Written by Indraneel Chakraborty [i] and Anshit Minocha [ii]
[i] [ii] Second Year students, BA. LLB. School of Law, University of Petroleum and Energy Studies (UPES), Dehradun
Disclaimer: Please note that the views expressed below represent the opinions of the article's author. The following does not necessarily represent the views of Law & Order.
It is rightly said, “there are two sides to a coin”.
While the World Wide Web, or as we know it better, ‘The Internet’, is a global network that links all electronic devices connected to it to the whole world, there exists a substantial negative flipside to its virtues.
Although the invention of the Internet has contributed immensely to mankind with its ingenious resourcefulness and convenient method of access and aiding further discoveries in all fields of learning, the vices of the Internet have surprisingly been overlooked for a long time.
In this era of digitalisation, where the entire world is getting virtually connected every day, reports of cyber-crimes and parallel digital offences are intensifying drastically. One such heinous crime, which is acknowledged as the fastest-growing crime in the cyber realm is Identity Theft.
Identity theft is a criminal offence in which an individual fraudulently or deceitfully obtains crucial information or documents belonging to another individual. According to the data collected by the Consumer Sentinel Network, an organisation under the supervision of the Federal Trade Commission (FTC) of America, which keeps a track of such occurrences, it was reported that there were 3.2 million reports lodged in 2019, out of which 650,572 (20.33%) cases were identity theft complaints. In India, every 4 in 10 individuals have experienced some form of identity theft.
According to the Cyber Safety Insights Report by cyber safety firm NortonLifeLock, identity theft and cyber-crimes are more prominent among men as compared to women. Consequently, identity thefts are reported comparatively more often by men than women. While 84% of men proclaim being victims of identity theft, only 76% of women have met with the crime. It is also revealed that frequency in identity theft crimes is relatively greater amidst young adults below the age of 40, as compared to older adults aged 40 plus.
Types of Identity Theft
According to the Federal Trade Commission, the sub-categories of Identity Theft committed in 2019 are enumerated as follows:
Some of the popular methods in which hackers and infiltrators attain our sensitive information are discussed below:
● Phishing: Cyber criminals send counterfeit e-mails or text messages that look genuine at the first blush. The URLs in these emails or texts stealthily downloads potentially malicious software which is also known as virus or malware. The malware might then access sensitive information on our computer systems. Cybercriminals use this convincing strategy to carry out abundant thefts.
● Skimming: Credit card or ATM card skimming occurs when criminals supplant illegitimate card identities within appliances at investment counters or other categories of corresponding systems that are categorically used for sale purposes such at ration stores, tea stalls, gas stations, etc. This technology transmits the data of the person swiping the card to the ‘skimmer’, i.e. the person who is hell-bent on obtaining such data illegally.
● Wi-Fi Hacking: Numerous public Wi-Fi hotspots are unprotected and could be easily infiltrated by criminals who can virtually breach these Wi-Fi hotspots to eavesdrop data which is digitally transmitted from our electronic devices.
● Vishing: This is an extensively used method that involves communicating with the person who is made the target of identity theft. This method of identity theft involves fraudulent calls to the target claiming to be from a bank or agency and asking the target to comply with an investment of money or to share confidential passcodes with the caller.
● Data Breaches: Data breaches can materialise on any proxy website which is unprotected and they can intrude into our personal information and render the data compromised on the dark web.
● Mail Theft: Thieves may delve into our emails with prospects of procuring intimate and sensitive information. For instance, a thief acquiring our credit card statement containing the confidential account/PAN number which might further result in the criminal committing subsequent crimes.
● Dumpster Diving: Some thieves go around exploring garbage cans and searching waste bins in pursuit of unopened pre-approved credit cards or other financial credentials.
The Fate of the Information Post-Identity Theft
Identity thieves gain profit from our personal information in a lot of ways, such as:
● Stealing Money or other Financial Benefits: Identity thieves misuse our personal information primarily to earn money. The amount of financial damage they are capable of inflicting depends on the amount and the type of information they possess. For instance, a thief in possession of our banking credentials might cause unauthorised charges to our account. In case they somehow obtain extremely sensitive information, they might even be able to steal tax returns, maliciously procure medical treatment with the help of our health insurance information, claim governmental benefits, etc.
● Information might be sold on the Dark Web or Underground Markets: After a successful data breach, the thieves might expose our information covertly and it might be prone to be sold on the Dark Web, i.e. the secretive portion of the internet which is inaccessible by regular search engines. According to Experian, one of the world’s leading information services company, American Social Security numbers are usually sold for $1 per number on the dark web, credit cards up to $110, driving licenses for $20, and U.S. passports for up to $2,000.
● Impersonating the Victims: Identity thieves create counterfeit social media profiles pretending to impersonate their victims and with the help of our personal information, they can fraudulently rent homes, pass background checks for provisional jobs, as well as significantly harm the reputation of the victim concerned. Professional fraudsters usually target individuals with a strong financial foundation and no criminal antecedents.
