Supriya Maurya Tybbi Black Book Project

lOMoARcPSD|37123246
Supriya maurya tybbi black book project
M.Com Banking and Insurance (University of Mumbai)
Scan to open on Studocu
Studocu is not sponsored or endorsed by any college or university

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)
lOMoARcPSD|37123246
INDEX
SR.NO TITLE PAGE

. NO.
1. INTRODUCTION 3
1.1 Financial fraud crimes 3
1.2 Cyber terrorism 3

1.3 Cyber Extortion 4
1.4 Cyber Warfare 4
1.5 Computer as a Target 5
1.6 Computer As a Tool 5
1.7 Ad- Fraud 5
1.8 Meaning 6
1.9 Cyber Crime In Banking Sector 6
1.10 Internet Banking In India 9
1.11 Impact Of Cyber- crimes In Banking Sector 10

1.12 History Of Cyber- crimes 11
1.13 Years of Cyber – crimes 11
1.14 Effects on Cyber – crimes During Covid 12

1.15 Biggest Cyber Attacks In India 13
1.16 Effects on Cyber – crimes After Covid 15
1.17 State Wise Cyber – crimes Cases 15

lOMoARcPSD|37123246
1.18 Cyber Attacks Tools and Methods 16
1.19 Cyber Laws In India 17
1.20 Issues With Modern Day Laws In India 20

1.21 Future Of Cyber Laws In India 20
1.22 Case Studies 21
1.23 Steps Taken To Reduce Cyber crimes In Banking 26

Sector
2. RESEARCH METHDOLOGY 29
2.1 Objectives 29
2.2 Scope Of Study 29
2.3 Limitations 29
2.4 Significance Of Study 30
2.5 Research Methods 31

3. REVIEW OF LITERATURE 32
4. DATA,ANALYSIS, INTERPRETATION & 34-52
PRESENTATION
5. CONCLUSIONS AND SUGGESTIONS 53
5.1 Conclusion 53
5.2 Suggestions 54
6. APPENDIX 55
6.1 Questionnaire 55-61

7. BIBLIOGRAPHY 62

lOMoARcPSD|37123246
CYBER CRIMES IN BANKING SECTOR

1. INTRODUCTION
Cybercrime is defined as a crime committed using a computer and a network. It's possible
that the computer was used to commit a crime or that it was the intended target. Cybercrime
can damage a person's security and financial well-being.
When confidential information is intercepted or disclosed, whether lawfully or illegally, there
are numerous privacy concerns.
Cybercrime is committed by both governmental and non-governmental entities on a global
scale, including intelligence, financial theft, and other cross-border crimes.
Cyberwarfare refers to cybercrimes that cross international borders and involve the actions of
at least one nation-state. Cybercrime, according to Warren Buffett, is the "number one
problem with humanity" and "poses real risks to humanity.
“According to a report published in 2014, the annual cost to the global economy is $445
billion. According to a 2016 report by Cybersecurity Ventures, global cybercrime damages
could cost up to $6 trillion annually by 2021 and $10.5 trillion annually by 2025.
In the United States, online credit and debit card fraud cost approximately $1.5 billion in
2012. A study conducted in 2018 by the Centre for Strategic and International Studies (CSIS)
in collaboration with McAfee concluded that cybercrime costs nearly one percent of global
GDP, or close to $600 billion, each year.
The World Economic Forum's 2020 Global Risk report confirmed that organised cybercrime
are banding together to commit criminal acts online, with the likelihood of detection and
prosecution in the United States estimated to be less than 1%.
1.1 FINANCIAL FRAUDS CRIMES
Computer fraud is defined as any dishonest misrepresentation of fact intended to allow
another to do or refrain from doing something that causes loss. In this case, the fraud will
result in obtaining a benefit:
 Changing in an unauthorised manner this requires little technical expertise and is a
common form of theft committed by employees who alter the data before entering it,
enter false data, enter unauthorised instructions, or use unauthorised processes.
 Changing, destroying, suppressing, or stealing output, usually to conceal unauthorised
transactions. This is difficult to detect; altering or deleting stored data.
Other types of fraud, such as bank fraud, carding, identity theft, extortion, and theft of
classified information, may be facilitated by computer systems. These types of crimes
frequently result in the loss of private or monetary information.
1.2 CYBER TERRORISM
Since early 2001, government officials and information technology security experts have seen
a significant increase in Internet problems and server scams. The Federal Bureau of
Investigations (FBI) and the Central Intelligence Agency (CIA) are increasingly concerned
that such intrusions are part of a coordinated effort by cyberterrorist foreign intelligence

lOMoARcPSD|37123246
services or other groups to map potential security holes in critical systems. A cyberterrorist is
someone
who threatens or blackmails a government or an organisation into advancing his or her
political or social goals by launching a computer-based attack against computers, networks,
or the data stored on them.
In general, cyberterrorism is defined as a terrorist act committed through the use of
cyberspace or computer resources. As a result, a simple Internet propaganda piece claiming
that bombs will be detonated during the holidays can be considered cyberterrorism.
There are also hacking activities directed at individuals, families, and organised by groups
within networks, with the goal of trying to instill fear in people, demonstrating power,
gathering information relevant to ruining people's lives, robberies, blackmailing.
1.3 CYBER EXTORTION
When a website, e-mail server, or computer system is subjected to or threatened with
repeated denial of service or other attacks by malicious hackers, cyber extortion occurs.
These hackers demand money in exchange for promising to halt the attacks and provide
"protection."
According to the Federal Bureau of Investigation, cybercriminal extortionists are increasingly
targeting corporate websites and networks, crippling their ability to operate and demanding
payment to restore service.
More than 20 cases are reported to the FBI each month, with many going unreported in order
to keep the victim's name out of the public eye.
The most common method used by perpetrators is a distributed denial-of-service attack.
However, other forms of cyber extortion exist, such as doxing extortion and bug poaching.
Ransomware is a type of cyber extortion in which malware is used to restrict file access,
sometimes threatening permanent data removal if a ransom is not paid.
According to the Kaspersky Lab 2016 Security Bulletin report, a business is attacked by
Ransomware every 40 minutes and will be attacked every 11 minutes in 2021.
With ransomware continuing to be one of the world's fastest growing cybercrimes, global
ransomware damage is expected to cost up to $20 billion by 2021.
1.4 CYBER WARFARE
The US Department of Defense notes that cyberspace has emerged as a national-level
concern as a result of several recent regional and global events. Among them is an alleged
Russian hacker attack on Estonia's infrastructure in 2007.
In August 2008, Russia allegedly carried out cyber-attacks against Georgia, this time in a
coordinated and synced kinetic and non-kinetic campaign.
Fearing that such attacks will become the norm in future warfare among nation-states, the
concept of cyberspace operations has an impact on and will be adapted by warfighting
military commanders in the future.

lOMoARcPSD|37123246
1.5 COMPUTER AS A TARGET

These crimes are committed by a select group of criminals. These crimes, unlike crimes
committed with a computer as a tool, necessarily involve the perpetrators' technical
knowledge.
As a result, as technology evolves, so does the nature of crime. These crimes are relatively
new, having existed for only as long as computers have—which explains how unprepared
society and the world in general are to combat these crimes. Every day, numerous crimes of
this type are committed on the internet. It is rarely committed by lone wolves, but rather by
large syndicate groups.
Crimes that are done through computers are:
Virus in computer
Service attacks denial
Malware
1.6 COMPUTER AS A TOOL
When the individual is the primary target of cybercrime, the computer can be viewed as a tool
rather than a target. These crimes typically require less technical expertise. Human flaws are
commonly exploited.
The majority of the damage is psychological and intangible, making legal action against the
variants more difficult. These are the types of crimes that have existed for centuries in the
offline world. Scams, theft, and other forms of deception existed long before the development
of high-tech equipment.
The same criminal has simply been given a tool that expands their potential victim pool and
makes them even more difficult to track down and apprehend.
Crimes that involve the use of computer networks or devices to achieve other goals include
Information warfare
Phishing scams
Spam
Identify fraud and theft
Illegal or offensive content includes harassment
1.7 AD- FRAUD
Ad-frauds are particularly popular among cybercriminals because they are less likely to be
prosecuted and are particularly profitable cybercrimes.
Jean-Loup Richet, Professor at the Sorbonne Business School, divided the wide range of ad-
fraud observed in cybercriminal communities into three categories: (1) identity fraud, (2)

lOMoARcPSD|37123246
attribution fraud, and (3) ad-fraud services. Attribution fraud attempts to impersonate the
actions of genuine users (clicks, activities, conversations, etc.).
This category includes a variety of ad-fraud techniques, such as hijacked devices and the use
of infected users (via malware) as part of a botnet to participate in ad fraud campaigns; click
farms (companies where low-wage employees are paid to click or engage in conversations
and affiliates' offers); incentivized browsing; video placement abuse (delivered in display
banner slots); hidden ads (that will never be viewed by real users); domain spoofing ( (user is
forced to click on the ad).
All online infrastructure and hosting services that may be needed to commit identity or
attribution fraud are referred to as ad fraud services.
Services may include the creation of spam websites (fake networks of websites created to
provide artificial backlinks); link building services; hosting services; and the creation of fake
and scam pages impersonating a famous brand and used as part of an ad fraud campaign.
A successful ad-fraud campaign uses a sophisticated combination of these three types of ad-
fraud: sending fake traffic through bots using fake social accounts and falsified cookies; bots
will click on ads available on a scam page impersonating a well-known brand.
1.8 MEANING
Managing an account segment in many countries of the world was simple and reliable until
the mid-1990s; nevertheless, with the advent of innovation, the keeping money division has
seen a shift of perspective in the wonder.
Banks proposed various steps via which trades should be possible without much effort in
order to expand their client base.
These developments enabled clients to access their bank funds 24 hours a day, 7 days a
week, 365 days a year via ATMs and web-based account management systems.
Money-laundering cases have risen in tandem with the rate of innovation. Cyber hackers use
a variety of methods to steal bank information and cash.
Banks have employed a variety of specific ways to protect themselves against these crimes,
but the problem persists. Identifying the variables by banks and the issue of digital wrong
doings is one of the strategies for reducing the issue of digital wrong doings in the keeping
money segment.
Different online attacks, including as phishing, keystroke logging malware, wholesale fraud,
and others, have an impact on banks, which are the most common targets of digital wrong
doings.
1.9 CYBER CRIME IN BANKING SECTOR
A contravention involving a place of misconduct, a target, an instrument, a source, a
computer, and a network as a medium is known as digital wrong doing. These alleged crimes
have migrated to a more evolved world as a result of greater digital-based business
transactions.

