Email Scams

Work From Home- Cyber Crime Scams….Are you a Victim?

– Advocate Puneet Bhasin, Cyber Lawyer, Cyberjure Legal Consulting

wfhwfh2

The Work From Home concept is very attractive for most people, as the advertisements offer huge sums of money for a few hours of simple work. But would you really be paid well for doing nothing much! If it is too good to be true, then it probably is not true!

The modus operandi is usually attractive advertisements on websites, public places and social media. The application procedure involves filling up a form with all your details and you have to purchase a welcome kit. If you refer more people then you get paid a percentage for each reference that materializes, so basically you make other people also fall prey to the scam.

The scope of work is mostly like:

  • Envelope stuffing (mailing programs)
  • Assembly work
  • Gifting programs
  • Email processing
  • Rebate processing
  • Repackaging
  • Payment processing
  • Jobs that ask for money to hire you
  • Businesses that don’t have an evident product or service.

If you are a victim of a work from home scam, then cyber laws has recourse for you.If the scammers use your personal data to make fake profiles and commit any crimes, then they are liable under Section 66-D for Cyber Personation, which is punishable with imprisonment upto 3 years and a fine.

The scammers are liable for Identity Theft under Section 66-C if they use your password or any other unique identification feature.

The scammers are liable under Section 43 of the Information Technology Act makes unauthorized access an offence, and Section 43 A makes a Company liable for breach of privacy and confidentiality by payment of compensation to the victim for failure to protect data.

The data that you provide to the scammers is priceless. Along with your personal information they have your credit card data too and misuse the same. When you purchase the welcome kit you may not be directed to a safe payment portal. This renders you vulnerable credit card frauds. And your personal data is sold to marketing companies without your consent.

A leading case of this type of scam was when the Cyber Crime Cell of Crime Branch, C.I.D., Mumbai Police arrested a person by name Sripathi Guruprasanna Raj, aged 52 years old, who is the Chairman and Managing Director of Sohonet India Private Ltd., a company based in Chennai. Many complainants based in Mumbai had complained to the Cyber Crime Investigation Cell, that the said company has duped them each for Rs. 4,000/- and Rs. 6,000/- by promising them with monthly income of Rs. 15,000/-.

Cyber Crime Cell of Crime Branch, C.I.D., Mumbai Police have arrested a person by name Sripathi Guruprasanna Raj, aged 52 yrs who is the Chairman and Managing Director of Sohonet India Private Ltd., a company based in Chennai. Many complainants based in Mumbai had complained to the Cyber Crime Investigation Cell, that the said company has duped them each for Rs. 4,000/- and Rs. 6,000/- by promising them with monthly income of Rs. 15,000/-. The company had through its website having URL http://www.sohonetindia.com and through various attractive advertisements in the news papers as well as by holding seminars in five star hotels, in various metropolitan cities like Mumbai, Delhi, Kolkata, Bangalore etc. had lured the various computer literate people with attractive schemes named Instant Treasure Pack (ITP) and Green Channel The company then asked the interested people to register with their company for which they charged the registration fees of Rs. 4,000/- which was later increased to Rs. 6,000/-. The company CMD, Mr. Raj promised the people so registered that they would be provided with the data conversion job which would enable them to earn Rs. 15,000/- per month. The company then collected huge amount from the gullible computer users. Some of the users were provided with the job work whereas others were not even provided the job work (data conversion job) assured to them. The users who worked hard and completed the assignments did not receive any payment for the same, and when they tried getting in touch with the company, they received no response.

Work from Home scams are aplenty in India and scammers take advantage of the high rate of unemployment in India along with the house wife system which is popular in India.

A victim must make a complaint in the prescribed format to the Adjudicating Officer, DIT, Information Technology Act, 2000.

