cyber laws

7 Steps for recovering your money if “You” are a Victim of an Online Recruitment Scam

-Advocate Puneet Bhasin, Cyber Law Expert, Cyberjure Legal Counsulting

contact.cyberjure@gmail.com

http://www.cyberjure.com

http://www.indiancyberlawyer.wordpress.com

scamjob

With the advent of cyberspace, the number of online scams are on the rise and online recruitment scams being a major cyber crime with rising statistics.

A typical scam email or advertisement will mention a spoofed email id of a reputed company and will either offer you a job via email, or will place a newspaper advertisement with the contact email id for victims to fall prey.

On responding to such an email, a victim will receive a positive response and will be asked to deposit a refundable amount of money in a specified bank account for securing the job. Once the money is deposited, the recruitment scammer disappears for good and your money is gone!

No real job requires any kind of fee, including administrative, visa processing, work permits, certificates, authorizations, “Affidavit of Guarantee”, “Letter of Attestation”, “Affidavit of Oath” “Affirmation”, or other legal or immigration fees.  No real company ever requires you to make a “refundable” deposit before you are interviewed.  No real company says it will reimburse you for expenses!  As soon as you are asked to pay any money for anything, including a visa or work permit, that tells you there is no job, it is a scam! 

However, Cyber Laws has a legal recourse to recover your money if you are a victim of such scams.

Online Recruitment Scammers can be booked under the provisions of the Information Technology Act, 2000 and The Indian Penal Code.

Simply following the 7 steps given below can help you recover your money:

  1. File a complaint with the Cyber Crime Cell to trace the ip address from which you received the scam email.
  2. Submit a Customer Dispute Resolution Form with the Bank from where you have transferred the money.
  3. Make a complaint to the Bank in which the Scammer has a bank account, where you have transferred the money.
  4. File a Complaint before the Adjudicating Officer, Information Technology Act, 2000 against the Bank where the scammers bank account is functional, along with making the ip address a party so that the Court orders a tracing of the ip address.
  5. The Court will further conduct an enquiry into your complaint and the matter will be heard and decided within a period of 6 to 9 months.
  6. The Complaint should be filed in the format as specified in The Information Technology (Qualification and Experience of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003; which is as follows:

 PROFORMA FOR COMPLAINT TO ADJUDICATING OFFICER

UNDER INFORMATION TECHNOLOGY ACT – 2000

I Name of the Complainant

  1. E-mail address
  2. Telephone No.
  3. Address for correspondence
  4. Digital Signature Certificate, if any

II Name of the Respondent

         E-mail address

  1. Telephone No.
  2. Address for correspondence
  3. Digital Signature Certificate, if any

III Damages claimed

Fee deposited

Demand Draft No.____________dated __________Branch__

IV Complaint under Section/Rule/Direction/Order et

V Time of Contravention

VI Place of Contravention

VII Cause of action

VIII Brief facts of the case

 

 (Signature of the Complainant)

  1. The Application Fees for filing a Complaint is Rs. 50 and depending on the claim amount a court fees is payable.

Disclaimer: This article does not constitute legal advice and does not constitute an Attorney-Client relationship between the author and reader. Rights of photo in article belong to http://www.eventspeak.com

Advertisements

Online Banking Scams: Legal Recourse for a Victim

-Advocate Puneet Bhasin, Cyber Law Expert, Cyberjure Legal Consulting

contact.cyberjure@gmail.com

online banking fraud

 If you are a victim of an online credit card scam, then you can seek redress and relief under cyber laws.  In the recent judgement of December 2014 by Adjudicating Officer, Information Technology Act, 2000 in the case of Bal Kishen Rai.v. PNB & Ors., the Court held , that even if a victim divulges his own password by mistake in a phishing scam to a cyber criminal, in case on internet banking, he is still protected by law, and in the light of the Indian Banker’s Code 2014 read along with recent RBI Guidelines  and the principles of the US Banker’s Code, in cases of Internet Banking Frauds and Credit Card frauds a victim’s liability is restricted to Rs. 10,000 only and the loss has to be borne by the Bank. This is a principle of US Internet Banking Law which in this landmark judgement for the first time has laid the foundation of Indian Internet Banking Liability which is pro-consumers and completely protects their interests in cyber crimes.