lOMoARcPSD|37123246
These kind of cyber-assaults are on the rise all across the world, and India has seen a
significant increase in incidences of digital piracy in recent years. According to a Juniper
Exploration study from 2016, global cybercrime costs could reach 2.1 trillion dollars by
2019.
Digital crimes can be classified in a variety of ways including, digital harassment,
programmed robbery, retail fraud, spam email, online robbery.
The online crimes can be classified as:
Phishing: Is the act of attempting to mislead clients into providing their personal security
information, such as credit card numbers, bank account numbers, or other sensitive
information, by posing as a reputable company in an e-mail. The recipients may be asked to
"update," "verify," or "confirm" their account details in their messages.
Phishing is a two-step scam that involves acquiring a company's identity before using it to
defraud people by gaining their credit identities. Phishing (also known as spoofing) is a word
that refers to the rising use of the Internet by scammers. They "fish" for consumer financial
information and password data using clever lures.
Phishing has become the most widely utilised social engineering attack to date since it is
relatively simple to carry out and does not require direct connection between the hacker and
the victim (i.e., hacker does not need to phone their prey, pretending that they are a technical
support staff, etc.).
Thousands of people were emailed. The number of potential victims raises the likelihood of
someone becoming addicted. Usually, there are such attacks require three distinct procedures
to be successful.
In step 1The hacker takes the identity of an organisation and establishes a spoof website. This
is readily accomplished by reading the source code of the desired site and then copying all
visuals and HTML lines from the live site. Even an experienced user would have a difficult
time spotting the differences due to this strategy.
Typically, a log-in form will be present on the imitated website, inviting the user to submit
secret personal information. Once the data is entered, a server-side software will manage the
submission, collecting the information and sending it to the hacker, before redirecting them to
the real website, making everything appear legitimate.
The second step of a phishing campaign is the most difficult for most hackers. This does not
imply that it is technically difficult, but it is technically challenging.
The hacker will create a plausibly fraudulent e-mail, which will then be sent through a
"ghost" mailing programme, allowing the hacker to impersonate the e-source mail's address.
The primary goal of this phishing e-mail is to persuade consumers to visit a spoof website
and enter personal information that hackers are after.
Users are often asked to respond to emergency situations, such as a warning that something
bad is about to happen.

lOMoARcPSD|37123246
Consumers must log in right away or their accounts will be suspended; customers will be
notified if their accounts are suspended. Someone has just sent money to the user, and they
must log in right now to get it.
6 Users will typically notice a hyperlink inside the bogus e-mail that, when clicked, would
take them to a false web site where they may "log in." As previously said, the quickest
approach to spot a phoney e-mail is not to glance at the address source (which can be
changed to anything), but to look at the body of the message.
In the e-mail, double-check the English grammar. This may come as a surprise to you, but
eight out of ten scam e-mails contain blatant grammar errors. Whatever the case may be, the
trick is still effective. A server-side script will handle the user's information once they have
opened the mimic web site and "logged in." That information will be emailed to the hacker,
and the user will be redirected to the legitimate website. However, the security of a user's
financial information or secret password has now been compromised.
Vishing-A criminal conduct involving the use of a phone to gain access to an individual's and
populations financial data in order to obtain financial rewards.
Spamming-Messages distributed to a large group of people in an attempt to limit the
message's reach to those who might not understand it. Spam mail is the unsolicited
dissemination of large numbers of e-mails that promote potentially fraudulent products,
services, or investment schemes. Spam mail is intended to deceive or deceive clients into
believing they will receive a genuine product or service at a lower price.
Before the transaction, the spammer, on the other hand, requests money or sensitive security
information such as a credit card number or other personal information. The customer will
not hear from the spammer after submitting their security information. Spammers who spread
malicious code and phishing e-mails are still experimenting with social engineering and
technological advances to reach computer users.
However, according to a Symantec Intelligence Report (Symantec, 2012), spam levels have
continued to drop to 68 percent of global e-mail traffic in 2012, down from 89 percent in
2010. Political spams resurfaced in April 2012, especially targeting the populations of the
United States and France. Spam e-mails have also been sent about the complicated situation
in Syria.
Atm skimming-It is the most advanced means of trading off an ATM machine or POS by
installing a device on the keypad that duplicates the function. Skimmers use ATM machines
to collect card numbers and personal information, which is then used to carry out fraudulent
transactions.
Hacking: Hacking is one of the most thoroughly studied and contested kinds of cybercrime,
and it has become a focal point for public concern about the damage that such conduct poses
to society. "The unlawful entry and subsequent use of other people's computer systems,"
according to a straightforward definition of hacking.
Information collection or reconnaissance, scanning, and finally gaining access to the target
system are all steps of the attacks. Methods of getting information or exploiting security
flaws are all part of information gathering. It's similar to how a typical robbery is conducted.
Before attempting to rob, the robber will gather all relevant information about the location.

lOMoARcPSD|37123246
The computer attacker will try to find out information about the target in the same way social
an attacker may utilise engineering as a means of obtaining information. Computer or
technology-based deception and human-based deception are the two basic categories into
which all social engineering initiatives can be classified.
The technology-based method is to trick the user into thinking he or she is engaging with a
"real" computer system (for example, a popup window telling the user that the computer
application has encountered a problem) and then persuade the user to take action supply non-
public information.
The human method involves deceit, taking advantage of the victim's ignorance, and appealing
to the basic human desire to be helpful and liked. Organized crime has the financial means to
hire the people they need.
The threat of organised crime and terrorism is becoming increasingly sophisticated as our
ability to access, control, and destroy our electronic and security systems improves at a
similar rate. E-mail and the Internet are, without a doubt, the most widely used mediums of
communication and information sharing today.
Every day, little over 2 billion individuals access the Internet. Thrill-seeking hackers are
being "purchased" by criminal organisations. This is known as "script kiddies" to supply the
skills and tools, and it is referred to as "cyber child labour."
Plastic card fraud- The unauthorised use of plastic or credit cards, or the theft of a plastic
card number in order to obtain money or property, is known as plastic card fraud. Plastic card
losses in 2011 totalled £341 million, according to APACS (analysis of police and community
safety framework), the UK payments organisation. Of that, £80 million was due to fraud
abroad. Financial Fraud Action UK (Financial Fraud Action UK, 2012). Criminals usually do
this by stealing from the UK card information at cash machines and businesses in nations that
have not yet upgraded to the new standard PIN and chip.
Card-not-present (CNP) fraud is the most common type of fraud in the UK. CNP accounted
for 65 percent of total losses in 2011, totalling £220.9 million (down by 3 percent ) (Financial
deception) The fact that neither the card nor the cardholder are present at a physical till point
at a store makes it difficult to detect this form of fraud. Fraudsters employ a variety of tactics
to obtain cards and card information details, such as phishing, spamming, or breaking into a
company's database.
2012, Action UK). Any fraud involving internet, telephone, or mail order payment is
classified as CNP fraud.
1.10 INTERNET BANKING IN INDIA
Electronic transferring funds or e-managing accounts refer to saving money exercises that
rely entirely on instructional PC innovation rather than human resource. In contrast to
traditional banking, there is no physical connection between banks and their consumers in e-
managing.
E-management is the delivery of bank data and administration to clients via a variety of
delivery stages that can be accessed via a PC, mobile phone, or smart television.

lOMoARcPSD|37123246
RBI has convened a working group on management. The gatherings divided money into three
groups for management and administration:
Enlightening framework-This section provides information to clients about credit plans,
branch locations, and financing prices.
The customer can choose from a variety of utilities based on their specific requirements.
Unapproved individuals have no reasonable chance of entering the bank's creation structure.
Open framework-This provides information on the balance of the client's records. Clients can
inspect the information after it has been confirmed and signed with passwords.
Value based framework-Clients can make modifications to their records in this category by
using the framework.
The bank and the client, as well as the client and the outsider, go through a reversible shift.
The http and https protocols are utilised to implement this architecture.
Web saving money, portable managing an account, RTGS, ATMs, Master Cards, Charge
Cards, and keen cards, among other things, are all examples of electronic money
management.
REASONS FOR CYBER CRIME
Negligence
Loss of proof
Easy to access
Complex
Storing information in wrong place
1.11 IMPACT OF CYBER CRIME IN BANKING SECTOR
Due to the explosive growth in cell phones with internet, the main cases have been
recognised.
Mobile phones are utilised for a variety of internet activities, including saving money online,
paying service fees online, and buying online, as well as gaining access to criminal data,
according to criminals.
In the event that the hackers are unable to obtain sufficient data, they ruin the bank's website
as a barrier to further efforts.
Apart from monetary gains from cyberattacks, the illicit business known as the Dark web
contributes to cybercrime as a means for exchanging personal data.
In this online network, sensitive information such as stolen credit card numbers, web-based
management accounts, treatment records, and authoritative access to servers is traded for
payment.
In 2017, India recorded 21,796 cyber offences, up 77 percent from 2016. The number
increased to 27,250 in 2018.... The majority of cyber-crimes were classified as ATM fraud,
10

lOMoARcPSD|37123246
followed by internet banking fraud. The states with the most cases were Karnataka and
Maharashtra.
As the number of mobile devices with internet access has increased, incidences of cybercrime
have become more brutal.
Smartphones are now utilised for a variety of online activities such as internet banking,
online shopping, and paying utility bills, and fraudsters are continuously looking for ways to
gain access to personal information.
1.12 HISTORY OF CYBER CRIMES
When the first polymorphic virus was released in 1992, it was the first cybercrime. One of the
early incidents of cybercrime in India was Yahoo v. Akash Arora (1999).
As the term implies, cyber-crime is a sort of crime conducted online. This is a novel sort of
criminality that has infiltrated nearly every element of Netizen life.
The phrase "cyber-crime" is not defined in Indian law, but an act known as the Information
Technology Act 2000 or the IT Act 2000 was enacted to combat these types of crimes.
While cybercrime is such a broad term, it is impossible to define it in a single or two
sentences. However, if we examine the nature of this crime, we may conclude that it is the
type of crime in which computers and computer networks are used, or more specifically,
abused, and the crime is done either 'through' or 'to' them, or both. According to an Ipsos
survey, Indians file 32 percent more complaints than Americans, Britons, and other
technologically advanced countries. The 32% figure is only for cases that have been reported,
not for those who have not.
1.13 YEARS OF CYBER CRIMES
1834-A group of thieves breach the French Telegraph System and steal stock market
information, effectively carrying out the world's first cyberattack.
1878-Two years after Alexander Graham Bell created the telephone, the Bell Telephone
Company in New York kicks a group of young boys off the grid for intentionally misdirecting
and disconnecting customer calls.
1955-Phone hacker David Condon explores a theory about how phone networks work by
whistling his phone with his "Davy Crockett Cat" and "Canary Bird Call Flute." The
computer receives the secret message, mistaking him for an employee, and connecting him to
a long-distance operator.
1969-The RABBITS Virus infects a computer after the University of Washington Data Center
downloads an application from an anonymous user. Before the machine overloads and stops
working, the unobtrusive machine makes copies of itself (breeding like a rabbit). It is thought
to be the first computer virus.
1970-1995-Kevin Mitnick uses specialised social engineering methods to break into some of
the world's most secure networks, including Nokia and Motorola, deceiving insiders into
handing over codes and passwords and then exploiting those codes to breach internal
operating systems.
11