Contact Details- legal.pb@gmail.com

http://www.cyberjure.com

Advertisements

– Advocate Puneet Bhasin, Cyber Lawyer, Cyberjure Legal Consulting

ImageImageImage

Cyber space has certain distinct features like anonymity which make it a very dangerous arena. However, this sense of anonymity is not really true as every person and activity on the internet can be traced, but a layman does not have the knowledge to take recourse to the same when he is a victim of a cyber crime.
Email scams are the most commonly committed cyber crimes in India. Gullible people fall prey to these scams which offer great monetary gains. An Email scam is a hoax distributed in an email form which is designed to deceive and defraud the email recipients for monetary gain.
The most common types of Email scams are as follows:
1. Dating Scam: This is a very charming scam that purports to tug at the strings of your heart but end of the day leaves your wallet empty. These scams originate from random chats on online dating or matrimonial portals where email ids are exchanged for further correspondence. Also in many cases there are emails soliciting for a date by a very beautiful and charming woman that are sent to all email ids that would seemingly belong to men. Responding to such emails leads to exchange of photographs and sharing of personal data along with flirting and building an emotional bond. However, it ends with the scammer being in severe need for money for treatment after an accident or to visit the online lover. However, once the money is transferred all correspondences from the scammers end cease. In many cases they are actually Nigerian men who purport to be beautiful women and solicit men for dates, and that’s why this is a type of Nigerian email scam.
2. Phishing Emails: These emails are all over cyber space. They purport to have been sent by a Bank and have a link which directs you to a webpage which carries the logo and feel of the Bank’s website. They require the recipient to update his records immediately otherwise his accounts would be frozen. Most people panic on receiving such an email and enter their online banking passwords and sensitive data on the webpage. Thereafter, the scammers make unauthorized withdrawals from the victim’s bank accounts. The latest is an email from RBI which asks the recipient of the email to secure his bank account details with RBI, requiring him to mention all the banks in which he has his accounts along with the net banking details, credit card numbers including the secret three digit CVV number.
3. Inheritance Scam: These emails mention that the name of the recipient matches that of the relative of a millionaire who has died intestate abroad. If a victim responds positively to this email, he will receive very genuine looking transfer documents for the property along with a bill for the legal fees that would have to be incurred for the transfer. Once the victim transfers the money, he will never hear from the scammer again.
4. Lottery Scam: This is among the most common types of email scams, where a victim receives an email informing him that he has won a big lottery and he has to pay a certain amount of money as transaction costs to claim the prize money.
5. Extortion scam: This is a very interesting type of email scam. In email scams, the scam emails are sent out to millions of people. These scam emails are threatening in nature and demand security money. They will typically say that I am watching you, and I know your wife and child also, if you don’t pay beware of the consequences. The next email would mention that you think I am not serious, but I have been following you, you wore a white shirt and blue trousers today. Now in reality this is just a psychological play to create fear in the mind of the victim. If you just clearly think, then from all the men who receive that email many would have a wife and child, and most men wear white shirts and blue trousers. It’s a game of probability.
In 2012 a 32 year old man from Indore was arrested for allegedly duping a student from Kandivili of Rs. 1.2 Lakhs through an email lottery scam. The Mumbai Cyber Police cracked this case and apprehended the culprit.
If you are a victim of such a scam, then there is legal recourse under the Information Technology Act, 2000.
Section 66-D of the Information Technology Act, 2000 provides for punishment for cheating by Personation by using a computer resource. This legal provision reads as under:
“Whoever, by means for any communication device or computer resource cheats by personating, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to One Lakh rupees.”
A victim can initiate legal action against such scammers. The first step would be filing a complaint with the Cyber Crime Cell to trace the offenders and thereafter a Complaint should be filed with the Adjudicating Officer under the Information Technology Act, in order to initiate legal proceedings against the offenders. In many cases the offenders are Indian citizens only, who pretend to be foreign nationals in the emails.
Always remember, that if something sounds too good to be true, then it probably is. Never volunteer your credit card details, net banking details, PAN card numbers or any other sensitive personal data to any unknown person in cyber space however, credible it may appear to be.
It is always better to be safe in cyber space. However, if you are a victim of such scams, you do have legal recourse to recover your money.

legal.pb@gmail.com

http://www.cyberjure.com

  – Advocate Puneet Bhasin, Cyber Lawyer (Cyberjure Legal Consulting)

3PHISHING12

Online banking revolutionized banking transactions, whereby money could be transferred at a single click. It has been a  time saver and has been an extremely convenient method to undertake commercial transactions. However, it has lead to a slew of litigation against banks. With online banking came phishing emails.

Phishing emails in these cases are those emails which purport to have been sent by the bank and have the look and feel of a legitimate email from a bank. They require the user to enter their username and password to reconfirm their accounts, invariably threatening that if such confirmation is not made immediately the account would be frozen. In many cases these emails are spoofed also whereby a third party sends an email using the email id of the bank, and this can be easily identified by reading the complete header of the email.

