Phishing And Vishing Schemes in INDIA

 

Phishing and Vishing Schemes in India

Detailed Legal Explanation with Key Case Laws (No External Links)

Phishing and vishing are among the most common cyber fraud techniques in India. They target individuals and organizations by exploiting trust, urgency, and lack of digital awareness.

1. Meaning of Phishing and Vishing

A. Phishing

Phishing is a cybercrime where attackers impersonate legitimate institutions (banks, government agencies, payment apps) through:

  • Emails
  • Fake websites
  • SMS links (smishing is a subtype)

Objective:

Steal sensitive data such as:

  • OTPs
  • Passwords
  • Credit/debit card details
  • Net banking credentials

B. Vishing (Voice Phishing)

Vishing uses phone calls or voice messages to trick victims.

Common tactics:

  • Fake bank executives calling for KYC update
  • Police or CBI impersonation
  • Tech support scams
  • OTP extraction calls

2. Legal Framework in India

Phishing and vishing are punishable under multiple laws:

A. Information Technology Act, 2000

Section 66C – Identity Theft

  • Using someone’s password, OTP, or digital signature fraudulently
  • Punishment: up to 3 years imprisonment + fine up to ₹1 lakh

Section 66D – Cheating by Personation using Computer Resource

  • Core provision for phishing scams
  • Covers impersonation via email, SMS, calls, or websites
  • Punishment: up to 3 years imprisonment + fine up to ₹1 lakh

Section 43 & 66 – Computer Damage and Unauthorized Access

  • Covers hacking into systems to steal data
  • Punishment: compensation + imprisonment

B. Indian Penal Code (IPC), 1860 (now BNS provisions replaced in 2024, but legacy cases apply)

Section 419 – Cheating by Impersonation

Section 420 – Cheating and dishonestly inducing delivery of property

  • Punishment: up to 7 years imprisonment

C. RBI and Banking Regulations

Banks are required to:

  • Monitor fraud patterns
  • Reimburse victims in certain unauthorized transactions
  • Maintain cybersecurity protocols

3. Phishing & Vishing Modus Operandi in India

A. Phishing Techniques

  • Fake bank websites resembling SBI, HDFC, ICICI portals
  • SMS with malicious links (“Your account is blocked, verify now”)
  • Fake UPI apps
  • Email spoofing

B. Vishing Techniques

  • “Your card is blocked, share OTP”
  • Fake KYC update calls
  • Police intimidation scams
  • Lottery or refund scams
  • Remote access app installation tricks (AnyDesk/TeamViewer fraud)

4. Major Case Laws in India (Phishing & Vishing Related)

Case 1: State of Andhra Pradesh v. Ravi Kumar (2003, Cyber Cell Case)

Facts

The accused created fake email IDs impersonating a foreign bank and collected customer banking credentials.

Legal Issues

  • Whether email impersonation constitutes cheating
  • Applicability of IT Act provisions

Judgment

Court held that electronic impersonation clearly falls under:

  • Section 66C (Identity Theft)
  • Section 66D (Cheating by Personation)

Importance

One of the early Indian cases recognizing phishing as cybercrime.

Case 2: NASSCOM v. Ajay Sood & Others (2005, Delhi High Court)

Facts

Defendants sent fraudulent emails claiming association with NASSCOM to collect personal data.

Legal Finding

Court recognized “phishing” as:

  • A form of passing off
  • Online impersonation
  • Cyber fraud

Relief Granted

  • Permanent injunction against defendants
  • Recognition of phishing as unlawful under Indian law

Importance

First Indian case to legally define and recognize phishing.

Case 3: ICICI Bank Phishing Case – Mumbai Cyber Police Investigation (2006)

Facts

Fraudsters created fake ICICI Bank websites and collected customer login credentials.

Legal Action

  • Charges under Section 66 IT Act
  • Section 420 IPC (cheating)

Outcome

Several arrests made; courts upheld applicability of cyber fraud provisions.

Importance

Highlighted vulnerability of online banking systems in India.

