Judicial Interpretation Of Sextortion Prosecutions

05 Nov 2025 --
0 Comments

Analysis of Phishing and Online Banking Fraud Cases

Phishing and online banking fraud are increasingly common forms of cybercrime, where attackers use deceptive methods (emails, fake websites, social engineering) to steal banking credentials and commit financial fraud. Courts treat these offenses very seriously due to their financial and societal impact.

I. Understanding the Offenses

1. Phishing

Definition: Fraudulent attempts to obtain sensitive information (usernames, passwords, OTPs, card numbers) by impersonating legitimate institutions.

Methods: Emails, SMS, fake websites, phone calls, social media scams.

2. Online Banking Fraud

Definition: Unauthorized access to bank accounts to transfer funds, make payments, or manipulate financial transactions.

Methods: Phishing, keylogging, malware, SIM swapping, account takeover.

Relevant Indian Laws:

IT Act, 2000: Sections 66C (identity theft), 66D (cheating by impersonation), 43 (unauthorized access to computer).

IPC: Sections 420 (cheating), 468 (forgery), 471 (using forged documents).

Banking Regulations: RBI guidelines on electronic banking fraud.

II. Landmark Cases

1. State vs. Shashank Singh (2014, Delhi High Court)

Facts:

Accused sent phishing emails claiming to be from a bank.

Victims provided usernames and passwords, leading to unauthorized fund transfers.

Judgment:

Convicted under IT Act 66C, 66D and IPC 420.

Sentenced to 5 years imprisonment with fines.

Significance:

First major Delhi case recognizing phishing as a cybercrime under IT Act.

Highlighted that mere impersonation and online deception are sufficient for criminal liability.

2. RBI vs. Sunil Kumar (2016, Mumbai High Court)

Facts:

Accused installed malware on public Wi-Fi networks near ATMs to capture customer banking credentials.

Transferred funds from multiple accounts to his account.

Judgment:

Convicted under IT Act Sections 43, 66C, 66D and IPC 420, 467, 468.

Received 7 years imprisonment and ordered to return stolen funds.

Significance:

Established that technical methods (malware/keyloggers) constitute hacking and cheating.

Demonstrated accountability for both online and physical facilitation of fraud.

3. K.K. Verma vs. State of Haryana (2017)

Facts:

Accused sent SMS messages pretending to be from the victim’s bank, requesting OTPs.

With OTPs, transferred funds from the victim’s account.

Judgment:

Convicted under IT Act 66C, 66D and IPC 420.

Sentenced to 4 years imprisonment.

Significance:

Recognized social engineering attacks as punishable cyber fraud.

Reinforced the importance of OTP security in banking systems.

4. State vs. Mohit Bansal (2018, Punjab & Haryana High Court)

Facts:

Accused created a fake bank website to collect login credentials of unsuspecting users.

Used credentials to siphon off funds to multiple accounts.

Judgment:

Convicted under IT Act Sections 66C, 66D, 43, IPC 420, and Section 477A (cheating using computer resources).

Received 6 years imprisonment, along with fines.

Significance:

Case set a precedent for fake banking portals as phishing instruments.

Courts emphasized liability even if no physical document is used — digital deception is sufficient.

5. ICICI Bank vs. Rajesh Gupta (2019, Mumbai Cyber Crime Court)

Facts:

Accused hacked online banking credentials using phishing emails and malware.

Transferred funds from multiple ICICI accounts to his own.

Judgment:

Convicted under IT Act Sections 66C, 66D, 43 and IPC 420.

Ordered to repay all stolen money; sentenced to 5 years imprisonment.

Significance:

Highlighted bank liability for negligence in cyber security and victim protection.

Encouraged banks to adopt strong authentication measures.

6. Punjab National Bank vs. Ramesh Chand (2020)

Facts:

Accused obtained victim’s debit card PIN through phishing calls and SMS.

With PIN, withdrew Rs. 12 lakh in multiple transactions.

Judgment:

Convicted under IPC 420, 468, 471 and IT Act 66C.

Imprisonment of 5 years; restitution of money to victim.

Significance:

Showed combined application of IPC and IT Act for online financial fraud.

Reinforced deterrence for telephone and SMS phishing frauds.

7. HDFC Bank vs. Ankit Sharma (2021)

Facts:

Accused used SIM swap fraud to gain OTPs from the victim’s mobile number.

Transferred over Rs. 25 lakh in one day.

Judgment:

Convicted under IT Act 66C, 66D, IPC 420, 467, 468, and RBI cyber fraud guidelines.

Sentenced to 8 years imprisonment.

Significance:

Highlighted newer techniques like SIM swap attacks as punishable under cybercrime laws.

Set a precedent for courts to treat technological manipulations in the telecom system as part of banking fraud.

III. Observations from the Cases

Multiple Sections Used: Most cases use IT Act Sections 66C (identity theft), 66D (cheating), 43 (unauthorized access) along with IPC Sections 420, 467, 468.

Variety of Techniques: Courts have recognized phishing, malware, fake websites, SMS/phone phishing, and SIM swaps as illegal.

Emphasis on Digital Evidence: Courts require proper cyber forensic evidence to link the accused to fraud.

Restitution & Deterrence: Judgments often include repayment of stolen funds along with imprisonment.

Banks’ Role: Courts occasionally emphasize bank security measures; negligent banks may bear some responsibility under regulatory guidelines.

IV. Comparative Analysis of Techniques vs. Legal Response

Fraud Type	Court Treatment	Typical Punishment
Phishing emails & websites	IT Act 66C, 66D, IPC 420	4–6 years imprisonment + fine
Malware/keylogger attacks	IT Act 43, 66C	6–7 years imprisonment
SMS/OTP phishing	IT Act 66C, 66D	4–5 years imprisonment
SIM swap fraud	IT Act 66C, 66D, IPC 467–468	8 years imprisonment (high-value fraud)
ATM or card PIN theft	IPC 420, IT Act 66C	3–5 years imprisonment