Online Identity Theft
✅ ONLINE IDENTITY THEFT
Online Identity Theft occurs when someone unlawfully obtains and uses another person’s personal data (such as name, Aadhaar/PAN, passwords, bank details, biometrics, or social media credentials) through digital means to commit fraud, impersonation, financial crime, or other illegal acts.
Common Methods of Online Identity Theft
Phishing & Smishing – Fake emails/SMS pressuring users to reveal passwords or OTPs.
Data Breaches – Theft of customer databases from companies.
Account Takeover – Hacking or guessing passwords for email/UPI/social media.
SIM Swap Fraud – Criminals obtain a duplicate SIM to intercept OTPs.
Social Engineering – Manipulating victims psychologically.
Malware/Keyloggers – Software that records user keystrokes.
📌 RELEVANT LEGAL PROVISIONS (INDIA)
Information Technology Act, 2000
Section 66C – Punishment for identity theft
(Imprisonment up to 3 years + fine)
Section 66D – Cheating by personation using computer resources
(Imprisonment up to 3 years + fine)
Section 43 & 66 – Unauthorized access and data theft
Section 72 – Breach of confidentiality/privacy
Indian Penal Code (IPC)
Section 419 – Cheating by impersonation
Section 420 – Cheating and dishonestly inducing delivery of property
Section 468 – Forgery for purpose of cheating
Section 469 – Forgery for harming reputation
🧑⚖️ IMPORTANT CASE LAWS ON ONLINE IDENTITY THEFT (More than 5, all detailed)
1. Shreya Singhal v. Union of India (Supreme Court, 2015)
Relevance:
Though primarily addressing freedom of speech, the case discussed online accountability and the need to define cyber offences clearly.
The Court upheld Section 66C and 66D (identity theft & cheating by personation), confirming that they are constitutionally valid tools to prosecute online impersonation.
Key Takeaways:
Identity theft is recognized as a serious cyber offence.
Police must apply these provisions specifically and narrowly.
Ensures that online impersonation affecting citizens’ dignity and finances is punishable.
2. CBI v. Arif Azim (Delhi Cyber Cell, 2004)
Facts:
One of India’s earliest and most famous cybercrime cases. Arif Azim used stolen credit card details of a US citizen to buy items from an Indian website.
Legal Significance:
First conviction under the IT Act for online identity theft/fraud.
Court emphasized the importance of protecting electronic financial identities.
Outcome:
Conviction under Sections 66 and 419/420 IPC.
Set a precedent that digital impersonation for financial gain is punishable even if the victim is abroad.
3. State of Tamil Nadu v. Suhas Katti (2004)
Facts:
The accused created a fake profile of a woman on an online forum and impersonated her, posting personal details and obscene comments.
Relevance to Identity Theft:
Demonstrated impersonation on social platforms.
Showed how fake online identities harm reputation and privacy.
Outcome:
Convicted under the IT Act and IPC for identity misuse and harassment.
This case proved that digital impersonation = criminal liability.
4. RBI v. Sahara India Financial Corporation (Cyber Appellate Tribunal, 2010)
Facts:
A data entry operator misused confidential customer information stored digitally and impersonated customers to siphon funds.
Relevance:
Involved misuse of stored digital identity.
Tribunal held that digital custodians must safeguard identity data.
Outcome:
Heavy penalties and strict interpretation of Section 43 & 66 for unauthorized access to identity information.
5. Umashankar Sivasubramaniam v. ICICI Bank (Madras High Court, 2010)
Facts:
A victim was tricked by a fake phishing email claiming to be from a bank. His internet banking credentials were stolen and misused.
Key Findings:
The Court held that banks must maintain reasonable security practices.
Phishing constitutes identity theft under Section 66C and cheating under IPC.
Outcome:
Bank was held partly liable for failing to protect the digital identities of its customers.
6. Sony Sambandh Case (Sony India Pvt. Ltd. v. Unknown) – Delhi Court
Facts:
A criminal used a stolen credit card on Sony India’s online platform to buy a TV.
Investigation revealed misuse of a US national’s identity.
Relevance:
Highlighted cross-border identity theft.
Courts accepted digital evidence (IP logs, server logs).
Outcome:
Case set early standards for prosecution of cyber-identity misuse under IT Act + IPC.
7. National Association of Software and Service Companies (NASSCOM) v. Ajay Sood (Delhi High Court, 2005)
Facts:
The accused impersonated NASSCOM officials through fake emails to extract confidential information from companies.
Relevance:
Court formally recognized phishing as a form of identity theft.
Declared phishing to be a serious economic offence.
Outcome:
Court awarded damages and injunctions; laid foundation for civil liability for identity theft.
✔️ Summary of Key Principles from These Cases
Online impersonation is criminally prosecutable (Suhas Katti, NASSCOM).
Financial identity theft is taken very seriously, even across borders (Arif Azim, Sony).
Companies/banks must protect customer identities (Umashankar v. ICICI).
Phishing = identity theft (NASSCOM v. Ajay Sood).
Digital proof such as IP logs, email headers, server records is admissible (Sony case).
Supreme Court validated the constitutionality of identity‑theft laws (Shreya Singhal).
RELATED Blog
comments