lOMoARcPSD|37123246
1984-The Secret Service has authority over electronic theft under the United States
Comprehensive Crime Prevention Act.
1995-Vladimir Levin—from his flat in Saint Petersburg, Russian software developer
Vladimir Levin hacks into Citibank's New York IT system and approves a series of unlawful
transfers, eventually sending an estimated $10 million to accounts throughout the world.
1999-Virus Melissa- When a virus infects Microsoft Word documents, it immediately sends
itself as an email attachment. It sends emails to the first 50 people listed in an infected
device's Outlook email address book.
2002-An hour-long DDoS attack on the 13 root servers of the Domain Name System
threatens the whole Internet (DNS). The majority of users are unaffected.
2013-2015-global bank hack more than 100 organization. A group of Russian-based hackers
provides secure information to people all around the world.
2017-Equifax, one of the largest credit bureaus in the United States, has been hacked,
exposing 143 million client accounts. The disclosed information includes Social Security
numbers, birth dates, addresses, driver's licence numbers, and even credit card details.
1.14. EFFECTS ON CYBER CRIMES DURING COVID
COVID opened a new era of financial digitalization. For front and back-end processes have
gone digital in recent years. With all of this technological advancement, cyber-attacks are on
the rise, and attackers are actively seeking victims for malicious cyber-attacks on banking and
financial institutions' sensitive data.
Most financial sectors have gone online as a result of this new digital workforce, including
video conferencing, which has resulted in privacy concerns and phishing efforts, including
ransomware assaults. While banking sectors rely on online banking, both mobile and web
services tend to have a weak security system, resulting in an increase in cyber security
concerns.
Cybercriminals frequently target the banking industry in order to obtain customer and
employee information, which they then exploit to steal bank data and money. Cyber crooks
have been busy exploiting loopholes as a pandemic has disrupted businesses and remote
working has become a reality. The year 2020 witnessed one of the highest numbers of data
breaches ever recorded, and the trend appears to be continuing.
When the world was set on lockdown in March 2020, the total number of brute force attacks
against remote desktop protocol (RDP) increased by 197 percent, from 93.1 million in
February to 277.4 million in March. India's population increased from 1.3 million in February
to 3.3 million in March 2020.
Monthly attacks never fell below 300 million from April 2020 onwards, reaching a new high
of 409 million attacks in November 2020. India had the most number of attacks in July 2020,
with 4.5 million.
There were 377.5 million brute-force attacks in February 2021, about a year after the
epidemic began, a far cry from the 93.1 million seen at the start of 2020. In February 2021,
India alone saw 9.04 million attacks.
12

lOMoARcPSD|37123246
The overall number of attacks in India during January and February 2021 was estimated to
be around 15 million. According to reports, the data breach compromised 3.5 million
individuals, revealing know-your-customer papers including addresses, phone numbers,
Aadhaar cards, PAN cards, and other personal information.
The definition of digital reliance can also be found in other places. "Internet and cell phone
usage skyrocketed during the lockout." People used the internet for a variety of purposes,
including everyday commerce, prescription medications, and even vacation services. People
were more vulnerable to cyber fraud as digital payments developed exponentially.
1.15 BIGGEST CYBER ATTACKS IN INDIA
1.Cyber-attack in pune- Cosmos bank
Hackers stole Rs. 94.42 crores from Cosmos bank during a recent breach in India in 2018.
Hackers gained access to the bank's ATM server, stealing all card information and wiping out
funds from 28 countries, then withdrawing the funds as soon as they were notified.
THIS IMAGE IS FROM ECONOMIC TIMES

2. ATM system was hacked
Around the middle of 2018, the Canara Bank ATM servers were hacked. According to
sources, fraudsters accessed more than 300 users' ATM details, wiping out 20 lakh rupees
from a variety of bank accounts. Hackers stole information and up to 20 lakh rupees using
skimming devices.
13

lOMoARcPSD|37123246
THIS IMAGE IS FROM TIMES OF INDIA
3. UIDAI aadhaar software hacked

One of the largest data breaches of 2018 occurred when 1.1 billion Indian Aadhaar card
details were stolen. The UIDAI issued an official notification on the data breach, stating that
around 210 Indian government websites had been hacked. Aadhaar, PAN, bank account IFSC
codes, and other personal information of users were exposed in this data breach, and
anonymous marketers were selling Aadhaar information for Rs. 500 on WhatsApp. Aadhaar
card printouts are also available for as little as Rs.300.
4. SIM swap scam

In August 2018, two Navi Mumbai hackers obtained SIM card information fraudulently and
fraudulently transferred money from bank accounts totalling Rs. 4 crores. They used online
banking to make their purchases. The statistics and events surrounding the most recent cyber-
attacks in India should serve as a wake-up call for all financial sectors that are still exposed to
cyber threats. Organizations must take cybersecurity precautions and adhere to the security
principles outlined here.
2.2 CYBER CRIMES BEFORE COVID
14

lOMoARcPSD|37123246
In above picture you can see that from 2010-2018 cybercrimes cases have increased in a
steady rate. This has effect the lot of organization due to which people have lost their
confidential information which has lead to financial loss also. Banks were also affected by the
cybercrimes which are taking place.
60000 1.16 EFFECT ON CYBER-

CRIMES AFTER COVID
50000
40000
30000
20000
10000
0
2013 2014 2015 2016 2017 2018 2019 2020
Column2
15

lOMoARcPSD|37123246
India reported 11.8% increase in cyber-crime cases in 2020 which tells difference between
the before and after covid impact on cases.
1.17 STATE WISE CYBER CRIMES CASES
In
2020, the total rate of cybercrime per one lakh people climbed to 3.7 from 3.3 the previous
year. The above statistics show the state wise cases of cyber crimes. In 2018 Uttar Pradesh
was highest and Manipur was lowest. In 2019 Karnataka shows the highest case and Manipur
shows the lowest and in 2020 again Uttar Pradesh shows the highest number of cases and
Manipur remains same lowest among all the states.
1.18CYBER ATTACKS TOOLS AND METHODS
Although any Internet-based application can carry worms and other malware, Internet
messaging is not an exception. Criminals utilise these typical chat methods to steal identities
by getting to know the people they're chatting with or by spreading malware, spyware, and
viruses. In the hands of criminals, e-mails are a vital tool. Not only e-mail is one of the most
popular ways to communicate, but it's also one of the most secure.
Spamming and phishing are the quickest and cheapest methods of communication, but they
can also be readily manipulated to transmit devastating viral attacks capable of destroying an
entire business network in minutes.
Some viruses, such as (the "I Love You" virus,) are distributed through seemingly harmless
e-mail communications and can run without human intervention. Attacks on "system security
that can be carried out via the internet" are technically defined as "attacks on system security
16

lOMoARcPSD|37123246
that can be carried out via the internet “Electronic mail" can be divided into the following
categories:
Active content attacks exploit a variety of active HTML (hypertext mark-up language) and
other scripting features and flaws.
Buffer overflow attacks are when an attacker sends something that is too large to fit within
the e-mail recipient's fixed-size memory buffer, hoping that the part that doesn't fit would
overwrite crucial information rather than being safely deleted.
Shell script attacks—where a snippet of a UNIX shell script is placed in the message headers
in the hopes that the instructions will be executed by an inadequately configured Unix mail
client.
Threats known as staged downloaders download and install other malicious malware onto a
compromised computer. These threats give attackers the ability to alter the downloaded
component to any form of threat that suits their goals or the profile of the computer being
attacked. For example, attackers can install a Trojan that distributes spam rather than one that
steals confidential information if the targeted machine contains no data of relevance.
Any later components that will be downloaded to execute the required duties can be changed
if the attackers' objectives change. A virus is a computer programme or code that repeats
itself on other files when it comes into contact.
A virus can harm an infected computer by deleting databases or files, destroying critical
computer components like the BIOS, or transmitting a message a pornographic message sent
to everyone in an infected computer's e-mail address book computer. Botnets were first used
in 2007, according to Wikipedia.
A bot is a programme that allows cyber criminals to take control of a victim's computer
without their knowledge. This happens when cyber criminals or hackers use a worm or a
virus to install programmes on the target's computer. These infected PCs are collected in
collections. Botnets are what they're called. It's possible that the botnets are being rented by a
hacker or spammer for cyber thieves or other hackers, making it difficult for authorities to
respond to track down the true criminal.
A BBC journalist studied the world of Botnets in March 2009. Thousands of Trojan horse
malware-infected PCs, largely residential Windows PCs connected via broadband Internet
connections, were investigated by the BBC team. These PCs were used to deliver the
majority of the world's spam e-mails, as well as DDoS attacks and blackmails against e-
commerce companies. The BBC team was able to rent a global botnet of over 21,000
malware-infected PCs. Because it was largely infecting machines in less developed countries
with fewer security measures installed, this botnet was reported to be quite inexpensive.
A key logger is a software program or hardware device that is used to monitor and log each of
the keys a user types into a computer keyboard. The user who installed the program or
hardware device can then view all keys typed in by that user because these programmes and
hardware devices track the keys pressed, a hacker can readily discover user passwords and
other information that the user may wish and believe to be confidential private.
17

lOMoARcPSD|37123246
Employers frequently use key loggers as a monitoring technique to guarantee that employees
only use work computers for business purposes. However, key loggers can be incorporated in
spyware, allowing data to be sent to an unidentified third party.
These tools are used by cyber thieves to trick potential targets into releasing sensitive
personal data and restore it for subsequent access to the user's workstation if the information
obtained included the target ID and password.
However, key loggers can be incorporated in spyware, allowing data to be sent to an
unidentified third party. These tools are used by cyber thieves to trick potential targets into
releasing sensitive personal data and restore it for subsequent access to the user's workstation.
1.19 CYBER LAWS IN INDIA
In a nutshell, cybercrime is any illegal activity in which a computer is used as a tool, a target,
or both. Traditional criminal behaviours such as theft, fraud, forgery, defamation, and
mischief, all of which are covered under the Indian Penal Code, might be included in cyber-
crimes. The Information Technology Act of 2000 addresses a variety of new age offences that
have arisen as a result of computer abuse. Cybercrime can be classified in two ways.
Utilizing a computer to attack other computers is known as using a computer as a target e.g.
Hacking, Virus/Worm attacks, DOS attacks, and other types of attacks are all possible.
Using a computer as a weapon: Using a computer to commit crimes in the real world. For
example, cyber terrorism, IPR violations, credit card frauds, electronic funds transfer scams,
and so on. Cyber law (also known as cyber law) refers to the legal issues surrounding the use
of communications technology, particularly "cyberspace," i.e. the Internet. It is an
intersection of numerous legal topics, including intellectual property, privacy, freedom of
expression, and jurisdiction, rather than an unique field of law like property or contract. In
essence, cyber law seeks to reconcile the issues posed by human behaviour on the Internet
with the historical legal framework that governs the physical world. When the Internet was
first conceived, the founders of the Internet had no idea that it would grow into an all-
encompassing revolution that might be used for criminal purposes and would demand
control.
There are a lot of disturbing things going on in online these days. Because of the Internet's
anonymous character, it is easy to participate in a wide range of criminal actions with
impunity, and those with intellect have been badly utilising this aspect of the Internet to
perpetuate illicit operations in cyberspace as a result, India requires Cyber laws.
Cyber law is significant because it encompasses nearly all elements of transactions and
activities on and with the Internet, the World Wide Web, and Cyberspace. At first glance,
Cyber laws may appear to be a highly technical field with little relevance to ordinary
Cyberspace operations.
The truth, on the other hand, is that nothing could be further from the truth. Every action and
reaction in Cyberspace has certain legal and Cyber legal implications, whether we recognise
it or not. The internet is similar to life. It's interesting, and we spend a lot of time here doing
fun activities, but it's not without its drawbacks.
18

