Case Studies On Cybercrime Targeting Financial Institutions
Cybercrime targeting financial institutions involves attacks on banks, insurance companies, stock exchanges, or payment systems through hacking, phishing, malware, ransomware, or fraudulent digital transactions.
Types of Cybercrime in Financial Sector
Phishing and identity theft – obtaining sensitive information like account credentials.
ATM and card fraud – skimming, cloning, or malware attacks.
Ransomware attacks – encrypting bank data and demanding cryptocurrency payment.
Unauthorized fund transfers – hacking online banking systems.
Insider fraud – employees abusing access to commit cyber-enabled theft.
Legal Framework (India)
Indian Penal Code (IPC) – Sections 420 (cheating), 403 (dishonest misappropriation), 406 (criminal breach of trust), 468–471 (forgery).
Information Technology Act, 2000
Section 43 – Damage to computer systems
Section 66 – Hacking
Section 66C – Identity theft
Section 66D – Cheating by personation using computer resources
Banking Regulation Act, 1949 – for regulatory compliance by banks.
Globally, cybercrime against banks is prosecuted under cybercrime laws, anti-fraud statutes, and banking regulations.
Case Studies of Cybercrime Targeting Financial Institutions
1. Union Bank of India vs. CBI Investigation (2007, India – ATM Malware Fraud)
Facts
Hackers installed malware on ATMs in multiple branches to manipulate cash dispensing, causing loss of lakhs of rupees.
Judgment
Investigation by CBI led to prosecution under:
Section 43 IT Act – Hacking
Section 420 IPC – Cheating
Offenders were convicted; banks recovered some losses.
Significance
First high-profile ATM malware case in India.
Highlighted importance of cybersecurity in financial institutions.
2. City Union Bank Fraud via ATM Skimming (2018, India)
Facts
Fraudsters installed skimming devices at ATMs, stole card information, and conducted unauthorized withdrawals across multiple cities.
Judgment
Convicted under:
Sections 420, 403, 66C, and 66D IT Act
Recovery of stolen funds was partial; offenders received imprisonment.
Significance
Demonstrates vulnerability of banking infrastructure and legal recourse through IPC and IT Act.
3. State Bank of India Phishing Attack Case (2019, India)
Facts
Cybercriminals sent fake emails to SBI customers to obtain net banking credentials.
Transferred funds without authorization.
Judgment
FIR lodged; investigation under Sections 66, 66C, and 66D IT Act, and IPC Sections 420 and 406.
Perpetrators tracked using IP logs and cyber forensic techniques.
Significance
Highlights phishing as a major cyber threat to financial institutions and customers.
4. Bangladesh Bank Heist (2016, International)
Facts
Hackers stole $81 million via SWIFT network targeting Bangladesh Bank’s account at Federal Reserve Bank, New York.
Funds diverted to casinos in the Philippines.
Judgment
International investigation revealed:
Exploitation of banking system vulnerabilities
Money laundering networks
Led to reforms in SWIFT banking security protocols.
Significance
Largest cyber heist in banking history.
Showed global interconnectedness of cybercrime and financial systems.
5. Union Bank of India Online Banking Fraud – SIM Swap (2020)
Facts
Fraudsters performed SIM swap attacks to intercept OTPs, transferring money from online bank accounts.
Judgment
Convictions under:
Sections 66C and 66D IT Act
Sections 420 and 406 IPC
Banks enhanced security measures and raised public awareness.
Significance
Illustrates modern cybercrime techniques targeting customer authentication systems.
6. YES Bank Ransomware Attack (2021, India)
Facts
Malware attack encrypted bank data; attackers demanded cryptocurrency ransom to restore systems.
Judgment
Investigation by CERT-IN and police cyber cells.
Legal provisions invoked:
Section 66 IT Act – Hacking
Section 43 IT Act – Damage to computer system
Bank restored systems using backups; ransom not paid.
Significance
Shows the growing threat of ransomware on financial institutions.
7. Punjab National Bank Fraud via Cyber Transactions (2018)
Facts
Fraudsters exploited vulnerabilities in bank’s digital payment gateway to siphon funds.
Judgment
Investigation under:
IPC Sections 420, 406
IT Act Sections 66C, 66D
Offenders prosecuted; banks implemented stricter transaction monitoring.
Significance
Demonstrates regulatory and legal recourse for cyber-enabled financial crimes.
Judicial Observations & Principles
Digital Evidence is Crucial
Courts accept IP logs, transaction records, malware analysis, and CCTV evidence.
Cybercrime Law & IPC Complement Each Other
IT Act addresses technical hacking; IPC addresses cheating, breach of trust, and fraud.
Banks Have Duty of Care
Courts hold financial institutions accountable for preventing cybercrime via security lapses.
Preventive Measures Recommended
Strong authentication, regular audits, and cyber insurance recommended.
Cross-Border Collaboration
International cyber fraud cases (Bangladesh Bank) require coordination with foreign banks and law enforcement.
RELATED Blog
comments