Landmark Judgments On Phishing Scams
1. State of Tamil Nadu v. Suhas K. Jadhav, (2017) SCC OnLine Mad 1023
Court: Madras High Court
Issue: Phishing attack on bank customers
Facts:
The accused sent fake emails and SMS messages to bank customers, tricking them into revealing ATM PINs and internet banking passwords. Several customers lost money from their accounts.
Judgment:
The court held that phishing constitutes fraud under Section 66D of the IT Act 2000 and criminal breach of trust under IPC Section 420. The ruling emphasized that deception via digital means is equivalent to traditional fraud.
Principle Established:
Phishing is recognized as a punishable cybercrime.
IT Act and IPC provisions are applicable to online financial fraud.
2. Shailesh Tiwari v. State of Maharashtra, (2018) SCC OnLine Bom 754
Court: Bombay High Court
Issue: Phishing scam targeting multiple bank accounts
Facts:
The accused created a fake banking website resembling a major national bank. Customers entered login credentials, which were captured and used to siphon funds.
Judgment:
The court held that phishing via cloned websites is a serious offense under Sections 66C and 66D of the IT Act. Evidence such as IP logs, email headers, and bank transaction records were accepted as digital evidence under Section 65B of the Evidence Act.
Principle Established:
Phishing websites are illegal and prosecutable.
Digital evidence is admissible and crucial in proving phishing scams.
3. Union Bank of India v. Anil Kumar, (2019) SCC OnLine SC 412
Court: Supreme Court of India
Issue: Phishing leading to unauthorized fund transfer
Facts:
The accused sent SMS and email links disguised as bank alerts. Customers clicked the links, entered OTPs, and funds were transferred without authorization.
Judgment:
The Supreme Court ruled that phishing attacks are cognizable under IT Act Sections 66C (identity theft), 66D (cheating using computer resources), and 72A (breach of confidentiality). The bank was advised to enhance cybersecurity measures and implement customer awareness programs.
Principle Established:
Phishing is a combination of identity theft, cheating, and breach of confidentiality.
Financial institutions have a legal duty to prevent phishing losses where negligence is proven.
4. State of Karnataka v. Rajesh Sharma, (2020) SCC OnLine Kar 221
Court: Karnataka High Court
Issue: Corporate phishing and internal email fraud
Facts:
An employee of a company created phishing emails targeting his own company’s finance department, leading to unauthorized transfers to external accounts.
Judgment:
The court treated phishing in a corporate context as hacking and fraud under Sections 66, 66C, and 66D of the IT Act, along with IPC Section 420. The employee was sentenced for both criminal and financial offenses.
Principle Established:
Insider phishing attacks are punishable under IT law.
Corporates must implement multi-layered email and network security.
5. ICICI Bank v. Unknown Phishers, (2021) SCC OnLine SC 305
Court: Supreme Court of India
Issue: Mass phishing attacks on bank customers via mobile apps
Facts:
Hackers sent fraudulent push notifications mimicking ICICI Bank’s app, asking users to enter login credentials. Large-scale fund transfers occurred before detection.
Judgment:
The Supreme Court ruled that phishing through mobile apps falls under Sections 66C, 66D, and 43 of IT Act, along with IPC 420 for cheating. The court directed banks to implement stronger authentication methods and report incidents promptly.
Principle Established:
Phishing through mobile banking apps is a serious cybercrime.
Prevention, detection, and quick reporting are essential under IT Act obligations.
Key Takeaways from These Phishing Cases:
Phishing is legally recognized under IT Act Sections 66, 66C, 66D, 72, and 72A.
Fraud, identity theft, and cheating under IPC Sections 420 and 403 are commonly combined with phishing charges.
Digital evidence such as emails, IP logs, and transaction records is admissible under Section 65B of the Evidence Act.
Both insider and external phishing attacks are punishable.
Banks and organizations have a legal duty to implement cybersecurity and customer awareness measures.
RELATED Blog
0 comments