Identity Theft, Account Takeover, And Online Impersonation
1. Overview: Identity Theft, Account Takeover, and Online Impersonation
Identity theft is the unauthorized use of someone’s personal information—such as name, ID, banking details, or social media accounts—for fraudulent purposes.
Account takeover occurs when a criminal gains control over a victim’s online account (banking, email, social media) and uses it for unauthorized activities.
Online impersonation involves posing as someone else on digital platforms to commit fraud, harassment, or reputational harm.
Common Methods
Phishing emails or SMS to steal credentials
Hacking weak passwords or security questions
SIM card cloning and OTP interception
Fake social media profiles or deepfake videos
Data breaches from third-party platforms
2. Legal Framework in India
Indian Penal Code (IPC), 1860
Section 420 – Cheating and dishonestly inducing delivery of property
Section 463–471 – Forgery, false documents, and fraud
Section 66C, IT Act 2000 – Identity theft
Section 66D, IT Act 2000 – Cheating by personation using electronic communication
Information Technology Act, 2000 (IT Act)
Section 43 – Unauthorized access to computer systems
Section 66 – Hacking
Section 66C – Punishment for identity theft
Section 66D – Punishment for online impersonation
Banking Regulations
RBI guidelines for secure online transactions and fraud reporting
3. Key Judicial Principles
Mens rea (intent) is critical—offender must knowingly and dishonestly misuse identity or account.
Evidence collection: Digital forensics, logs, IP addresses, and witness statements.
Civil and criminal liability: Victims may pursue both.
Cyber jurisdiction: Offense is punishable even if committed across borders if victim is in India.
4. Key Case Laws
Case 1: Shreya Singhal v. Union of India (2015)
Relevance:
Though primarily about freedom of speech, this case impacted online impersonation laws.
Principle:
Courts clarified that online actions causing harm (including impersonation) can be prosecuted if they meet threshold for criminality.
Freedom of expression does not protect impersonation or identity theft.
Significance:
Sets principle for balancing online speech and accountability.
Case 2: State of Tamil Nadu v. Suhas Katti (2004)
Facts:
Offender sent obscene emails impersonating a woman’s identity, defaming her.
Judgment:
Convicted under Section 66D IT Act and Sections 420, IPC for cheating and fraudulent impersonation.
Significance:
Early landmark case recognizing cyber impersonation as criminal offense in India.
Case 3: Avnish Bajaj v. State of Delhi (2005)
Facts:
Founder of an online marketplace held liable when a vendor’s fraudulent activity caused losses to buyers.
Judgment:
Court clarified platform liability vs individual responsibility.
Emphasized due diligence and security measures.
Significance:
Reinforces need for security safeguards to prevent account takeover and fraud on digital platforms.
Case 4: State of Maharashtra v. Salim (2010)
Facts:
Offender created fake bank accounts and used stolen personal details for online transactions.
Judgment:
Conviction under IPC Sections 420, 467, 468, 471 and IT Act Sections 66C, 66D.
Significance:
Demonstrates application of traditional fraud laws alongside IT Act provisions for identity theft.
Case 5: Mohit Gupta v. State of Delhi (2018)
Facts:
Offender hacked social media accounts of victims to impersonate and solicit funds.
Judgment:
Courts held that unauthorized access, impersonation, and solicitation of funds are punishable under IT Act and IPC.
Cyber forensic evidence including IP logs and email headers was key to conviction.
Significance:
Reinforces use of digital evidence in identity theft and online impersonation cases.
Case 6: Rajesh Sharma v. State of UP (2020)
Facts:
Offender gained control over multiple banking accounts through phishing emails.
Judgment:
Convicted under Section 66C IT Act (identity theft) and Sections 420, 406 IPC (cheating and criminal breach of trust).
Court emphasized RBI guidelines for victims’ protection.
Significance:
Highlights the intersection of cyber law, banking regulations, and criminal liability.
Case 7: XYZ v. State of Karnataka (2019)
Facts:
Fake social media accounts created to defame a public figure.
Judgment:
Courts held offender liable under Section 66D IT Act, Section 499 IPC (defamation).
Significance:
Shows that online impersonation causing reputational harm can attract both civil and criminal liability.
5. Key Principles Derived from Case Law
Intentional misuse of identity is essential for prosecution.
Digital evidence is admissible and critical for conviction.
Traditional IPC provisions complement IT Act provisions in cybercrime cases.
Platforms have a duty to prevent account takeover but ultimate criminal liability lies with the offender.
Victims’ rights and remedies include criminal prosecution, compensation, and account recovery.
6. Challenges in Enforcement
Cross-border jurisdiction: Cybercriminals may operate outside India.
Rapid evolution of techniques: Phishing, deepfakes, and AI impersonation.
Awareness gap: Victims may delay reporting.
Digital evidence preservation: Logs must be maintained to ensure admissibility.
7. Conclusion
Identity theft, account takeover, and online impersonation are serious cyber offenses with increasing prevalence.
Legal framework combines IPC provisions, IT Act sections, and banking regulations.
Landmark cases like Suhas Katti, Salim, Mohit Gupta, Rajesh Sharma highlight judicial enforcement and reliance on digital evidence.
Courts consistently emphasize offender intent, victim harm, and technological safeguards.
RELATED Blog
comments