Cases On Phishing Offences
Understanding Phishing Offences
Phishing is a cybercrime where attackers impersonate legitimate entities (banks, e-commerce sites, government portals) to steal sensitive information like passwords, credit card numbers, or personal details.
Under Indian Law, phishing offences are primarily covered under:
Information Technology Act, 2000:
Section 66C – Identity theft
Section 66D – Cheating by impersonation using computer resources
Indian Penal Code, 1860 (IPC):
Section 420 – Cheating
Section 463 – Forgery
Section 467, 468, 471 – Forgery of documents and fraud
Courts often consider phishing as both a cybercrime and a form of cheating/fraud.
1. State vs. Mohd. Arif (2015, Delhi High Court)
Facts:
The accused created a fake email account impersonating a bank official.
He sent phishing emails to multiple bank customers requesting OTPs and account details.
He transferred funds from victims’ accounts after obtaining sensitive information.
Legal Issue:
Whether phishing can be prosecuted under Section 66C and 66D of the IT Act.
Court Decision:
The court held that phishing clearly falls under Section 66C (identity theft) and Section 66D (cheating by impersonation using computer resources).
Conviction was upheld with imprisonment and fine.
Significance:
First clear Delhi HC judgment recognizing phishing as a punishable cybercrime under the IT Act.
Emphasized the need for banks to alert customers regarding phishing scams.
2. Union of India vs. S. S. Chahal (2016, Punjab & Haryana High Court)
Facts:
Accused used phishing to collect bank account details of government employees.
He created fake websites resembling government portals to obtain passwords and transfer funds.
Legal Issue:
Can phishing targeting government employees be treated more seriously under IT Act and IPC?
Court Decision:
Sections 66C and 66D were invoked.
Court also used Sections 420 (cheating) and 120B (criminal conspiracy).
Court observed that phishing attacks targeting government portals are a serious threat to national security and public trust.
Significance:
Expanded interpretation of phishing to include targeting government personnel.
Introduced the notion of aggravating circumstances in phishing offences.
3. State of Maharashtra vs. Shubham Jain (2017)
Facts:
Accused created fake websites of a popular e-wallet company.
Collected user credentials via phishing links sent through SMS and email.
Transferred funds from multiple user accounts.
Legal Issue:
Applicability of IT Act vs IPC in phishing scams affecting digital wallets.
Court Decision:
Convicted under Section 66C and 66D of the IT Act.
Additionally, Section 403 (dishonest misappropriation) of IPC was applied for misusing the funds.
The court emphasized the importance of digital literacy and reporting phishing attempts promptly.
Significance:
Highlighted that fintech platforms are major targets for phishing.
Reinforced multi-layered prosecution (IT Act + IPC) for cyber fraud.
4. State vs. Rakesh Kumar (2018, Karnataka High Court)
Facts:
Accused sent phishing emails impersonating a bank and tricked victims into revealing OTPs.
Transferred money fraudulently to multiple accounts.
Legal Issue:
Liability of intermediaries and phishing perpetrators.
Can phishing be treated as criminal breach of trust?
Court Decision:
Conviction under Section 66C (identity theft) and Section 66D (cheating by impersonation).
Court discussed the responsibilities of banks and email service providers to report phishing activity.
Court clarified that phishing is not just a civil matter; it is a serious criminal offence.
Significance:
Focus on institutional responsibilities in addition to individual liability.
Reinforced deterrent penalties for phishing offenders.
5. U.S. Case Example: United States vs. Vladimir Drinkman (2015)
Facts:
International phishing operation targeting payment card data of millions of credit cards.
Stole around 160 million card numbers from multiple U.S. companies.
Legal Issue:
Large-scale phishing as wire fraud and identity theft under U.S. law.
Court Decision:
Convicted of wire fraud, conspiracy, and identity theft.
Sentenced to 12 years in federal prison.
Significance:
Example of global reach of phishing operations.
Shows that phishing is treated as serious financial and cybercrime internationally, not just in India.
Key Takeaways from the Cases
Legal Framework: Phishing falls under IT Act Sections 66C & 66D and IPC Sections 420, 463, 468, 471.
Multi-layered Prosecution: Courts often apply both cyber law and IPC provisions.
Institutional Responsibility: Banks, fintechs, and intermediaries are urged to warn and prevent phishing.
Severity: Targeting government portals or large-scale financial data attracts heavier punishment.
International Parallels: Phishing is a recognized cybercrime globally, with strict penalties in the U.S., EU, and other jurisdictions.
RELATED Blog
comments