lOMoARcPSD|37123246
With the advancement of technology and widespread Internet access, cybercrime has become
a fairly routine event. There are numerous ways in which we might become victims of
criminal cyber activity, ranging from breaking into computers to conducting fraudulent online
transactions.
1. Information technology act 2000
The Information Technology Act, 2000, was enacted by the Indian government to restrict
such acts that infringe an Internet user's rights. The Information Technology Act, which was
enacted in 2000, governs Indian cyber legislation. The main goal of this Act is to provide
ecommerce with trustworthy legal protection by making it easier to register real-time records
with the government. The ITA, which was passed by India's Parliament, emphasises the harsh
fines and penalties that protect the e-governance, e-banking, and e-commerce sectors. The
scope of ITA has now been expanded to include all of the most recent communication
devices.
Section 43-People who destroy computer systems without the owner's authorization are
subject to this law. In such instances, the owner is entitled to full recompense for the total
loss.
Section 66- If a person is found to have committed any of the acts listed in section 43
dishonestly or fraudulently, this section applies. In such cases, the penalty might be up to
three years in prison or a fine of up to Rs. 5 lakh.
Section 66B- includes the penalties for receiving stolen communication equipment or
computers in a fraudulent manner, which confirms a possible three-year sentence. Depending
on the severity, this term can also be followed by a fine of Rs. 1 lakh.
Section 66C- This section looks into identity thefts involving impostor digital signatures,
password hacking, and other unique identification elements. If found guilty, a three-year
sentence could be accompanied by a fine of Rs.1 lakh.
Section 66D- This section was added on the fly, with the goal of punishing cheaters who use
computer resources to impersonate others.
2. Indian penal code

The Indian Penal Code (IPC), 1860, and the Information Technology Act of 2000 are both
used to prosecute identity theft and related cyber offences. The IPC's main section on cyber
scams is as follows:
Section 464-forgery
Section 465- documentation is false
Section 468-forgery pre-planned for cheating
Section 469-reputation damage
Section 471-presenting a forged document as a evidence
3. Companies act 2013
19

lOMoARcPSD|37123246
The Companies Act of 2013 is referred to by business stakeholders as the legal requirement
for the refinement of daily operations. This Act's directives cement all required techno-legal
compliances, putting less compliant businesses in a legal bind.
The Companies Act of 2013 gave the SFIO (Serious Frauds Investigation Office) the
authority to prosecute Indian corporations and their directors. SFIOs have also become much
more proactive and harsh in this area after the notification of the Companies Inspection,
Investment, and Inquiry Rules, 2014.
All regulatory compliances, including cyber forensics, e-discovery, and cybersecurity
diligence, are well-covered by the legislature. The Companies (Management and
Administration) Rules, 2014 establishes tight requirements for corporate directors and leaders
in terms of cybersecurity obligations and responsibilities.
4. NIST Compliance
As the most trusted global certifying organisation, the National Institute of Standards and
Technology (NIST) has approved the Cybersecurity Framework (NCFS), which provides a
standardised approach to cybersecurity.
The NIST Cybersecurity Framework includes all necessary rules, standards, and best
practises for effectively managing cyber-related risks. The flexibility and cost-effectiveness
of this system are top priorities. It increases critical infrastructure resilience and protection
by:
Providing for better cybersecurity risk interpretation, management, and reduction — to
reduce data loss, data abuse, and subsequent restoration expenses.
Identifying the most crucial activities and operations in order to concentrate on securing them
Organizations that secure important assets must be able to demonstrate their trustworthiness.
Aids in the prioritisation of investments in order to maximise the cybersecurity return on
investment.
Regulatory and contractual requirements are addressed.
Supports the information security programme as a whole.
1.20 ISSUES WITH MODERN DAY CYBER LAWS IN INDIA

The Information Technology Act of 2000, which was last revised in 2008, governs India's
cyber laws. That was almost a decade ago. Unlike other laws that can be changed at any time,
Cybersecurity Laws are required to keep up with the industry's rapid advancements. These
laws in India haven't been revised in a long time. To briefly state what are some of the
weaknesses of the existing cyber laws in India:
All Social Networking Sites will be subject to the IT Act, and will be required to set up a
specialist team to react to Law Enforcement Agencies (LEAs) requests as swiftly as feasible.
All ISPs must preserve records for at least 180 days in order to provide service to LEAs.
20

lOMoARcPSD|37123246
Every district court must establish a Cyber Court to hear and give orders in situations where
the legal system cannot keep up.
Evidence in the Digital Age Digital evidence should be certified by authenticators. An
independent Bureau will be in charge of this.
India-based websites and services should have their own set of rules. This includes services
that are based in India but have a foreign origin.
Personal information about Indian residents should be stored on Indian servers. (In the US,
this is referred to as HIPAA compliance.)
Payment Systems and Financial Services should be subject to the IT Act's stringent
regulations, which include a 30-day resolution timeframe.
1.21 FUTURE OF CYBER LAWS IN INDIA
In recent years, cybercrime has increased dramatically, including phishing, identity theft, and
fraud. However, the existing laws do not provide enough or complete coverage. In addition,
we expect India's cybercrime penetration to become more consolidated.
In particular, we anticipate India's cybercrime penetration to become more consolidated. This
stresses the need for more effective and deterrent legal structures as well as stricter legislation
to combat cybercrime. One of the most anxiously awaited developments in Indian cyber law
is the National Cyber Security Strategy.
This strategy aspires to be a comprehensive set of guidelines for individuals, policymakers,
and other stakeholders, and even a follow-up to the 2013 National Cyber Security Policy. The
initiative will most likely offer more light on the optimal response mechanisms for
government and other companies to improve cyber security.
India will need to begin drafting a distinct national cyber security law as soon as possible.
The need for such a law is vital because it will be a key weapon in protecting India's cyber
security and cyber sovereign interests. In a time when many other countries have already
begun enacting specialised cyber security legislation, India is somewhat behind the curve. In
this case, appropriate action is required.
In the future, the government should focus on more effective methods to combat cybercrime.
More relevant improvements in Indian cyber law are also hoped for, including permitting
legal measures to handle the challenges posed by fast evolving technologies.
1.22 CASE STUDIES
1.
On September 20, 2007, IT experts attempted to reclaim control of the Maharashtra
government's hacked official website. The website http://www.maharashtragovernment.in
remained unavailable.
The Maharashtra government website has been hacked, according to Vice President Pastor
and Home Priest R.R Patil. He promised that the state government will investigate the
hacking and instructed the Digital Wrongdoing Branch to look into it. Patil stated that if
necessary, the state would recruit private IT experts in this area.
21

lOMoARcPSD|37123246
After re-establishing the site, the Middle Easterner News learned that programmers may have
obliterated the majority of the site's content. The hackers were identified as Program Cool Al-
Jazeera, according to IT officials, and they were based in Saudi Arabia. The official site has
been influenced by malware on a few occasions before, but has never been hacked, according
to a senior government IT officer.
People were misused through internet techniques for booking air tickets, and three people
were held accountable for the on-line Visa scam. The Digital Wrongdoing Examination Cell
in Pune aided these parties.
Mr. Parvesh Chauhan, an extra security officer with ICICI Prudential, gripped one of his
clients. According to information provided by the police, one of the clients received a
notification for purchasing airline tickets while his master card was in his possession. When
he learned of the problem, he went straight to the bank. The tickets were purchased via online
methods.
After further investigation, it was discovered that the data was obtained from the State Bank
of India. Shaikh worked in the Visa department and had access to the new client information.
He also told Kale about the information.
Kale then passed this information on to his friend Lukkad, who used the information to book
air tickets and sell them for the same amount of money. DCP Sunil Pulhari, the head of the
Digital Cell, was involved for eight days before catching the criminals.
In February 2017, a phishing attempt on UTI bank's website resulted in the bank being caught
in a phishing campaign. A geo cities URL was sent to the client's email addresses, requesting
personal details such as login Id and password. IT officials eventually learned that the page's
website admin was a man named Petr Stastny, whose email address could be seen on the
page.
The Monetary Office Wing of the Delhi Police has been alerted about the case, according to
top UTI bank officials. The bank has also enlisted the help of Melbourne-based Extortion
Watch Worldwide, a leading organisation that monitors phishing and works to prevent it.
2.
INDIA’S FIRST ATM CARD FRAUD
A group linked to digital malfeasance was nabbed by Chennai cops. Deepak Prem Manwani,
a 22-year-old man who was discovered breaking into an ATM in June, was apprehended by
the police. When he was apprehended, he had Rs 7.5 lakh in cash from two ATMs in
Chennai's The Nagar and Abiramipuram, according to the police report. He had already taken
Rs 50,000 from an ATM in Mumbai.
Manwani was a Pune-based MBA dropout who was hired by a Chennai-based corporation.
From a web bistro, he began his misdeeds. He had some European acquaintances who used to
send him $5 credit cards from a handful of different American banks. The administrator of
the European site devised an intriguing strategy to obtain the clients' individual ID numbers.
That institution drew a sizable following. Evidently, Manwani and other supporters got into
the arrangement of this pack and purchased a large amount of material on specified terms,
and are essentially in an agreement on a decent sharing foundation. Manwani also learnt how
22

lOMoARcPSD|37123246
to make 30 plastic cards with critical information on them, which he used to break into
ATMs.
The FEI launched an inquiry after receiving numerous complaints from charged Visa clients
and banks in the United States, and alerted the CBI in New Delhi that a universal pack had
evolved in India as well.
3.
CITIBANK MPHASIS CALL CENTER FRAUD IN PUNE
Ex-employees of MPhasiS Ltd Msource's BPO arm cheated Citibank's US customers to the
tune of Rs 1.5 crores. It was one of those cybercrime situations that sparked a slew of
questions, notably about the role of "Data Protection."
The crime was clearly perpetrated by gaining "Unauthorized Access" to the clients'
"Electronic Account Space." As a result, it falls within the heading of "Cyber Crimes."
Since any IPC offence committed with the use of "Electronic Documents" might be regarded
a crime with the use of "Written Documents," ITA-2000 is adaptable enough to accept parts
of crime not covered by ITA-2000 but covered by other statutes. In addition to the part in
ITA-2000, terms like "cheating," "conspiracy," "breach of trust," and so on apply in the
aforesaid instance.
The infraction is recognised in both Sections 66 and 43 of the ITA-2000. As a result, the
individuals involved are subject to imprisonment, fines, and a duty to pay damages to the
victims up to a maximum of Rs 1 crore per victim, for which the "Adjudication Process"
might be used.
4.
CASE OF SONY .SAMBANDH.COM
In 2013, India received its first cybercrime conviction. It all started when Sony India Private
Ltd, which controls the website www.sony-sambandh.com and targets Non-Resident Indians,
filed a complaint. NRIs can use the website to send Sony products to friends and relatives in
India after paying for them online.
The company guarantees that the products will be delivered to the intended recipients.
According to the cybercrime case study, in May 2002, someone using the name Barbara
Campa logged onto the website and ordered a Sony Colour Television and a cordless
headphone. She provided her credit card information and asked for the items to be sent to
Arif Azim in Noida. The credit card company cleared the payment, and the transaction was
completed. The items were delivered to Arif Azim after the company completed the necessary
due diligence and inspection procedures.
The company took digital images of Arif Azim accepting the item at the time of delivery. The
transaction was completed at that point, but after one and a half months, the credit card
company alerted the company that the purchase was unlawful because the genuine owner had
denied making it.
23