Many users panic on receiving such an email and immediately give out their personal sensitive data like banking passwords to third parties purporting to be representing the bank.  They realize that they have been duped only when money is drawn out by such third parties from their bank accounts.

There has been a slew of litigation against banks whereby, the victims of phishing scams file complaints against the banks under the Information Technology Act, 2000.  The grounds on which such complaints are filed is Section 43, Section 43A and Section 72 A pf the Information Technology Act.

Section 43 of the Information Technology Act deals with Unauthorised Access, and the Complainant in most cases alleges violation of Section 43 (a) which is accessing or securing access to a computer, computer system or computer network without permission of owner or person in charge. However, banks have a very strong legal defence to this because the unauthorised access is by a third party who sent the phishing email and not the bank. The banks on receipt of any information from a online banking services user that his account has been wrongfully debited, must ask him if he responded to any email asking for his password and must ask him to submit documentary proof of that email to the bank. If the user admits that he has replied to such phishing email, the bank must require him to submit a letter to the bank to that effect in order to enable the bank to freeze his account, whereby further unauthorised money transfer should not happen from his account.  The bank should intimate the user by an official letter to file a complaint with the cyber crime cell, and the bank should also file  an FIR against the beneficiary account holders in whose accounts the money has been unauthorisedly credited. This is important to prove the proactive efforts of the bank in a litigation by a victim against the bank under the Information Technology Act.

Section 72 A of the Information Technology Act reads as under:

Punishment for Disclosure of information in breach of lawful contract.- Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person shall be punished with imprisonment for a term which may extend to three years, or with a fine which may extend to five lakh rupees, or with both.”

The main contention of the complainant would be that the bank has access to his password and misused it. However, as per RBI norms all banks have 128 bit encryption of passwords and the bank does not have any access to the same.

The Complainants in most cases attempt to bring the bank within the definition of an “Intermediary” under the Information Technology Act,; however, the exceptions to intermediary liability under Section 79 of the Information Technology Act, 2000, apply to a bank in this case because of the following reasons:

1. the function of the bank  is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored.

2. the bank does not-

(i) initiate the transmission,

(ii) select the receiver of the transmission, and

(iii) select or modify the information contained in the transmission
(c) the bank observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.

The banks are required to maintain ISO 27001 standards because they handle confidential and sensitive personal data of users of their services.

In brief, the banks need to undertake the following steps in order to be able to succeed in any litigation against them:

1. They should provide a handbook to the online banking services users at the time they apply for such services. The handbook should mention directions for safe use of online banking and should also contain complete information about phishing emails and scams, including information on how users can protect themselves from such phishing attacks.

2. The Online Banking Services Application should have an Indemnity clause, whereby the user indemnifies the bank.

3. The Terms and Conditions of Online Banking should contain Indemnity clauses with respect to password of the user, online transactions and use of bank’s services.

4. There should be a security tips page which warns users of phishing emails each time they log in for online banking.

5. There should be cyber security and cyber law compliance panel. This panel should comprise of cyber security experts who should ensure that proper cyber security measures are always in place and the cyber lawyer in the panel should ensure that the online banking user agreement clauses  are up-to-date to restrict the bank’s liability in an environment where new cyber crimes get added each day.

6. The online user should be made to agree to indemnify the bank with respect to his usage of his password and online banking transactions with each log in.

7. There should be a well drafted Privacy Policy whereby the bank’s liability is reduced to a negligible level.

8. The cyber security and cyber law compliance panel should send emails on a routine basis to all users of online banking about the latest cyber crimes and safe guard measures. This helps show the banks active role in prevention of cyber crimes and shows the bank in positive light in cyber crime litigation against the bank.

9. The Online Banking Services Agreement should have a well drafted Alternative Dispute Resolution Clause. This clause is very important as it helps preserve the image and reputation of a bank, which can get damaged when the bank is accused in such matters involving litigation.

10. The bank should actively follow-up the case investigation after filing the FIR.

In the current scenario most cases where the victim in phishing scams files a complaint against the bank manages to succeed in getting compensated for his losses.

These are a few guidelines which can help a Bank succeed in litigation faced by them due to phishing scams.

 

legal.pb@gmail.com

http://www.cyberjure.com