Meaning of Online Banking Scams:

  1. Where your bank account is debited by an unauthorised online transaction.
  2. Where your credit card has been used without your authorisation for any transaction.
  3. Where you have given your transaction password to a scammer in response to a Phishing scam, which means you receive an email which resembles an email from a bank asking for your bank account details.
  4. Where you have divulged your OTP in a Vishing scam. A vishing scam is one where a person personates a banking official and contacts you to obtain your credit card information on the pretext of generating a new PIN for you, and in the process undertakes online transactions using your credit card data and cheats you into divulging your OTP so that he can complete the transaction.
  5. Where a cyber criminal uses a duplicate SIM card of your registered mobile number, and using your credit card data and due to duplicate SIM has access to OTP also.
  6. Where your SIM card is cloned. SIM card cloning can happen in hotels, shops and any place where you use your credit card for a transaction, and your credit card data is stolen and a cloned credit card is made.

If you are a victim of Online Banking, then you have legal recourse under the provisions of Section 43 of the Information Technology Act, 2000 which deals with Unauthorised Access along with legal recourse against the Bank under Section 43A of the Information Technology Act for failure to protect your sensitive information and passwords, with claim for compensation upto Rs. 5 Crores.

A victim can file a complaint of the cyber crime in the prescribed format before the Adjudicating Officer, Information Technology Act, 2000 with the prescribed application fees of Rs. 50 and requisite court fees. The duration for the disposal of cyber law matters is speedy and  is within 6 to 9 months of filing the complaint.

Disclaimer: The content of this article does not constitute legal advice, and does not create an Attorney-Client relationship between the author and the reader. Rights to Photo in article belong to http://www.pardaphaash.com

Online Revenge Porn-Recourse for Victims under Cyber Laws

– Advocate Puneet Bhasin, Cyber Law Expert, Cyberjure Legal Consulting
http://www.cyberjure.com

revenge porn
Online Revenge Porn means that when there are relationship break ups, then either party puts up nude pictures of the other or videos of their intimate moments on social networking media, blogs and other websites. Online Revenge Porn is on the rise world over with the advent of an open arena of the internet. Most online porn in India is amateur porn or revenge porn. World over, every country has enacted specific legislation to deal with revenge porn.
UK is coming out with the Revenge Porn Law. Many US States already have their Revenge porn laws. Virginia also has a revenge porn law and on 20th October, 2014 the first person was charged and convicted under their law.
In India we do not have a separate Revenge Porn Law, but Sections 67, 67-A and 66-A of the Information Technology Act, 2000 make online publication of Revenge porn a punishable offence.
Section 67 reads as under:
Punishment for publishing or transmitting obscene material in electronic form. -Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.
This section makes a person liable for transmitting or causing to transmit nude photos or content of the nature that it can deprave/corrupt the viewer of such content.
When people are in relationships, they tend to share nude or naughty photos of themselves with each other, and these photos are misused by the jilted partner in the event of a break up.
A victim can seek recourse under Section 67 in such a case.
Section 67 A of the Information Technology Act reads as under:
“Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form. – Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.”
This section also criminalizes the act of any party transmitting via email, MMS or video any act or conduct of explicit nature which the parties indulged in during the course of the relationship.
A victim can file a complaint with the Cyber Police Station along with filing an FIR in the Police Station.
In India we definitely need separate and comprehensive revenge porn laws along with an efficient judicial mechanism to deal with these offences in short duration of time. Many countries have a National Helpline along with a separate Cell to deal with Online Revenge Porn, as these matters require immediate redressal before the video goes viral. A National Helpline for revenge should be set up in India too, where victims can complain and there would be immediate pull down of the content from the internet. Most developed countries have enacted specific laws for the same already because of the huge increase in Revenge porn in the virtual world.
Disclaimer: This article is purely for educational purpose and is not in the nature of legal advice. It does not constitute any lawyer-client relationship between the author and the reader.

Role of Cyber Laws in Divorce Proceedings

– Advocate Puneet Bhasin, Cyber Lawyer, Cyberjure Legal Consulting

legal.pb@gmail.com

divorce privacy pic

privacy 1

Divorce is definitely a painful process. A relationship that begins with affection at the altar ends with negative emotions in a court room. Divorces are of two kinds- Mutual consent divorce and Contested divorces. Mutual consent divorce is one where the parties agree upon the terms of separation and amicably end the marriage; and Contested divorce is one where one of the parties to the marriage has committed a matrimonial offence. There is a burden of proof on the party who alleges that the other has committed a matrimonial offence. This is in common words called the Fault theory of divorce. Grounds of divorce are adultery, cruelty, etc.

In this digital age, the evidence of a matrimonial offence is mostly contained in a computer, laptop, mobile phone, tablet or any other computer resource.  This brings into the picture The Information Technology Act, 2000. For example, in the case of an alleged adultery by a wife, the husband would present the proof of the same from the emails, whats apps and other social media interaction she has exchanged with her boyfriend. The main issue here is the manner in which the husband would obtain this data. If the husband hacks his wife’s email accounts or unauthorisedly accesses her smses he is liable under the Information Technology Act to compensate his wife for the alleged unauthorised access and is liable to be punished for hacking.