lOMoARcPSD|37123246
The company reported internet cheating to the Central Bureau of Investigation, which opened
an investigation under Indian Penal Code Sections 418, 419, and 420. Arif Azim was detained
once the case was examined. Arif Azim obtained the credit card number of an American
national while working at a call centre in Noida, which he exploited on the company's
website, according to investigations.
In this one-of-a-kind cyber fraud case, the CBI retrieved the colour television and cordless
headphone. The CBI had enough evidence to prove their case in this case, thus the accused
accepted his guilt. Arif Azim was found guilty under Sections 418, 419, and 420 of the Indian
Penal Code, marking the first time that cybercrime has been found guilty.
The court, on the other hand, believed that because the accused was a young boy of 24 years
old and a first-time offender, a liberal approach was required. As a result, the court sentenced
the accused to a year of probation.
The decision has enormous ramifications for the entire country. Apart from being the first
cybercrime conviction, it has demonstrated that the Indian Penal Code may be effectively
applied to some types of cybercrime that are not covered under the Information Technology
Act 2000. Second, a decision like this sends a strong message to everyone that the law cannot
be manipulated.
5.
CYBER ATTACK ON COSMOS BANK
In an extraordinarily daring cyber attack in August 2018, the Pune branch of Cosmos bank
was robbed of Rs 94 crores. The thieves were able to move the money to a Hong Kong bank
by hacking into the main server. In addition, the hackers gained access to the ATM server in
order to obtain information about numerous VISA and Rupay debit cards.
The switching system, which connects the centralised system to the payment gateway, was
hacked, which meant neither the bank nor the account holders were aware of the money
transfer.
According to the multinational cybercrime case study, a total of 14,000 transactions were
carried out using 450 cards across 28 countries. A total of 2,800 transactions were completed
across the country utilising 400 different cards.
This was the first malware attack of its sort, and it effectively shut down all connection
between the bank and the payment gateway.
6.
COMPUTER SOURCE DOCUMENTS WAS TEMPERED
Tata Indicom personnel were arrested in a case of manipulation involving the modification of
the electronic 32-bit number (ESN) that is programmed into cell phones. Reliance Intercom
was the target of the theft. The court later decided that because the source code was tampered
with, it was necessary to use Section 65 of the Information Technology Act.
7
24

lOMoARcPSD|37123246
BOMB HOAX MAIL

In 2009, the Cyber Crime Investigation Cell (CCIC) arrested a 15-year-old boy from
Bangalore for sending an email hoax. "I have put 5 bombs in Mumbai, you have two hours to
detect them," the child allegedly said in an email to a private news organisation. In relation to
the cyber situation in India, the competent authorities were alerted immediately, and the IP
address (Internet Protocol) was traced to Bangalore.
8.
A LOOK-LIKE WEBSITE
Sections 65, 66, 66A, C, and D of the Information Technology Act, as well as Sections 419
and 420 of the Indian Penal Code, were used to record a nine-person offence. A firm
representative in the business of trading and distribution of petrochemicals in India and
overseas had filed a report against the 9 accused of using a similar-looking website to carry
on the transaction, according to the complaint in this cyber fraud case in India.
The defendants waged a slander campaign against the company, resulting in losses of crores
of rupees from consumers, suppliers, and even producers.
9.
NASSCOM VS AJAY SOOD& OTHERS
The Delhi High Court declared phishing via the internet to be illegal in the case of National
Association of Software and Service Companies vs. Ajay Sood & Others, delivered in March
2005, resulting in an injunction and damages restitution. On the subject, a cybercrime case
study was done.
In order to set a precedent in India, the court defined phishing as a type of computer fraud in
which a person impersonates a genuine organisation, such as a bank or an insurance
company, in order to steal personal data from a customer, such as access codes, passwords,
and so on. Personal data obtained by misrepresenting the identity of the lawful party is
frequently exploited for the benefit of the collecting party.
The court further stated that common phishing scams involve people impersonating online
banks and syphoning money from e-banking accounts after duping customers into turning
over private financial information.
Despite the fact that there is no specific legislation in India that criminalises phishing, the
Delhi High Court declared it to be an illegal act, defining it as "a misrepresentation made in
the course of trade, leading to confusion as to the source and origin of the email, causing
immense harm, not only to the consumer, but also to the person whose name, identity, or
password is misused." The court ruled that phishing is a form of impersonation that tarnishes
the plaintiff's image.
The National Association of Software and Service Companies (Nasscom), India's top
software association, was the plaintiff in this lawsuit. The defendants ran a placement firm
that specialised in headhunting and recruitment. The defendants created and sent emails to
third parties in the name of Nasscom in order to gather personal data that they could utilise
for headhunting reasons.
25

lOMoARcPSD|37123246
The high court recognised the trademark rights of the plaintiff and passed an ex-parte ad
interim injunction restraining the defendants from using the trade name or any other name
deceptively similar to Nasscom. The court further restrained the defendants from holding
themselves out as being associated with or a part of Nasscom.
A commission was established by the court to search the defendants' homes. The local
commissioner assigned by the court took custody of two hard drives from the machines from
which the defendants sent false e-mails to various parties. The incriminating emails were
subsequently extracted from the hard drives and presented in court as evidence.
During the course of the Indian cyberlaw lawsuit, it became obvious that the defendants, in
whose names the illegal e-mails were sent, were false identities fabricated by an employee on
the defendants' orders in order to evade detection and legal action. Fictitious names were
removed from the list of defendants in the case after this fraudulent act was discovered.
Following that, the defendants admitted to their illegal actions, and the parties reached an
agreement by recording a compromise in the court proceedings. According to the terms of the
settlement, the defendants agreed to pay the plaintiff Rs1.6 million in damages for
infringement of the plaintiff's trademark rights.
The hard drives seized from the defendants' premises were also ordered to be handed over to
the plaintiff, who would be the rightful owner of the hard discs. These case achieves two
significant milestones: it places "phishing" within the scope of Indian law, despite the lack of
explicit legislation; and it dispels the myth that there is no "damages culture" in India for
infringement of intellectual property rights.
This decision supports IP owners' faith in the Indian court system's competence and desire to
safeguard intangible property rights, as well as sending a strong message to IP owners that
they can do business in India without surrendering their intellectual property rights.
10.
BANK NSP CASE
The Bank NSP case, in which a bank management trainee was engaged to be married, is one
of the most well-known cybercrime instances. Using the corporate computers, the pair
exchanged several emails. After they broke up, the girl made up fake email addresses like
"Indian bar associations" and sent emails to the boy's international clients. She did this on the
bank's computer. The boy's business lost a lot of customers, so he went to court against the
bank. The bank was found responsible for emails sent through its system.
1.23 STEPS TAKEN TO REDUCE CYBER CRIMES IN BANKING SECTOR

Examine the safety of the cloud-Verify your cloud infrastructure on a regular basis to make
sure it's up to current. Examine the current level of your cloud security, as well as best
practises and compliance standards. Multifactor authentication can be used to safeguard cloud
platforms and infrastructure.
Keep an eye on cloud security-A cyber risk management solution can be used to automate
threat detection and protect against possible threats before they become an issue.
26

lOMoARcPSD|37123246
Set up Strict Access Control Policies- Instead of allowing access to part-time workers,
contractors, and others, limit access to staff who truly require it. Strict Access Management
Policies are established by granting rights to personnel who need them to secure your
organisation from within.
Employee awareness is increasing-Banks must implement a comprehensive training
programme to educate their employees to deal with cyber-attacks.
Prepare a Disaster Recovery Plan-Having a backup plan for data protection can help you
avoid data loss and minimise downtime after an interruption. This is only possible if you
routinely backup your data.
Encrypt Your Information-Cryptography is one of the strategies for encrypting data and
ensuring the safety of your most sensitive digital assets.
Cybersecurity education-Cybersecurity training is essential for cybersecurity professionals to
improve their knowledge of pertinent information and to put their cyber-awareness to the test
by covering all areas of data security and keeping them up to date.
Educating to customers-The customer should be aware of various bank frauds, and steps
should be taken to educate them about security components so that they do not become
victims of cybercrime. The rate of cybercrime can be reduced if a client is aware and reports
a specific case of cybercrime promptly.
The norms and regulations of E-Managing an Account should be explained to a client.
Customers can be made aware of this via posting it on the bank's website, handing it out in
the mail, sending communications, and receiving training, among other methods.
Training the employees of bank-Banks must direct introduction programmes for their
employees. Misrepresentation counteractive action procedures must be made aware of the
personnel. It can be done more effectively by distributing pamphlets and periodicals. The
centre’s money-saving arrangement programming includes a discussion of the factors that
contribute to cybercrime and the steps that must be taken to prevent it.
International Collaboration to Combat Cybercrime-Since the internet is multinational in
nature, it necessitates cooperation between states to combat cybercrime. Despite the fact that
there are a few deals and consumption estimates, India has yet to develop a sound technique
that includes legal and technical measures as well as authoritative capabilities.
The expanded regional application of the IT Act of 2000 poses a problem in the examination,
arraignment, and expulsion of foreign nationals. India should effectively link as part of the
global cybercrime network focused on Asia, Europe, and America in order to seek assistance
and contribute to global cybercrime challenges.
Using strong passwords-Maintaining unique password and username combinations for each
account while resisting the urge to write them down. Weak passwords are easy to crack. The
following password combinations are more likely to be hacked.
Passwords can be created using keyboard patterns, such as -wrtdghu.
Using simple combinations -sana1999, jan2000, etc.
27

lOMoARcPSD|37123246
Using default passwords, such as- Hello123, Riya123, and so on.

