IT ACT YAGYAVALKYA INSTITUTE OF TECHNOLOGY Submitted To: SubmittedBy: Mr. Manish Dave Abhilasha Agarwal (Asst. Professor CS & IT)IT- 8 th Sem ( 4 th Yr)
IT ACT
YAGYAVALKYA INSTITUTE OF TECHNOLOGY
Submitted To: Submitted By: Mr. Manish Dave Abhilasha Agarwal(Asst. Professor CS & IT) IT- 8t h Sem ( 4th Yr)
IT ACT
Enacted on 17th May 2000- India is 12th nation in the world to adopt cyber laws
IT Act is based on Model law on e-commerce .
To provide legal recognition for transactions:-
Carried out by means of electronic data interchange, and other means of electronic communication, commonly referred to as "electronic commerce“
To facilitate electronic filing of documents with Government agencies and E-Payments
To amend the Indian Penal Code, Indian Evidence Act,1872, the Banker’s Books Evidence Act 1891,Reserve Bank of India Act ,1934
Objectives of the IT Act:
Cyber crime is a generic term that refers to all criminal activities done using the medium of computers, the Internet, cyber space and the worldwide web.
Cyber Crime:
It is the act of tricking someone into giving confidential information (like passwords and credit card information) on a fake web page or email form pretending to come from a legitimate company (like their bank).
What Is Phishing???
A message is sent from the Phisher to the user.
A user provides confidential information to a Phishing server.
The Phishers obtains the confidential information from the server.
The confidential information is used to impersonate the user.
The Phishers obtains illicit monetary gain.
How it works ??
Man-in-the-middle attacks URL Obfuscation Attacks
Techniques of Phishing attacks
The attacker sits between the customer and the real web-based application, and proxies all communications between the systems.
This form of attack is successful for HTTP communications.
Man-in-the-middle attacks:
It involves minor changes to the URL, the fraudster tricks the user to follow a hyperlink (URL) to the attacker’s server, without the users realizing that he has been duped.
URL Obfuscation Attacks:
Unawareness among public Unawareness of policy Technical sophistication
Major factors for increase in Phishing Attacks:
Lack of awareness regarding the phishing attacks among the common masses.
The users are unaware that their personal information is actively being targeted by criminals.
They do not take proper precautions when they conduct online activities.
Unawareness among public:
Bank/financial institution policies. Procedures for contacting customers, particularly
for issues relating to account maintenance and fraud investigation.
The policies of an online transaction.
Unawareness of policy :
URL obfuscation to make phishing emails. Web sites appear more legitimate. Execution of malicious code from a hostile web
site.
Technical sophistication :
The following Sections of the Information Technology Act, 2000 are applicable to the Phishing Activity:
Section 66 Section 66A Section 66C Section 66D
Provisions of Information Technology Act, 2000
The account of the victim is compromised by the phisher which is not possible unless & until the fraudster fraudulently effects some changes by way of deletion or alteration of information/data electronically in the account of the victim residing in the bank server. Thus, this act is squarely covered and punishable u/s 66 IT Act.
Section 66:
The disguised email containing the fake link of the bank or organization is used to deceive or to mislead the recipient about the origin of such email and thus, it clearly attracts the provisions of Section 66A IT Act, 2000.
Section 66A:
In the phishing email, the fraudster disguises himself as the real banker and uses the unique identifying feature of the bank or organization say Logo, trademark etc. and thus, clearly attracts the provision of Section 66C IT Act, 2000.
Section 66C:
The fraudsters through the use of the phishing email containing the link to the fake website of the bank or organizations personates the Bank or financial institutions to cheat upon the innocent persons, thus the offence under Section 66D too is attracted.
Section 66D:
A petition filed by an Abu Dhabi-based NRI(Umashankar Sivasubramaniam), who claimed he received an email in September 2007 from ICICI, asking him to reply with his internet banking username and password or else his account would become non-existent.
He replied, he found Rs 6.46 lakh transferred from his account to that of a company, which withdrew Rs 4.6 lakh from an ICICI branch in Mumbai and retained remaining balance in its account.
Case Study:
But ICICI Bank claimed that the petitioner had negligently disclosed the confidential information such as password and had fallen prey to a phishing fraud.
A bank Spokeperson said "Customers are fully appraised on security aspects of internet banking . We reassure that our security systems are continuously audited and neither the security nor our processes have been breached."
In his application for adjudication filed section 66, 66A,66C,66D under the IT Act to the state IT secretary on June 26, 2008, he held the bank responsible for the loss.
Further, the Spokesperson said “we have hundreds types of transactions, which can be completed online without having to walk into a branch. Customers get the best experience and a safe environment while transacting online."
Techno-legal consultant said “the order may lead to tightening of cyber laws in the country, "Phishing fraud is very common but banks are not accepting the liabilities. It will set a good precedent.“
April 12, 2010, Tamil Nadu IT secretary directed “ICICI Bank to pay Rs 12.85 lakh within 60 days for the loss suffered by him due to a phishing fraud incident involving fraudulent transfer of an amount of Rs 6.46 lakh. “
The compensation includes not only the loss suffered by the petitioner, but also interest and other expenses.
Example:
If you have provided account numbers, pin number, password, login detail to the phisher, immediately notify the bank with which you have the account so that your accounts can’t be
compromised.
What do you do if you think you are a victim?
Check your credit card and bank account statements regularly and look for unauthorized transactions, even small ones. Report discrepancies immediately .
Ensure that your system has the current security software applications like; anti-spam, anti-phishing, anti-virus and anti-spyware etc.
You must CALL Customer Support Service because in case you find the email suspicious .
Precautionary Measures:
Thank You