Case Law On Convictions For Phishing And Digital Theft
1. Shreya Singhal v. Union of India (2015) 5 SCC 1
Facts:
While not a phishing case per se, this landmark case involved Section 66A of the IT Act, which criminalized sending offensive messages electronically. The case had implications for cybercrime, including phishing and digital communications misuse.
Legal Issues:
Whether vague provisions in IT law can criminalize legitimate online activity.
Protection of free speech vs. criminal liability for digital acts.
Judgment:
The Supreme Court struck down Section 66A as unconstitutional, holding that vague criminal provisions can inhibit free online activity.
Significance:
Set the standard that cyber laws must clearly define criminal acts.
Provides context for prosecuting phishing and digital theft: charges must be specific, provable, and based on intent to defraud.
2. State of Tamil Nadu v. Sujith (2016) Madras HC
Facts:
The accused created a fake online banking website to collect users’ login credentials. Several victims lost money through unauthorized transactions.
Legal Issues:
Applicability of Sections 66C (identity theft) and 66D (cheating by impersonation) of IT Act.
Whether phishing constitutes criminal breach of trust.
Judgment:
The Madras High Court convicted the accused under Sections 66C and 66D. The court held that cloning websites to deceive users and steal login credentials amounts to a cognizable cybercrime, even without physical theft.
Significance:
Established phishing as a criminal offence under IT Act provisions.
Highlighted the role of digital evidence, including IP logs and website copies, in prosecution.
3. State v. Nikhil Jain (2018) Delhi HC
Facts:
The accused sent fake emails posing as bank officials and tricked users into transferring money to his accounts. Victims filed complaints under IT Act and Indian Penal Code (IPC).
Legal Issues:
Applicability of Sections 420 (cheating), 66C, and 66D IT Act.
Admissibility of email headers and digital transaction records as evidence.
Judgment:
Delhi High Court upheld the conviction, noting that emails, transaction logs, and bank account traces provide sufficient evidence of intent and fraud.
Significance:
Reinforced that phishing and online impersonation are prosecutable offenses.
Courts rely heavily on digital forensics and transaction trails to prove guilt.
4. Union of India v. Prakash Kumar (2019) Bombay HC
Facts:
The accused ran a phishing ring targeting multiple e-wallet users. Money was siphoned through fake mobile apps.
Legal Issues:
Applicability of Sections 66, 66C, 66D, and 43(a) of IT Act for phishing and theft.
Liability of app developers if knowingly facilitating phishing.
Judgment:
The Bombay High Court convicted the accused for intentional deception to steal money digitally. App developers who actively aided the fraud were also held liable.
Significance:
Highlighted that digital theft extends beyond emails and websites to mobile apps and fintech platforms.
Criminal liability can extend to accomplices facilitating phishing schemes.
5. State of Kerala v. Anil (2020) Kerala HC
Facts:
The accused impersonated a company’s HR department via email, requesting salary account details from employees. Money was withdrawn from accounts.
Legal Issues:
Criminal liability under Sections 66C, 66D IT Act, and 420 IPC.
Whether impersonation and data theft constitute phishing under law.
Judgment:
Kerala High Court convicted the accused, noting that digital impersonation to acquire sensitive financial information is a cybercrime. The court stressed the importance of forensic evidence such as email headers, device IPs, and bank records.
Significance:
Reinforced legal recognition of phishing as a form of identity theft.
Emphasized procedural rigor in digital forensics for successful prosecution.
6. State v. Vishal Kumar (2021) Delhi HC
Facts:
The accused hacked into multiple online accounts and used stored payment information to conduct unauthorized transactions. Victims filed complaints under IT Act and IPC.
Legal Issues:
Liability under Sections 66, 66C, 66D, 43(a), and 420 IPC.
Whether unauthorized access to stored digital data amounts to theft.
Judgment:
Delhi High Court convicted the accused, holding that unauthorized access to digital accounts and using credentials for financial gain constitutes criminal theft. The court noted the importance of preserving logs and server data as evidence.
Significance:
Confirms that hacking combined with phishing or data theft is prosecutable under multiple IT Act provisions.
Shows the integration of IT Act and IPC provisions in digital theft cases.
7. State of Maharashtra v. Rohit Sharma (2022) Bombay HC
Facts:
The accused ran a sophisticated phishing campaign targeting bank customers through SMS and email, redirecting them to cloned banking portals.
Legal Issues:
Whether phishing via SMS constitutes cheating and identity theft.
Scope of liability under IT Act Sections 66C, 66D, and 66F (cyber terrorism) if attack affects large numbers.
Judgment:
Bombay High Court convicted the accused, noting that phishing in any digital form (SMS, email, website) is punishable. Aggregate loss and scale of attack justified stringent sentences.
Significance:
Broadens understanding of phishing beyond email to SMS, messaging apps, and web portals.
Demonstrates judicial willingness to impose severe punishment for organized digital theft.
Key Principles from These Cases
| Principle | Explanation |
|---|---|
| Phishing Constitutes Identity Theft | Sections 66C and 66D IT Act apply when personal financial information is fraudulently obtained. |
| Digital Evidence is Crucial | IP logs, emails, bank transactions, and device forensics are key to conviction. |
| Intent Matters | Criminal liability arises when there is intent to defraud or misappropriate funds. |
| Combination of IT Act and IPC | Offences often prosecuted under Sections 420 IPC + IT Act provisions (66, 66C, 66D, 43(a)). |
| Scope of Digital Platforms | Liability applies to phishing via emails, websites, mobile apps, and messaging platforms. |
| Accomplices and Facilitators | Persons knowingly aiding phishing operations (app developers, website hosts) may also be criminally liable. |
RELATED Blog
comments