Using the same password as the username, for example- riya_riya.
Protecting your identity online-When we provide personal information online, we must
exercise extreme caution. When giving out personal information on the Internet, such as your
name, address, phone number, and financial information, you must be cautious. When
making online purchases, etc., make sure that the websites are secure. When utilising social
networking sites, this involves permitting your privacy settings.
Changing password frequently-When it comes to passwords, don't use the same one every
time. You can update your password on a regular basis to make it more difficult for hackers to
access the password and the data stored on your computer.
Securing your phone-Many individuals are unaware that dangerous software, such as
computer viruses and hackers, can infect their mobile devices. Make sure you only download
apps from reputable websites.
Downloading software/applications from unknown sources is not recommended. It's also
critical that you keep your operating system current. Make sure you have anti-virus software
installed, as well as a secure lock screen. Otherwise, if you lose your phone, anyone can
access all of your personal information. Hackers can use your GPS to track your every move
by downloading malicious software.
Protect your computer security with software-Basic online security necessitates the use of a
variety of security applications. Firewall and antivirus software are examples of security
software. Normally, your computer's first line of defence is a firewall. It regulates who, what,
and where communication takes place on the internet. To secure your computer, it's best to
install security software from reputable sources.
Penalties-In New York State, penalties for computer-related offences can range from a fine
and a brief term of jail time for a Class A misdemeanours like unauthorised use of a computer
to a Class C felony like computer tampering in the first degree, which carries a sentence of 3
to 15 years in prison.
However, due to their inside knowledge of computer crime, some hackers have been hired as
information security specialists by private organisations, a development that might possibly
create perverse incentives.
One possible countermeasure is for courts to prohibit convicted hackers from using the
Internet or computers even after they have been released from prison – though, as computers
and the Internet become more and more integrated into daily life, this type of punishment
may be seen as harsher and draconian. Nuanced measures, on the other hand, have been
created to regulate cyber offenders' behaviour without resorting to complete computer or
Internet bans. Individuals are restricted to particular gadgets that are subject to computer
monitoring or searches by probation or parole officers under these procedures.
Diffusion of cybercrime-The wide spread of cybercriminal activity poses a problem in
detecting and prosecuting computer crimes. While hacker communities have widely
disseminated their information via the Internet, hacking has become less complex. Blogs and
28

lOMoARcPSD|37123246
groups have made a significant contribution to information sharing: newcomers can benefit
from the experience and advice of more experienced hackers.
However, hacking is more inexpensive than ever: prior to the cloud computing era, spamming
or scamming required a dedicated server, server management, network configuration, and
maintenance skills, knowledge of Internet service provider standards, and so on.
A mail software-as-a-service, on the other hand, is a scalable, low-cost, mass, and
transactional e-mail-sending service for marketing purposes that might easily be set up for
spam. A cybercriminal could use cloud computing to leverage his or her attack, such as brute-
forcing a password, expanding the reach of a botnet, or helping a spamming campaign.
Awareness-Criminals are increasingly attempting to steal sensitive information such as
banking or credit card information as technology progresses and more people rely on the
internet to keep sensitive information. People all throughout the world are growing more
vulnerable to cybercrime.
Raising knowledge of how information is safeguarded and the methods criminals use to steal
it is becoming increasingly important. There were 269,422 complaints filed with the FBI's
Internet Crime Complaint Centre in 2014. A total loss of $800,492,073 was stated when all
claims were added together.
Cybercrime, on the other hand, does not appear to be on the typical person's radar. There are
1.5 million cyber-attacks every year, which translates to almost 4,000 attacks per day, 170
attacks per hour, or roughly three attacks per minute, with research finding that only 16
percent of victims have asked the perpetrators to stop. Anyone who uses the internet for any
reason can become a victim, which is why it is critical to understand how to stay safe when
online.
CHAPTER 2- RESEARCH METHODOLGY
OBJECTIVES
 To identify if people are aware about the cybercrime which are taking place through
online mediums.
 To know what measure they have taken to prevent cybercrime or to protect their
systems from it.
29

lOMoARcPSD|37123246
 To analyse if they know about the cyber laws which are made for the people’s
welfare.
 For studying how much active they are on internet.
 To evaluate how much people are affected by cybercrimes.
SCOPE OF STUDY
The study's scope includes the current state of cybercrime in the India.as the scope of
cybercrimes is more offense. This study will make a significant impact on the cyber-
crimes. It will educate the policymakers, legislators and researchers about the issues and
problems for combating the crime. The findings of this research are designed to assist the
government in improving existing laws in relation to information as well as technological
security. This study will focus on the current state or future prospects of cybercrime and
prevention, as well as the effectiveness of laws, public awareness, and respect for laws
and government actions, all of which are recognised as major concerns of the day and
demand special attention. This current component is expected to be viewed as a critical
and important resource for personnel working on this topic. Individuals, particularly those
interested in and concerned about the field, will benefit from the study's conclusions. In
addition, this research will pave the path for a variety of other options. It will also help
the students to know about the cyber-crimes in India which are taking place .The laws
that have been made to control it will provide all the information.
LIMITATIONS
 The sample size covered is small.
 The study is limited to Mumbai region.
 Due to less time and less geographical boundaries data collected was limited.
 The survey is carried out in a limited amount of time.
 The study is conducted considering the prevailing conditions, which are subject to
change in future.
 This study focuses on the cyber-crimes in Indian e-banking sector only.it does not
cover the whole financial sector.
SIGNIFICANCE OF STUDY
30

lOMoARcPSD|37123246
This research is regarding customers view how much they know about the cyber-crimes
which are happening in today’s world like hacking, phishing debit and credit card fraud, atm
fraud, automatic deduction of money, etc. It will also highlight their concerns about security,
privacy, and the secrecy of their personal information, as well as the possible benefits, such as
how this technology will allow users to multitask and operate with their hands free, resulting
in a better experience industry understanding because it will have access to a massive amount
of data and information. It advises its consumers to purchase the appropriate level of security.
This survey can assist in answering people's questions and concerns, as well as resolving
issues, thereby retaining and educating them about technology.
It will make them aware of the software. People will get to know that they can install
antivirus software in their system. Banking sector will modify their system making the
security high they will get to know about the consumers’ point of view in online banking. It
will make them understand why some of the consumers are not doing online banking.
Hence this study will in making changes in system they will get clear perception to some
extent and in future more people will start online banking.
RESEARCH METHODS
UNIVERSE MUMBAI
31

lOMoARcPSD|37123246
SOURCES OF DATA PRIMARY AND SECONDARY DATA

COLLECTION
METHOD OF PRIMARY DATA QUESTIONNAIRE

COLLECTION
METHOD OF SAMPLING CONVENIENCE SAMPLING / SIMPLE

RANDOM SAMPLING
TOTAL NO.OF RESPONDENTS 101
NO. OF QUESTIONS IN THE 17

GOOGLE FORM
METHOD FOR ANALYSING ANALYSIS OF GOOGLE FORM

PRIMARY DATA
METHOD USED FOR E-PAPERS,E- MAGAZINE, ARTICLES

COLLECTING SECONDARY JOURNALS. ONLINE WEBSITES
DATA
3. REVIEW OF LITERATURE
CYBER CRIME CHANGING EVERYTHING –AN EMPRICAL STUDY (NEELESH

JAIN)
MARCH 2014
The Internet is frequently described as a fantastic tool, a fun place to visit, and a liberated
experience...... but for whom? Many of us are at risk of being victims of the growing number
32

lOMoARcPSD|37123246
of crooks who are adept at navigating the Internet. Cyberspace, also known as the World
Wide Web, is an intangible and dynamic environment. This study contends that cyber-crime,
often known as e-crime, is a new type of company that employs high-tech criminals. This
paper examines an overall view of cybercrime, the culprits of cybercrime, and their
motivations. I also want to discuss in detail the various cybercrimes, as well as the unique
challenges and response issues that may be encountered during the prevention, detection, and
investigation. It also outlines the various sections of India's IT Act 2000 and proposes new
provisions. Cyber-crime chances have grown in parallel with the spectacular rise of the
Internet. Computer crimes increasingly encompass extortion, child pornography, money
laundering, fraud, software piracy, and corporate espionage, to mention a few, as a result of
the fast use of the Internet around the world.
CYBER CRIME: A GROWING THREAT TO INDIAN BANKING SECTOR (MRS.S

KALPANA) DEC 2020
Communication and information our daily lives have become increasingly reliant on
technology. Almost everyone now has access to the internet, thanks to the low cost of
broadband and smart phones, which connects millions of online users all over the world. The
growing use of the internet has we've also become more vulnerable to cyber-threats. Web
technology has now become a vital and necessary aspect of the Indian banking industry. The
global expansion of non-cash transactions has resulted in the continual development of
reliable online payment systems. Cybercrime has increased dramatically in recent years
across all industries and geographies. A simple lapse or omission in managing our digital
lives might lead to cybercrime and, as a result, financial loss. As a result, whenever we link
digitally to the outside world, whether for financial transactions, social networking, or other
purposes, we must be watchful and cautious. Playing video games or looking for information
on the internet. Customers are also concerned about malware threats. Customers have
reservations about the security system's ability to provide reliable internet banking services.
The success of the Information System in internet banking as well as the security challenges
it faces were examined. This paper provides a summary of cybercrime in the E-banking
sector, as well as basic advice on how to avoid being a victim of cybercrime.
DIGITAL TRADE VS CYBER NATIONALISM (EMERALD PUBLISHING

LIMITED) FEB 2019
It is apparent that the digital economy fits into the commerce framework in many ways. We
can investigate how digital platforms and cross-border information flows establish
transnational marketplaces and affect foreign investment patterns. Most information products
and services are commercialised and exchanged between countries. We can also try to think
of information as a factor of production and evaluate its flows in the same way we do with
33

lOMoARcPSD|37123246
data flows of capital or labour. The trading model, on the other hand, has flaws. It places a
premium on national borders in a way that contradicts the international nature of digital
interactions. Specifically, It is unavoidable that some will perceive or construe quantitative
studies of Web information flows, such as the data shown above, as a troubling "trade
imbalance" that requires policy remedies to "equalise" the flow between countries. This will
very certainly result in restrictive policies that create national barriers to the flow of data. It is
necessary to define a concept of digital exchanges among online users before studying
"international trade" in the digital economy. An open and liberal digital economy increases
the potential for specialised human exchanges of information and ideas, as well as
commercial items, by maximising the options for digital exchanges as well as services.
People may "search, receive, and impart information and ideas [...] regardless of frontiers,"
and the myriad activities permitted by that capability are the foundation of both social and
commercial value. The social, communicative, and productive capabilities produced by
unrestricted information flows is a by product of the economic value. Individuals and groups
can communicate freely through a discovery process to unleash new sources of value for
entrepreneurs In this regard, open digital exchange plays an important role component of
human rights. The internet's international nature is owing in part to the historical accident of
how the internet emerged, and in part to the high transaction costs involved with attempts to
border digital information flows.
4. DATA ANALYSIS, INTERPRETATION, AND PRSENTATION
The data gathered by the researcher from multiple respondents was analysed in order to draw
findings and to provide recommendations.
34

lOMoARcPSD|37123246
The collected data has been analysed and evaluated in this chapter to better understand the
respondents' perspectives on the topic cyber-crimes in banking sector how much they know
about these crimes what measures they have taken how much time they have become victim.
In this data it is also shown that how much percent of people are aware about the laws which
have been made for the public welfare.
The information gathered has been organised into tables and can be analysed using pie charts
and bar graphs.
The data collected resulted in the creation of 17charts in all. The following sections provide a
brief description of the analysis and interpretation.
CLASSIFICATION OF RESPONDENTS ON THE BASIS OF THEIR AGE

GROUP
SR. NO. AGE NO.OF RESPONDENTS PERCENTAGE

1 18-24 73 72.3%
35

lOMoARcPSD|37123246
2 25-34 23 22.8%
3 35-50 5 5%
4 50 & ABOVE 0 0
TOTAL 101 100%
AGE
THE ABOVE PIE CHART REPRESENTS THE AGE OF THE

