internet today that’s why they spent maximum number of hours on
the internet.
39
40
3 DISAGREE 3 3%
3 DISAGREE 2 2%
41
3 DISAGREE 36 36%
2 OVERCHARGED 14 13.9%
42
THE ABOVE PIE CHART SHOWS THE PERCENTAGE OF FINANCIAL LOSS FACED
BY RESPONDENTS
In the above picture it can be seen that 65.3% people have never faced financial loss in online
transaction. It maybe because they have taken all necessary measures for their system and
accounts or maybe they are aware about the cyber – crimes .8.9% people’s money is
automatic deducted overcharged , 11.9% have faced fraud via merchandise, 13.9%
overcharged. They have faced these because maybe they are not aware about the crimes
which take place online and they have not taken a necessary measures for them.
43
4 CONFIDENTIAL 19 18.8%
INFORMATION HACKED
5 NEVER EXPERIENCED 39 38.6%
44
2 NO 71 70.3%
TOTAL 101
41
THE ABOVE PIE CHART SHOWS THE VIEW POINT ON ONLINE TRANSACTION
STOPPED
45
The above pie chart shows that what percent of people have stopped using online transactions
after experiencing the malpractices of cyber-crimes which are mentioned in the previous
question like malware or Trojan, spam mail, confidential information being hacked.
This pie chart shows that 70.3% have stopped because they might be afraid now that they will
experienced these things again. 29.7% said no maybe they are taking measure now while
doing online transactions.
46
have become necessary everything has become online we can easily get anything online .
Even return policies are also provided to the people. In the period of covid online things have
become useful and proven beneficial to people.
47
2 2 TIMES 15 14.9%
ABOVE PIE CHART SHOWS THAT HOW MANY TIMES THEY HAVE BECOME
VICTIM
The pie chart shows the division according to how many times they have been victim of
cyber-crimes 77.2% respondents have become at least one time victim of crime 14.9%
become 2 times victim and 7.9% 2-5 times . On an average we can say that the 80% of the
average respondents have become the victim of cyber- crimes.
48
49
2 NO 36 35.6%
50
51
THE ABOVE PIE CHART SHOWS THE DIVISION ACCORDING TO HOW MUCH
FAMILIAR THEY ARE WITH LAWS
Cyber law is significant because it encompasses nearly all elements of transactions and
activities on and with the Internet, the World Wide Web, and Cyberspace. At first glance,
Cyber laws may appear to be a highly technical area with little relevance to ordinary
cyberspace operations. 47.5% says that they are familiar with laws, 31.7% said no and 20.8%
are maybe aware it means that they are not fully familiar aware about it.
52
3 3 RATING 31 30.7%
4 4 RATING 24 23.8%
5 5 RATING 14 13.9%
TOTAL 101 100%
53
THE ABOVE BAR DIAGRAM SHOWS THAT WHAT CAN BE DONE TO CONTROL
CYBER-CRIMES
The above bar diagram shows the percentage of respondents given view about what can be
done to control the cyber-crimes in India.69.3% believe that we should educate the people
about it. 67.3% says that teaching to use how we should use internet, 64.4% respondents
believe that we should use secured websites , using secured websites is very much important
as it keeps our information safe and reduces the chance of frauds, 50.5% agree with using
checking link before we do anything online. 43.6% says that campaign should be there. In
future government should start campaign for people to make them aware about the cyber –
crimes.
54
Conclusion
When social media first became popular in the early 2000s, cybercrime exploded. The inflow
of people placing all the information they could into a profile database resulted in a flood of
personal information and an increase in ID theft. Thieves exploited the information to get
access to bank accounts, create credit cards, and commit other types of financial crime.
The creation of an annual worldwide crime organisation worth over half a trillion dollars is
the new trend. These criminals operate in groups, employ well-worn strategies, and target
anything and everyone with a web presence. Although the RBI and the government are taking
aggressive measures to combat cyber-attacks, they are also adapting to newer technological
developments such as cryptocurrencies and block chain. As a result, the demand for
cybersecurity as part of the design architecture grows, with the goal of detecting attacks in
real time rather than fixing the damage. Cyber-crime, or criminal activity on the internet, is
one of India's and international law enforcement's biggest challenges in the future. As ICT
becomes more extensive, electronic crime will become more prevalent in all types of criminal
conduct, including what are today considered more traditional offences. It is already used in a
variety of transnational crimes like as drug trafficking, human smuggling, terrorism, and
money laundering. Even in traditional crimes, digital evidence will become more widespread,
and we must be prepared to deal with this new problem. To ensure Internet safety and
security, law enforcement agencies around the world are collaborating to create new
partnerships, forensic procedures, and responses to cyber-crime. To detect, prevent, and
respond to cybercrime, new skills, technologies, and investigative approaches will be needed
in a global environment. New types of crime, a considerably greater scope and scale of
offending and victimisation, the need to respond much more quickly, and significant technical
and legal complications will all characterise this "new business." To solve the severe
jurisdictional concerns, creative solutions such as the construction of "cyber cops," "cyber
courts," and "cyber judges" may be required. However, I believe that cybercrime is a more
severe crime than real-life crimes because it affects millions of people at once. In reality, it
only affects a small number of people.
55
SUGGESTIONS
1. Instead of involving the branches for rapid and strict activities, the society could report
2. Initiatives should be created to raise public awareness of current and future events.
3. To put an end to these problems and punish the perpetrators, strict penalties should be
implemented
5. Cases should be resolved quickly in order to address grievances and instil confidence in the
general public.
6. The enforcement of the law should be strict, and such wrongdoings should be monitored
on a regular basis.
8. Educating them through advertisements, social media is good option because people
believe it easily nowadays.
9. Installing antivirus software should be made mandatory so that in future they will not
become victims of cyber- crimes.
10. People should know where, how, when they should file a complaint.
56
APPENDIX
QUESTIONNAIRE: CYBER CRIMES IN BANKING SECTOR
57
58
59
57
60
61
62
BIBLIOGRAPHY
https://en.wikipedia.org/wiki/Cybercrime
https://www.legalserviceindia.com/legal/article-3073-cyber-frauds-in-the-indian-banking-
industry.html
https://www.jigsawacademy.com/blogs/cyber-security/history-of-cybercrime/
https://www.mygreatlearning.com/blog/biggest-cyber-security-threats-indian-banking-sector/
https://www.business-standard.com/article/technology/india-becomes-favourite-destination-
for-cyber-criminals-amid-covid-19-121040501218_1.html
https://www.infosecawareness.in/cyber-laws-of-india
http://appknox.com/blog/cybersecurity-laws-in-india
https://www.cyberralegalservices.com/detail-casestudies.php
https://www.geeksforgeeks.org/cybercrime-causes-and-measures-to-prevent-it/
https://www.cs.tufts.edu/comp/116/archive/fall2017/cmcbrien.pdf
https://www.emerald.com/insight/content/doi/10.1108/JCRPP-12-2019-0070/full/html
https://www.ijser.org/researchpaper/Cyber-Crime-in-India-An-Empirical-Study.pdf
https://www.researchgate.net/publication/275709598_CYBER_CRIME_CHANGING_EVER
YTHING_-_AN_EMPIRICAL_STUDY
https://www.jetir.org/papers/JETIR2012332.pdf
https://ebookcentral.proquest.com/lib/inflibnet-ebooks/reader.action?
docID=5734579&query=cyber+crimes
Reference from- cyber-crime and cyber terrorism investigator’s handbook author- Babak,
Akhgar, Andrew, Stainforth, and Francesca Bosco publisher-(Elsevier Science & Technology
Books) date- 08/12/2014
63