The concept of unauthorised access as elucidated in the Information Technology Act includes the act of viewing data in another person’s computer, computer resource or mobile phone without such person’s authorisation. It also makes the act of even touching another person’s computer or mobile phone without their permission an act of unauthorised access and thereby making them liable to pay compensation for the injury caused.

An extension of this concept was read into the fundamental right to life under Article 21 of the Constitution in the landmark case of Vinod Kaushik v. Madhvika Joshi, whereby the concept of right to privacy was included in the relationship of marriage also. There is a right to privacy which a spouse enjoys even in a matrimonial relation and if the other spouse unauthorisedly accesses smses, whats apps and emails to prove a ground for divorce, then it renders such an erring spouse liable under the Information Technology Act. This party presenting such evidence in a Family Court has not come to the court with clean hands, thereby restricting or negatively affecting the remedies available to him.

The advent of technology and its role in relationships has given cyber laws an important role in divorce proceedings.

 

 

 

 

 

 

 

 

Work From Home- Cyber Crime Scams….Are you a Victim?

– Advocate Puneet Bhasin, Cyber Lawyer, Cyberjure Legal Consulting

wfhwfh2

The Work From Home concept is very attractive for most people, as the advertisements offer huge sums of money for a few hours of simple work. But would you really be paid well for doing nothing much! If it is too good to be true, then it probably is not true!

The modus operandi is usually attractive advertisements on websites, public places and social media. The application procedure involves filling up a form with all your details and you have to purchase a welcome kit. If you refer more people then you get paid a percentage for each reference that materializes, so basically you make other people also fall prey to the scam.

The scope of work is mostly like:

  • Envelope stuffing (mailing programs)
  • Assembly work
  • Gifting programs
  • Email processing
  • Rebate processing
  • Repackaging
  • Payment processing
  • Jobs that ask for money to hire you
  • Businesses that don’t have an evident product or service.

If you are a victim of a work from home scam, then cyber laws has recourse for you.If the scammers use your personal data to make fake profiles and commit any crimes, then they are liable under Section 66-D for Cyber Personation, which is punishable with imprisonment upto 3 years and a fine.

The scammers are liable for Identity Theft under Section 66-C if they use your password or any other unique identification feature.

The scammers are liable under Section 43 of the Information Technology Act makes unauthorized access an offence, and Section 43 A makes a Company liable for breach of privacy and confidentiality by payment of compensation to the victim for failure to protect data.

The data that you provide to the scammers is priceless. Along with your personal information they have your credit card data too and misuse the same. When you purchase the welcome kit you may not be directed to a safe payment portal. This renders you vulnerable credit card frauds. And your personal data is sold to marketing companies without your consent.

A leading case of this type of scam was when the Cyber Crime Cell of Crime Branch, C.I.D., Mumbai Police arrested a person by name Sripathi Guruprasanna Raj, aged 52 years old, who is the Chairman and Managing Director of Sohonet India Private Ltd., a company based in Chennai. Many complainants based in Mumbai had complained to the Cyber Crime Investigation Cell, that the said company has duped them each for Rs. 4,000/- and Rs. 6,000/- by promising them with monthly income of Rs. 15,000/-.

Cyber Crime Cell of Crime Branch, C.I.D., Mumbai Police have arrested a person by name Sripathi Guruprasanna Raj, aged 52 yrs who is the Chairman and Managing Director of Sohonet India Private Ltd., a company based in Chennai. Many complainants based in Mumbai had complained to the Cyber Crime Investigation Cell, that the said company has duped them each for Rs. 4,000/- and Rs. 6,000/- by promising them with monthly income of Rs. 15,000/-. The company had through its website having URL http://www.sohonetindia.com and through various attractive advertisements in the news papers as well as by holding seminars in five star hotels, in various metropolitan cities like Mumbai, Delhi, Kolkata, Bangalore etc. had lured the various computer literate people with attractive schemes named Instant Treasure Pack (ITP) and Green Channel The company then asked the interested people to register with their company for which they charged the registration fees of Rs. 4,000/- which was later increased to Rs. 6,000/-. The company CMD, Mr. Raj promised the people so registered that they would be provided with the data conversion job which would enable them to earn Rs. 15,000/- per month. The company then collected huge amount from the gullible computer users. Some of the users were provided with the job work whereas others were not even provided the job work (data conversion job) assured to them. The users who worked hard and completed the assignments did not receive any payment for the same, and when they tried getting in touch with the company, they received no response.

