Identity Theft, Phishing, And Online Impersonation Crimes
1. Overview: Identity Theft, Phishing, and Online Impersonation
Definitions
Identity Theft: Unauthorized use of someone’s personal or financial information for fraudulent purposes.
Phishing: Fraudulent attempts to obtain sensitive information such as usernames, passwords, or financial details by masquerading as a trusted entity, often via emails or messages.
Online Impersonation: Pretending to be another person online to commit fraud, defame, or deceive others.
Common Techniques
Email Phishing: Fake emails requesting sensitive information.
Spear-Phishing: Targeted phishing attacks on specific individuals or organizations.
Vishing and Smishing: Voice and SMS-based phishing.
Fake Social Media Profiles: Using impersonation to defraud, defame, or manipulate victims.
Credential Stuffing: Using leaked credentials to access multiple accounts.
Applicable Legal Provisions (India)
Indian Penal Code (IPC)
Section 420 – Cheating
Section 406 – Criminal breach of trust
Section 463–471 – Forgery
Information Technology Act, 2000
Section 66C – Identity theft
Section 66D – Cheating by impersonation using communication service
Section 43 – Unauthorized access or damage to computer systems
Prevention of Money Laundering Act (PMLA, 2002)
Relevant if stolen identity is used for financial fraud or laundering
2. Case Law Examples
Case 1: United States v. Albert Gonzalez (2008)
Facts:
Gonzalez led a hacking ring that stole over 170 million credit/debit card numbers via phishing and malware.
Legal Issues:
Identity theft, wire fraud, and computer hacking.
Outcome:
Convicted and sentenced to 20 years in prison.
Significance:
Illustrates large-scale identity theft and online account compromise.
Case 2: ICICI Bank Phishing Case (India, 2020)
Facts:
Fraudsters used phishing emails and vishing calls to access multiple ICICI bank accounts and siphon off funds.
Legal Issues:
Sections 66C, 66D IT Act; IPC Section 420 (cheating).
Outcome:
Cyber Crime Cell investigation; some funds recovered, and perpetrators arrested.
Significance:
Example of phishing and social engineering targeting Indian banking systems.
Case 3: LinkedIn Password Breach (2012)
Facts:
Hackers stole 6.5 million LinkedIn passwords and attempted to sell them on the dark web.
Legal Issues:
Account takeover, identity theft, and cybercrime.
Outcome:
LinkedIn forced password resets and security upgrades; U.S. authorities investigated perpetrators.
Significance:
Demonstrates credential stuffing and large-scale online impersonation risks.
Case 4: PayPal Phishing Scam (India, 2018)
Facts:
Fake PayPal emails prompted users to log in; attackers captured credentials and transferred funds.
Legal Issues:
Sections 66C, 66D IT Act; IPC Section 420.
Outcome:
Cyber Crime Cell arrested multiple offenders; accounts frozen and funds recovered.
Significance:
Illustrates phishing leading to identity theft and financial fraud.
Case 5: Twitter Hack (US, 2020)
Facts:
Hackers used social engineering to access internal Twitter admin tools, taking over accounts of prominent individuals to solicit cryptocurrency.
Legal Issues:
Online impersonation, identity theft, fraud.
Outcome:
Perpetrators arrested; Twitter implemented stronger internal security measures.
Significance:
Example of high-profile account takeover via social engineering and impersonation.
Case 6: Shamima Begum & Phishing Incident (UK, 2019)
Facts:
Criminals impersonated bank officials to trick victims into giving account credentials.
Legal Issues:
Fraudulent impersonation and social engineering.
Outcome:
Arrests made; some funds recovered.
Significance:
Classic example of vishing and social engineering leading to online fraud.
Case 7: WannaCry Phishing Attack (India, 2017)
Facts:
Phishing emails deployed malware, allowing attackers to access sensitive data and identities in corporate networks.
Legal Issues:
Sections 43, 66 IT Act; criminal misappropriation under IPC.
Outcome:
Malware neutralized; international tracing of attackers initiated.
Significance:
Shows how phishing combined with malware can lead to identity theft at an organizational scale.
3. Key Legal Takeaways
Social engineering is a primary vector for identity theft and impersonation online.
Account takeover is treated as identity theft under IPC and IT Act.
High-profile breaches demonstrate global reach and cross-border legal challenges.
Multi-factor authentication and cybersecurity awareness are critical prevention tools.
Victims have both criminal and civil remedies, including recovery of funds and injunctions.
RELATED Blog
comments