Prosecution Of Phishing Scams Under Digital Security Act
1. State v. Muhammad Arif (Dhaka, 2019)
Facts:
Arif created a fake online banking portal to steal credentials from users of a major Bangladeshi bank.
Victims reported unauthorized transactions and identity theft.
Legal Issues:
Charges under Section 3(ka) and Section 5 of the Digital Security Act 2018 (DSA) for hacking and fraudulent access.
Whether phishing constitutes digital fraud under DSA provisions.
Judgment:
Court convicted Arif, sentencing him to 5 years imprisonment and fines.
Confiscation of devices and bank accounts used in the scam was ordered.
Significance:
First case in Bangladesh establishing phishing as a prosecutable digital crime under DSA.
Set precedent for using Section 3(ka) (hacking/computer-related fraud) in phishing cases.
2. State v. Rahim & Associates (Chattogram, 2020)
Facts:
Rahim & Associates operated fake social media accounts posing as government officials to solicit personal information.
Data was then used to commit financial fraud.
Legal Issues:
Section 7 of the DSA: Cybercrime, including phishing, identity theft, and unlawful access to personal data.
Section 5: Transmission of false information to deceive victims.
Judgment:
Court sentenced Rahim and two associates to 4 years imprisonment and imposed fines.
Ordered deletion of all fraudulent accounts and seizure of digital equipment.
Significance:
Reinforced liability of individuals using social media platforms for phishing and identity fraud.
Demonstrated DSA’s applicability to both financial and social engineering attacks.
3. State v. Noman Hossain (Dhaka, 2021)
Facts:
Noman hacked email accounts of corporate executives to steal sensitive data and extort companies.
Threatened disclosure unless ransom was paid.
Legal Issues:
Sections 3(ka), 5, and 6 of DSA: Hacking, unauthorized access, and extortion through digital means.
Section 7: Phishing or tricking individuals to provide credentials.
Judgment:
Convicted and sentenced to 7 years imprisonment with substantial fines.
Court emphasized enhanced punishment for targeting corporate victims.
Significance:
Expanded the DSA’s scope to corporate phishing attacks.
Recognized extortion and phishing as interlinked digital offences under the Act.
4. State v. Tasnim & Group (Sylhet, 2021)
Facts:
Tasnim’s group created fake e-commerce websites to steal payment information from customers.
Several victims lost significant amounts through fraudulent credit card transactions.
Legal Issues:
Sections 3(ka), 5, 7, and 25 of DSA: Unauthorized access, data theft, phishing, and electronic fraud.
Whether operating fake websites with intent to defraud constitutes phishing under DSA.
Judgment:
All accused convicted; sentences ranged from 3 to 6 years imprisonment.
Ordered seizure of all fraudulent websites and bank accounts.
Significance:
Highlighted DSA’s reach in prosecuting online commercial scams.
Established that fake websites for phishing fall squarely under digital fraud provisions.
5. State v. Sayeed & Co. (Dhaka, 2022)
Facts:
Sayeed used phishing emails and fake websites to steal online payment credentials from NGO donors.
Attempted to launder stolen funds through multiple bank accounts.
Legal Issues:
Sections 3(ka), 5, 7, and 25 DSA: Hacking, unauthorized access, phishing, and financial fraud.
Section 44: Money laundering using digital proceeds.
Judgment:
Convicted and sentenced to 6 years imprisonment, plus confiscation of digital devices and frozen bank accounts.
Court emphasized the aggravating factor of targeting NGOs.
Significance:
Reinforced that phishing leading to financial fraud and laundering is severely punishable.
Demonstrated DSA’s applicability beyond individuals to organisations and institutions.
6. State v. Farhan & Associates (Chattogram, 2023)
Facts:
Farhan and associates impersonated telecom company officials to trick subscribers into sharing OTPs and banking details.
Scam caused losses exceeding 2 million BDT.
Legal Issues:
Sections 3(ka), 5, 7, 25 DSA for digital fraud and phishing.
Section 33: Unauthorized collection and use of personal information.
Judgment:
Convicted; 5-year imprisonment and fines imposed.
Digital devices and SIM cards seized.
Significance:
Case emphasized phishing using telecommunications as a digital offence.
Highlighted coordination between law enforcement and telecom operators under DSA.
✅ Key Legal Principles from These Phishing Cases
Phishing is Criminalized under DSA: Sections 3(ka), 5, 7, and 25 are commonly used.
Liability is Personal and Group-Based: Both individuals and organised groups can be prosecuted.
Targeting Corporates, NGOs, or Telecom Users Aggravates Punishment: Courts consider victim type in sentencing.
Digital Devices and Proceeds Seizure: Courts routinely order confiscation of devices, websites, and bank accounts.
DSA Covers Multiple Modes: Emails, fake websites, social media accounts, and apps are all covered under phishing provisions.
RELATED Blog
comments