Work from Home scams are aplenty in India and scammers take advantage of the high rate of unemployment in India along with the house wife system which is popular in India.

A victim must make a complaint in the prescribed format to the Adjudicating Officer, DIT, Information Technology Act, 2000.

Contact Details- legal.pb@gmail.com

http://www.cyberjure.com

Fake Social Media Profiles- Cyber Laws has a legal recourse for Victims

fake3fake fbfake2fake4


– ADVOCATE PUNEET BHASIN, CYBER LAW EXPERT, CYBERJURE LEGAL CONSULTING

Fake profiles on social media are a problem most users face. Fake profiles of celebrities are rampant, as are also profiles with fake names and details. It’s definitely alarming that there has been a 168% rise in cyber crimes in the last one year.

As reported by CNN in 2012, in an  updated regulatory filing released Wednesday, the Facebook said that 8.7 percent of its 955 million monthly active users worldwide are actually duplicate or false accounts. That is around 83.03 million fake accounts which they are trying to regulate or disable. And this is the statistics of fake accounts on just one social networking website.

It is very interesting that now-a-days many real world thefts have their roots in social media. Burglars are creating networks of fake profiles to target potential victims, as such connections allow them to uncover a variety of personal information about users and their whereabouts, making their homes an easier target.

The survey found that 56% of social media users had discussed an event, evening or holiday plans ‘wall to wall’ on Facebook, potentially providing opportunities for them to be targeted by criminals.

By befriending a number of the target user’s other friends beforehand, the victim is even more likely to accept the fake friend, inadvertently giving the burglar access to all their personal information.

The cases of Cyber extortion have also increased owing to excessive personal data available in social networking profiles, and this data is accessible to fake profiles in your friend list.
When we come across a fake profile, the first step is to report the same to the service provider like facebook or twitter. Most of these Intermediaries/ Service Providers have facility for reporting and blocking fake profiles.

For example, in the case of facebook the following procedure has to be followed to report an abusive page:

  1. Go to the Page you want to report
  2. Click below the Page’s cover photo
  3. Select Report Page
  4. Choose the reason you’re reporting the Page and click Continue

Facebook will then review the reported material and remove anything that violates their Statement of Rights and Responsibilities. If warranted they also warn or disable the person responsible.

The following procedure has to be followed to report a fake account that’s pretending to be you or a public figure:

 

Fake Timelines created to imitate real people (impostor accounts) are not allowed on Facebook. If someone created an account pretending to be you:

  1. Go to the Timeline
  2. Click and then select Report
  3. Click Report this account
  4. Click This person is pretending to be me or someone I know and then complete the on-screen directions
  5. Click Submit to Facebook for Review

SECTION 66D of the Information Technology Act, 2000 deals with CHEATING BY PERSONATION USING COMPUTER OR COMPUTER DEVICE, which brings within its ambit fake social media profiles.

Whoever, by means for any communication device or computer resource cheats by personating, shall be punished with Imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.

This brings into its ambit:

  1. Making a social networking profile in a fake name.
  2. Making a social networking profile in some other person’s name.
  3. Performing social networking activity in such other name.
  4. Sending emails or messages from some other person’s email id or messaging account.

However, in most cases the purpose of making a fake social media profile has a hidden criminal intention of the perpetrator. It is either means to commit the cyber crimes of cyber stalking, cyber defamation.

Both these cyber crimes are punishable under Section 66 A of the Information Technology Act, 2000 which makes “using a computer or communication device to send data which is injurious or offensive” an offence. It states that:

Any person who sends, by means of a computer resource or a communication device,-

(a) any information that is grossly offensive or has menacing character; or

(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of such computer resource or a communication device,

(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages

shall be punishable with imprisonment for a term which may extend to three years and with fine.

Explanation: For the purposes of this section, terms “Electronic mail” and “Electronic Mail Message” means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, image, audio, video and any other electronic record, which may be transmitted with the message.

CYBER STALKING

The offence of cyber stalking involves using a computer or communication device to send information which is grossly offensive, menacing , annoying, and intimidating for a victim.

There are many cases where victims are threatened that if they do not pay money to the perpetrator, their photos would be morphed or any other form of humiliation will have to be faced by them.

CYBER DEFAMATION

Cyber defamation involves using a computer or communication device to make false statements about a person and cause insult and humiliation to such person. Apart from legal recourse under cyber laws, the victim has legal redress under the law of torts too.