RESPONDENTS
The age of a person influences their level of knowledge, work experience, and exposure, all
of which change due to varied perspectives on various areas of cybercrime in the banking
sector.
The age profile variables were separated into four groups, as follows: 18-24, 25-34, 35-50,
and 50 above years of age.
From the above chart, it can be seen that the maximum no. of responses were from 18-24 that
is 72.3% out of total responses. Therefore it indicates that maximum no.of respondents were
of young age and much active on internet.
CLASSIFICATION OF RESPODENTS ACCORDING TO THEIR GENDER
36

lOMoARcPSD|37123246
SR . GENDER NO.OF PERCENTAGE

NO. RESPONDENTS
1 MALE 40 60.4%
2 FEMALE 61 39.6%
3 PREFER NOT TO SAY 0 0
TOTAL 101 100%
ABOVE PIE CHART REPRESENTS THE GENDER OF THE RESPONDENTS

Another one of the profiles in this study is the gender of the respondents. To learn about their
viewpoint on cyber-crimes. It can be seen from the pie chart that the number of female
respondents is greater than the number of male respondents.
Number of female respondents are 61 whereas number of male are 40.
CLASSIFICATION OF DATA ON THE BASIS OF THEIR AWARENESS

SR.N AWARENESSOF NO.OF PERCENTAGE
O RESPONDENTS RESPONDENTS
1 YES 65 64.4%
2 NO 19 18.8%
3 MAYBE 17 16.8%
37

lOMoARcPSD|37123246
TOTAL 101 100%
THE ABOVE CHART SHOWS THE AWRENESS REGARDING CYBER-CRIMES

The above figure shows the division according to their awareness of cyber-crimes. From the
above figure we can conclude that 64.4% of people are aware about the cyber-crimes, 18.8%
of people are still not aware about it completely and 16.8% of have responded maybe option
we can conclude that they are partially aware about the cyber- crimes.
This means that we still need to focus on giving knowledge to people about the crimes.
38

lOMoARcPSD|37123246
CLASSIFICATION OF DATA ACCORDING TO THEIR ACTIVENESS ON

INTERNET
SR.NO ACTIVE ON INTERNET NO.OF RESPONDENTS PERCENTAGE
1 1-2 HOURS 22 21.8%

2 3-5 HOURS 35 34.7%
3 5-10 HOURS 27 26.7%
4 MORE THAN 10 HOURS 17 16.8%
TOTAL 101 100%
PIE CHART SHOWS THE CLASSIFICATION ON THE BASIS OF HOW MUCH ACTIVE
THEY ARE ON INTERNET
The diagram shows the division of number of hours spent on internet by the people.
In this we can see that 21.8% spent 1-2 hours, 34.7% spent 3-5 hours, 26.7% spent 5-10
hours, 16.8% spent more than 10 hours on the internet. Most of the people spent 3-5 hours on
the internet but some people are there who spent more than 10 hours on internet.
People are much rely on internet today that’s why they spent maximum number of hours on
the internet.
39

lOMoARcPSD|37123246
CLASSIFICATION ON THE BASIS OF TYPES OF CRIMES

SR.N TYPES OF CYBER NO. OF PERCENTAGE
O CRIMES RESPONDENTS
1 CYBER STALKING 48 47.5%
2 PHISING 33 32.7%
3 IDENTIFY THEFT 41 40.6%
4 DATA BREACH 39 38.6%
5 HACKING 64 63.4%
6 CREDIT OR DEBIT CARD 60 59.4%
FRAUD
7 ALL THE ABOVE 39 38.6%
BAR DIAGRAM SHOWS DIVISION ACCORDING TO THE PEOPLE’S

OPINION ABOUT WHICH THEY HAVE HEARD
From the above figure we can see that respondents have heard about these cyber-crimes.
These cyber –crimes are most common crimes that happen with the people. The respondents
were given these option so that we get to know about which crimes they have heard so far.
Most number of people have heard about the hacking, credit and debit fraud is second, and
phishing is low among them they have selected the option which they have heard. On an
average we can say that they have heard all of these crimes which are mentioned in the
options .So we can conclude that they have heard about the crimes which are happening
around them.
40

lOMoARcPSD|37123246
CLASSIFICATION ON THE BASIS OF THERE VIEWS ON USING

INTERNET
ON STATEMENT 1-Is it important to use secure browser while doing online work
SR.NO ON USING NO.OF RESPONSES PERCENTAGE

INTERNET/BROWSE
R
1 AGREE 90 90%
2 NEUTRAL 8 8%
3 DISAGREE 3 3%
ON STATEMENT 2- Is it necessary to have a strong password in your online accounts
SR.N ON USING NO.OF PERCENTAGE

O INTERNET/BROWSER RESPONSES
1 AGREE 87 87%
2 NEUTRAL 12 12%
3 DISAGREE 2 2%
ON STATEMENT 3- While using internet do you think your information is safe.
SR.NO ON USING NO.OF PERCENTAGE

INTERNET/BROWSE RESPONSES
R
1 AGREE 28 28%
2 NEUTRAL 37 37%
41

lOMoARcPSD|37123246
3 DISAGREE 36 36%
ABOVE DIAGRAM SHOWS THAT ON WHICH STATEMENTS PEOPLE

AGREE/DISAGREE
In statement one most of the people agree that it is important that we should use secure
browser when we are doing online work it reduces the risk of cyber-attacks. From second
statement we can say that 87 people agree to use strong passwords for their accounts .hackers
cannot easily access the accounts which have strong passwords whereas keeping easy
passwords increase the risk of hacking. And from the last statement we can conclude that 28
people agree that information is safe, 37 says neutral because they might be thinking that
maybe the information is safe but not fully safe, and 36 people disagree they think that data is
not Safe in internet .we should take these views in mind and we can come up with some
solutions for them.
CLASSIFICATION ON THE BASIS OF FINANCIAL LOSS IN ONLINE

TRANSACTION
SR.NO FINANCIAL LOSS NO.OF PERCENTAGE
RESPONDENTS
1 NEVER 66 65.3%t
2 OVERCHARGED 14 13.9%
3 FRAUD VIA 12 11.9%

MERCHANDISE
42

lOMoARcPSD|37123246
4 MONEY AUTOMATIC 9 8.9%

DEDUCTED
TOTAL 101 100%
THE ABOVE PIE CHART SHOWS THE PERCENTAGE OF FINANCIAL LOSS FACED
BY RESPONDENTS
In the above picture it can be seen that 65.3% people have never faced financial loss in online
transaction. It maybe because they have taken all necessary measures for their system and
accounts or maybe they are aware about the cyber – crimes .8.9% people’s money is
automatic deducted overcharged , 11.9% have faced fraud via merchandise, 13.9%
overcharged. They have faced these because maybe they are not aware about the crimes
which take place online and they have not taken a necessary measures for them.
CLASSIFICATION ON THE BASIS OF MALPRACTICES
SR.N MALPRACTICES NO.OF PERCENTAGE

O RESPONSES
1 TROJAN OR MALWARE 25 24.8%
2 SPAM MAIL 47 46.5%
3 PUBLISHING OBSELETE 15 14.9%

THINGS
43

lOMoARcPSD|37123246
4 CONFIDENTIAL 19 18.8%
INFORMATION HACKED
5 NEVER EXPERIENCED 39 38.6%
ABOVE DIAGRAM REPRESENTS THE MALPRACTTICES EXPERIENCED BY THE

RESPONDENTS
The above bar diagram shows the malpractices experienced by the people.
Most of them have experienced the auto generated mail to their inbox that is spam, it is
frequently observed that spam mail are sent to the people to do wrong things online and
people even believe that mail and respond it.24.8% experienced the malware, 18.8% have
experienced hacking of their account it maybe because they have not kept strong password of
their accounts. 14.9% have faced obsolete things posted in their accounts. 38.6% have never
experienced these malpractices.
44

lOMoARcPSD|37123246
CLASSIFICATION ON THE BASIS OF ONLINE TRANSACTIONS
SR.NO. STOPPED ONLINE NO.OF PERCENTAGE

TRANSACTIONS RESPONSES
1 YES 30 29.7%
2 NO 71 70.3%
TOTAL 101
41
THE ABOVE PIE CHART SHOWS THE VIEW POINT ON ONLINE TRANSACTION
STOPPED
45

lOMoARcPSD|37123246
The above pie chart shows that what percent of people have stopped using online transactions
after experiencing the malpractices of cyber-crimes which are mentioned in the previous
question like malware or Trojan, spam mail, confidential information being hacked.
This pie chart shows that 70.3% have stopped because they might be afraid now that they will
experienced these things again. 29.7% said no maybe they are taking measure now while
doing online transactions.
CLASSIFICATION ON THE BASIS IF THEY WILL RESUME ONLINE

TRANSACTION
SR.NO RESUME ONLINE NO.OF PERCENTAGE

TRANSACTION RESPONSES
1 YES 65 64.4%
2 NO 12 11.9%
3 MAYBE 24 23.8%
TOTAL 101 100%
ABOVE PIE CHART SHOWS THE DIVISION ACCORDING TO RESPONDENTS WILL

RESUME ONLINE OR NOT
This pie chart shows that 64.4% respondents says that they will resume online transactions ,
11.9% says no and 23.8% says maybe they will resume .in today’s world online transactions
46

lOMoARcPSD|37123246
have become necessary everything has become online we can easily get anything online .
Even return policies are also provided to the people. In the period of covid online things have
become useful and proven beneficial to people.
47

lOMoARcPSD|37123246
CLASSIFICATION ON THE BASIS OF VICTIM

SR.NO. NO.OF TIMES BECOME NO.OF PERCENTAGE
VICTIM RESPONSES
1 1 TIMES 78 77.2%
2 2 TIMES 15 14.9%
3 2-5 TIMES 8 7.9%
4 MORE THAN 5 TIMES 0 0
TOTAL 101 100%
ABOVE PIE CHART SHOWS THAT HOW MANY TIMES THEY HAVE BECOME
VICTIM
The pie chart shows the division according to how many times they have been victim of
cyber-crimes 77.2% respondents have become at least one time victim of crime 14.9%
become 2 times victim and 7.9% 2-5 times . On an average we can say that the 80% of the
average respondents have become the victim of cyber- crimes.
48

lOMoARcPSD|37123246
CLASSIFICATION ON THE BASIS OF MEASURES TAKEN
SR.NO. MEASURES TAKEN NO.OF RESPONSES PERCENTAGE

1 YES 64 63.4%
2 NO 18 17.8%
3 MAYBE 19 18.8%
TOTAL 101 100%
THE ABOVE PIE CHART SHOWS THE VIEWS ON MEASURES TAKEN

The pie chart shows that 63.4% respondents are taking measure to protect themselves from
cyber-crimes .17.8% claims that no action has being taken by them. 18.8% thinks that maybe
they should take the measure. It is important that we should take measures to protect
ourselves from the cyber-crimes. So that in future we did not face any complications.
49

lOMoARcPSD|37123246
CLASSIFICATION ON THE BASIS OF ANTIVIRUS SOFTWARE
SR.NO. INSTALLED ANTIVIRUS NO.OF PERCENTAGE

RESPONSES
1 YES 65 64.4%
2 NO 36 35.6%
TOTAL 101 100%
THE PIE CHART ABOVE INDICATES HOW MANY RESPONDENTS HAVE

INSTALLED ANTIVIRUS PROTECTION.
The pie chart tell the percentage of respondents who have installed the antivirus software for
protection from cyber-crimes. 64.4 percent of respondents indicated they have installed it.
While 35.6% did not installed that means they are not much aware about antivirus software or
they might don’t know the advantage of it. An antivirus programme is a programme that
scans your computer or laptop for viruses and other harmful software and removes it. As a
result, it's critical to install antivirus software and maintain it up to date in order to secure
your data and equipment.
50

lOMoARcPSD|37123246
CLASSIFICATION ON THE STEPS TAKEN TO PROTECT SYSTEMS

SR.N STEPS TAKEN NO.OF PERCENTAGE
O RESPONSES
1 INSTALLED ANTIVIRUS 41 40.6%
2 STRONG PASSWORD 66 65.3%
3 NEVER SHARED OTP 57 56.4%
4 FIREWALL SYSTEM 28 27.7%
5 USING SECURE 38 37.6%
SYSYTEM
6 UPDATING SOFTWARE 50 49.5%
7 ALL THE ABOVE 42 41.6%
THE ABOVE PICTURE SHOWS THE STEPS TAKEN FOR PROTECTING