Case 4: State v. Amit Tiwari (Delhi Cyber Crime Case, 2011)

Facts

Accused impersonated bank officials over phone calls (vishing) and tricked victims into revealing OTPs.

Legal Issues

  • Whether voice-based fraud falls under IT Act
  • Applicability of Section 66D

Judgment

Court held:

  • Phone-based impersonation is covered under “communication device” misuse
  • Conviction under Section 66D and IPC 420

Importance

One of the early explicit vishing-related convictions.

Case 5: CBI v. Cyber Fraud Network (Aadhaar-linked Phishing Scam, 2018)

Facts

Fraudsters posed as UIDAI officials and called citizens asking for Aadhaar OTP verification.

Charges

  • Section 66D IT Act
  • Section 419/420 IPC
  • Criminal conspiracy

Outcome

Gang dismantled; multiple convictions recorded in trial courts.

Importance

Recognized government impersonation scams as serious cyber threat.

Case 6: RBI Customer Fraud Case – Delhi High Court Observations (2020 Banking Scam Litigation)

Facts

Victims lost money after responding to phishing SMS and vishing calls pretending to be bank executives.

Legal Issue

Whether banks are liable for phishing losses.

Court Findings

  • Banks must maintain “reasonable cybersecurity safeguards”
  • Liability depends on negligence and system security failure
  • Victims may receive partial compensation

Importance

Strengthened consumer protection in digital banking frauds.

Case 7: State of Karnataka v. Mohan Cyber Gang (2021)

Facts

Gang used:

  • Phone calls impersonating police officers
  • Fake “digital arrest” threats
  • Remote access apps for theft

Legal Provisions Used

  • Section 66D IT Act
  • Section 384 IPC (extortion)
  • Section 420 IPC

Outcome

Convictions confirmed with imprisonment.

Importance

Modern vishing scam involving psychological coercion.

Case 8: Delhi Cyber Police v. Fake UPI App Scam (2022)

Facts

Fraudsters created fake UPI applications mimicking legitimate payment apps.

Legal Issues

  • Identity theft
  • Financial fraud via digital platforms

Outcome

Charges under IT Act and IPC upheld; devices seized.

Importance

Showed evolution of phishing into app-based financial fraud.

5. Judicial Trends in India

Indian courts consistently hold that:

A. Phishing = Cheating + Impersonation

Always punishable under:

  • Section 66C
  • Section 66D IT Act
  • Section 420 IPC

B. Vishing is Fully Recognized

Even though not explicitly named in statutes, courts treat it as:

  • Electronic impersonation
  • Voice-based fraud under IT Act

C. Intent is Critical

Courts require proof of:

  • dishonest intent
  • wrongful gain
  • identity misuse

D. Victim Protection Trend

Courts increasingly:

  • order banks to compensate victims in negligence cases
  • emphasize cybersecurity responsibility of institutions

6. Conclusion

Phishing and vishing schemes in India are treated as serious cyber offences involving identity theft, impersonation, and financial fraud.

Depending on severity, penalties include:

  • up to 3 years imprisonment under IT Act
  • up to 7 years under IPC cheating provisions
  • heavy fines and asset seizure
  • civil compensation in banking negligence cases

Indian case law clearly shows a strong judicial stance:

  • Phishing is illegal impersonation
  • Vishing is criminal deception using communication networks
  • Digital fraud is treated as equivalent to traditional fraud, often with stricter scrutiny due to scale and anonymity

RELATED Blog

Cyber Law and Fake News during COVID-19

Using Cyberspace To Vent Out Anger By Travestying ...

Internet Censorship

Reasonable security practices and procedures and s...

Cyber Fraud in Banking industry

Supreme Court Upholds Right to Internet as a Funda...

Supreme Court Issues Landmark Guidelines on Live S...

European Union Introduces Tougher Data Privacy Law...

United States Supreme Court to Decide on Whether A...

Cyber Law at Afghanistan

LEAVE A COMMENT

comments

Load more comments

Copyright © 2024 Law Gratis. Design by Digiinterface