IDENTIFYING THE REAL FACE BEHIND THE FAKE ACCOUNT

Advanced Cyber Forensic Tools and analysis of log files has made it possible to trace the real people behind fake profiles. Their names and addresses can be easily traced in order to take legal action against them.

LEGAL RECOURSE

A victim must file a complaint with the cyber crime cell or Adjudicating Officer in the format mentioned in the Infromation Technology Act, 2000 with the fees payable.

Also, the victim must contact the intermediary to take temporary action against the offender.

It is always advisable to interact with people you personally know on social media, however, if you do interact with people you don’t know well it is best to check out mutual friends.

If you do spot any fake profiles on social media, you must report the same, as you not only will save yourself from cyber crimes, but also many others who could fall prey to such scammers.

legal.pb@gmail.com

http://www.cyberjure.com

 

– Advocate Puneet Bhasin, Cyber Lawyer, Cyberjure Legal Consulting, http://www.cyberjure.com

social 3 social 2

Hacking or unauthorized access to accounts can be of two types. The first is the one that would involve password cracking tools, but most organizations have cyber security features in place to prevent these attacks, however, it’s the second type of attack that can cripple any organization or person’s accounts and databases; this is a social engineering attack.

Social engineers are criminals who take advantage of human behavior to pull off an online scam or hacking attack. Successful social engineers are confident and in control of the situation completely.

There can be two techniques used by social engineers. One is of simple observation and another is of proactive effort.

In the first case, the social engineer simply observes a person’s social networking profiles, linkedin profiles and all data available about him. Most people have passwords that they can easily remember, and for that they have to be words closely related to them. People share their lives on social networking, where their date of birth, favourite colour, pet’s name and everything possibly related to them is freely available. It’s pretty easy to guess passwords in such a scenario. It’s always advisable to be discrete with respect to the data shared on social media. Such data is also collected by the online questionnaires and market research forms that people request to fill in public places.

In the second case, the attack is pre-planned and complete checklist is made of the person or companies likes, dislikes, passions, hobbies and professional credentials. Then the second stage of physical access comes into the picture. For example, three income tax officials turn up at your office for an inspection along with relevant badges and check all your office computers and all your documents, and in the process lodge key loggers into your computers, whereby they will receive an email of every key stroke made on the computers, thereby giving out your passwords and confidential data.

An example of this kind of attack would be where a social engineer researches about a person let’s say Mr. A, and knows that this person is fond of foreign holidays. The social engineer then calls up this person as the authorized representative from a reputed travel agency and offers a mind-blowing holiday package. He asks the Mr. A the version of PDF reader he is using on his laptop. The conversation is very friendly and inspires trust in the mind of Mr. A. The social engineer sends the holiday proposal in a PDF format which is not compatible with the PDF reader installed by Mr. A, and along with the proposal sends a compatible PDF reader for Mr. A to download and read the proposal. The PDF reader has malware attached that gives the social engineer access into Mr. A’s computer.

Another example of this type of attack would be where a very pretty woman, who is a journalist, goes to meet the System Administrator of a big company, to get his opinion on cyber security. She flirts a lot with him and after taking his opinion leaves, but “accidently” leaves her pen drive with him. A beautiful woman who flirted with this guy definitely would make him curious about her and he accesses her pen drive to know more about her. Only that the pen drive is infected with key logger and Trojan malware, thereby making the company’s networks very vulnerable.

The 4 basic principles which most social engineers follow are:

  • They project confidence. They do not sneak around and they proactively approach people and draw attention towards themselves.
  • They give you something. Probably just a small favor which creates trust and a perception of indebtedness.
  • They use humor as that is one tool which is endearing and disarming.
  • They make a request and offer a reason and research shows people are likely to respond to any reasoned request.

Attacks by social engineering are offences in India under Section 43 of the Information Technology Act, 2000. This section reads as under:

Penalty and compensation for damage to computer, computer system, etc. -If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network,-

(a) accesses or secures access to such computer, computer system or computer networkor computer resource;

(b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;

(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;

(d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;

(e) disrupts or causes disruption of any computer, computer system or computer network;

(f) denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means;

(g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder;

(h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network,

(i) destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;

-he shall be liable to pay damages by way of compensation to the person so affected.

 

A victim is required to make a Complaint in the prescribed format along with the applicable fees to The Adjudicating Officer, Information Technology Act, 2000. The fees are calculated in accordance with the damages claimed. Under the provisions of the Rules for conduct of Adjudicating Proceedings under the Information Technology Act, 2000, the Adjudicating officer shall decide every application in 4 months and the whole matter in 6 months.

 – legal.pb@gmail.com

social 1