The bar diagram shows various steps taken by the respondents to protect their systems.
Many respondents have kept their password strong that is 65.3%, 40.6% installed antivirus,
56.4% never shared otp, 27.7% have firewall system, 37.6% are using secure system, and
41.6% are taking all the steps which are mentioned in options. It is important that we should
all the steps which are needed to protect our system.
51

lOMoARcPSD|37123246
CLASSIFICATION ON THE BASIS OF CYBER LAWS
SR.NO. AWARE ABOUT LAWS NO.OF RESPONSES PERCENTAGE

1 YES 48 47.5%
2 NO 32 31.7%
3 MAYBE 21 20.8%
TOTAL 101 100%
THE ABOVE PIE CHART SHOWS THE DIVISION ACCORDING TO HOW MUCH
FAMILIAR THEY ARE WITH LAWS
Cyber law is significant because it encompasses nearly all elements of transactions and
activities on and with the Internet, the World Wide Web, and Cyberspace. At first glance,
Cyber laws may appear to be a highly technical area with little relevance to ordinary
cyberspace operations. 47.5% says that they are familiar with laws, 31.7% said no and 20.8%
are maybe aware it means that they are not fully familiar aware about it.
52

lOMoARcPSD|37123246
CLASSIFICATION ON THE BASIS OF LAWS ARE HOW MUCH

EFFECTIVE
1 IS LESS EFFECTIVE AND 5 IS MORE EFFECTIVE
SR.N RATING ON NO.OF PERCENTAGE

O EFFECTIVENESS RESPONSES
1 1 RATING 1O 9.9%
2 2 RATING 22 21.8%
3 3 RATING 31 30.7%
4 4 RATING 24 23.8%
5 5 RATING 14 13.9%
TOTAL 101 100%
BAR DIAGRAM SHOWS THE NO.OF RESPODENTS GIVEN RATING ON BASIS OF

CYBER LAWS IN EFFECT
The above bar diagrams shows the rating according to the respondents. They have assigned
the ranking based on the laws that have been enacted and are able to control cybercrime.
30.7% have given 3 rating it shows that laws which are made is able to control cyber-crimes
to some extent of it. Some of think that laws are not able to control the crime they have given
1 rating 9.9%. 5 rating is also given by the respondents that is 13.9%. Some of the
respondents thinks that laws are fully able to control the cyber- crimes.
53

lOMoARcPSD|37123246
CLASSIFICATION ON THE BASIS OF HOW TO CONTROL THE CYBER –

CRIMES
SR.N MEASURES TO CONTROL NO.OF PERCENTAGE

O RESPONSES
1 CAMPAIGN 44 43.6%
2 EDUCATING THEM 70 69.3%
3 TEACHING TO USE 68 67.3%
INTERNET
4 CHECKING LINK 51 50.5%
5 USING SECURED 65 64.4%

WEBSITES
THE ABOVE BAR DIAGRAM SHOWS THAT WHAT CAN BE DONE TO CONTROL
CYBER-CRIMES
The above bar diagram shows the percentage of respondents given view about what can be
done to control the cyber-crimes in India.69.3% believe that we should educate the people
about it. 67.3% says that teaching to use how we should use internet, 64.4% respondents
believe that we should use secured websites , using secured websites is very much important
as it keeps our information safe and reduces the chance of frauds, 50.5% agree with using
checking link before we do anything online. 43.6% says that campaign should be there. In
future government should start campaign for people to make them aware about the cyber –
crimes.
54

lOMoARcPSD|37123246
5. CONCLUSION AND SUGGESTION
Conclusion
When social media first became popular in the early 2000s, cybercrime exploded. The inflow
of people placing all the information they could into a profile database resulted in a flood of
personal information and an increase in ID theft. Thieves exploited the information to get
access to bank accounts, create credit cards, and commit other types of financial crime.
The creation of an annual worldwide crime organisation worth over half a trillion dollars is
the new trend. These criminals operate in groups, employ well-worn strategies, and target
anything and everyone with a web presence. Although the RBI and the government are taking
aggressive measures to combat cyber-attacks, they are also adapting to newer technological
developments such as cryptocurrencies and block chain. As a result, the demand for
cybersecurity as part of the design architecture grows, with the goal of detecting attacks in
real time rather than fixing the damage. Cyber-crime, or criminal activity on the internet, is
one of India's and international law enforcement's biggest challenges in the future. As ICT
becomes more extensive, electronic crime will become more prevalent in all types of criminal
conduct, including what are today considered more traditional offences. It is already used in a
variety of transnational crimes like as drug trafficking, human smuggling, terrorism, and
money laundering. Even in traditional crimes, digital evidence will become more widespread,
and we must be prepared to deal with this new problem. To ensure Internet safety and
security, law enforcement agencies around the world are collaborating to create new
partnerships, forensic procedures, and responses to cyber-crime. To detect, prevent, and
respond to cybercrime, new skills, technologies, and investigative approaches will be needed
in a global environment. New types of crime, a considerably greater scope and scale of
offending and victimisation, the need to respond much more quickly, and significant technical
and legal complications will all characterise this "new business." To solve the severe
jurisdictional concerns, creative solutions such as the construction of "cyber cops," "cyber
courts," and "cyber judges" may be required. However, I believe that cybercrime is a more
severe crime than real-life crimes because it affects millions of people at once. In reality, it
only affects a small number of people.
55

lOMoARcPSD|37123246
SUGGESTIONS
1. Instead of involving the branches for rapid and strict activities, the society could report
these incidents to the Digital Wrongdoing Branch.
2. Initiatives should be created to raise public awareness of current and future events.
3. To put an end to these problems and punish the perpetrators, strict penalties should be
implemented
4. The legislation should monitor the operation of massive information banks.
5. Cases should be resolved quickly in order to address grievances and instil confidence in the
general public.
6. The enforcement of the law should be strict, and such wrongdoings should be monitored
on a regular basis.
7. Campaign should be setup by the government related to cyber – crimes information’s.
8. Educating them through advertisements, social media is good option because people
believe it easily nowadays.
9. Installing antivirus software should be made mandatory so that in future they will not
become victims of cyber- crimes.
10. People should know where, how, when they should file a complaint.
56

lOMoARcPSD|37123246
APPENDIX
QUESTIONNAIRE: CYBER CRIMES IN BANKING SECTOR
57

lOMoARcPSD|37123246
58

lOMoARcPSD|37123246
59

lOMoARcPSD|37123246
57
60

lOMoARcPSD|37123246
61

lOMoARcPSD|37123246
62

lOMoARcPSD|37123246
BIBLIOGRAPHY
https://en.wikipedia.org/wiki/Cybercrime
https://www.legalserviceindia.com/legal/article-3073-cyber-frauds-in-the-indian-banking-
industry.html
https://www.jigsawacademy.com/blogs/cyber-security/history-of-cybercrime/
https://www.mygreatlearning.com/blog/biggest-cyber-security-threats-indian-banking-sector/
https://www.business-standard.com/article/technology/india-becomes-favourite-destination-
for-cyber-criminals-amid-covid-19-121040501218_1.html
https://www.infosecawareness.in/cyber-laws-of-india
http://appknox.com/blog/cybersecurity-laws-in-india
https://www.cyberralegalservices.com/detail-casestudies.php
https://www.geeksforgeeks.org/cybercrime-causes-and-measures-to-prevent-it/
https://www.cs.tufts.edu/comp/116/archive/fall2017/cmcbrien.pdf
https://www.emerald.com/insight/content/doi/10.1108/JCRPP-12-2019-0070/full/html
https://www.ijser.org/researchpaper/Cyber-Crime-in-India-An-Empirical-Study.pdf
https://www.researchgate.net/publication/275709598_CYBER_CRIME_CHANGING_EVER
YTHING_-_AN_EMPIRICAL_STUDY
https://www.jetir.org/papers/JETIR2012332.pdf
https://ebookcentral.proquest.com/lib/inflibnet-ebooks/reader.action?
docID=5734579&query=cyber+crimes
Reference from- cyber-crime and cyber terrorism investigator’s handbook author- Babak,
Akhgar, Andrew, Stainforth, and Francesca Bosco publisher-(Elsevier Science & Technology
Books) date- 08/12/2014
63

Supriya Maurya Tybbi Black Book Project

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Supriya Maurya Tybbi Black Book Project

Uploaded by

Copyright:

Available Formats

lOMoARcPSD|37123246

Supriya maurya tybbi black book project

M.Com Banking and Insurance (University of Mumbai)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university

SR.NO TITLE PAGE

1.2 Cyber terrorism 3

1.5 Computer as a Target 5

1.6 Computer As a Tool 5

1.7 Ad- Fraud 5

1.9 Cyber Crime In Banking Sector 6

1.10 Internet Banking In India 9

1.11 Impact Of Cyber- crimes In Banking Sector 10

1.13 Years of Cyber – crimes 11

1.14 Effects on Cyber – crimes During Covid 12

1.16 Effects on Cyber – crimes After Covid 15

1.17 State Wise Cyber – crimes Cases 15

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

1.18 Cyber Attacks Tools and Methods 16

1.19 Cyber Laws In India 17

1.20 Issues With Modern Day Laws In India 20

1.23 Steps Taken To Reduce Cyber crimes In Banking 26

2.4 Significance Of Study 30

2.5 Research Methods 31

6.1 Questionnaire 55-61

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

CYBER CRIMES IN BANKING SECTOR

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

1.5 COMPUTER AS A TARGET

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

THIS IMAGE IS FROM ECONOMIC TIMES

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

THIS IMAGE IS FROM TIMES OF INDIA

3. UIDAI aadhaar software hacked

4. SIM swap scam

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

60000 1.16 EFFECT ON CYBER-

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

2. Indian penal code

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

1.20 ISSUES WITH MODERN DAY CYBER LAWS IN INDIA

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

BOMB HOAX MAIL

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

1.23 STEPS TAKEN TO REDUCE CYBER CRIMES IN BANKING SECTOR

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)

Downloaded by Harsh Ravadka (ravadkaharsh6@gmail.com)