Red Flags of Identity Theft and the Necessary Steps to Undertake in case of Identity Theft
The following signs are critical red flags of probable identity theft, and if we recognise any of them, we must act immediately. We must look out for:
1. If our financial statements have irregular discrepancies or they illustrate purchases/withdrawals we did not make.
2. We receive unnecessary calls from the credit or debt collectors regarding charges/loans we don’t recognise.
3. Our regular bills and account statements don’t arrive on time.
4. Unwarranted collection notices on our credit reports.
5. Unexpected denial of a loan or a job even when we own a strong credit score.
6. An email from UIDAI which says our Aadhar number was recently used.
7. Receiving medical bills for services we didn’t utilise.
8. Not receiving bills in the mail. This sign signifies that someone has infringed our data and altered our regular billing address.
If we recognise one or more of such signs, we must report them immediately. Identity theft could be reported in the nearest police station or the cybercrime cell of the state. The receipt of the police complaint is also required to claim compensation from the bank. An online complaint can also be lodged on cybercrime.gov.in, which is an online portal fabricated by the Ministry of Home Affairs, Government of India to report such offences. It is recommended that we keep all forms of evidence handy before registering a complaint about identity theft viz. credit reports, bank statements, call logs, trail mails et al.
Laws Governing Identity Theft in India and How to Keep Ourselves Protected
The vicious act of committing identity theft is criminalised under Section 66(C) of the Information Technology Act, 2000 and it sustains imprisonment which may extend up to 3 years along with fine. Although it is uncertain that we won’t encounter identity theft if we abide by all preventive measures, there exist numerous manoeuvres by which we can at least avoid being the chief target of a cybercriminal having an objective to steal our identity and use it for various illegal, immoral and illicit activities. The NortonLifeLock survey conducted in India in early 2020 reported that about 80% of the respondents have been victimised of cybercrime, with 66% of the respondents being victims in the last 12 months. Hence, it becomes vital to adopt measures to ensure our digital identity remains protected.
In the case of Vinod Kaushik & Anr. v. Madhvika Joshi & Ors. , it was adjudicated that, since the wife was maliciously accessing the email accounts of her husband and her father-in-law; because of such unlawful intrusion, she was subjected to criminal liability under Section 66C of the Information Technology Act, 2000.
We can securely protect our online information from being misappropriated in the following ways:
1. Fragment and archive all the records or sensitive information that reveal any personal, pecuniary, or pharmaceutical information.
2. Do not acknowledge any email, text, or phone calls from unknown callers or spam callers which can be pinpointed by stationing numerous applications in mobile devices like True Caller which displays the identity of the caller beforehand.
3. Shred all forms of redundant personal/financial documents, papers, and leaflets before disposing them off.
4. Construct passwords that are an amalgamation of alphabets, numbers, and special characters and avoid using similar passwords for more than one or two accounts.
5. While using an open public Wi-Fi network, avoid accessing or sharing any information of sensitive nature. Also, we must use a Virtual Private Network (VPN) application to securely encrypt our connection for an additional layer of security.
6. Always use anti-virus software on all active devices and ensure that the firewall is activated to slab undesirable applications or commands on our computer as well as mobile devices.
Identity theft or identity frauds are major forthcoming threats in cybercrime which are continually evolving. The considerable growth in such crimes emphasises the necessity for dedicated cyber legislation as well as the implementation of safety regulations and authentication policies on digital financing websites. As of now, the Information Technology Act of 2000 is the only legislation which regulates and penalises the commission of such offences in the cyber jurisdiction. Unfortunately, the current legislation lacks any dedicated provisions concerning personal data protection and imminent cybercrimes and is devoid of any preventive mechanism to cope with the variability of such offences. Therefore, rigorous data protection laws are of paramount importance to be incorporated in the judicial framework of ‘Digital India’.
Of late, Indian citizens are taking cognizance of their sensitive information online as well as offline. This expeditious awareness has partly aroused in light of the Aadhar Data Breach of January 2018, which is regarded as the biggest identity theft on a global scale. In the Aadhar data swindle episode, confidential information of 1.1 billion Aadhar cardholders was compromised by UIDAI, Government of India and was being sold in the black markets at hysterically meagre prices. The individuals who are generally most vulnerable in getting involved in such data rifts by online fugitives are those who invest in online trading and digital transactions without verifying the authenticity of the source.
The 2016 Indian banknotes demonetisation incident and the Coronavirus (COVID-19) outbreak in 2020 have significantly abetted the ideology of “Digital India” as these events compelled a lot of Indian citizens to switch to digital transactions in order to preserve cash and stay aloof from a lethal contagion respectively. While the Digital India programme envisions an outlook to transform India into a digitally empowered society, it ignores the domain of pervasive illiteracy as well as the marginalised section of the society, who are oblivious of any such technological breakthroughs. Since uploading personal information on the Internet is a very delicate affair, half-knowledge about technology could potentially summon more harm than good for the benighted netizens.
The sweeping upsurge in identity thefts, data breaches, cyber extortions et al. testifies the exigency in constructing essentially compelling resolutions to minimise such occurrences. Insulating perceptive data and classified information on the internet is the need of the hour in acquiring immunity from being preyed upon by inconceivable tricksters and conmen all over the internet.
Our privacy is in our hands and if we act ignorantly, the consequences of identity theft might be catastrophic.
In the words of former United States Senator William “Bill” Nelson, “If we don’t act now to safeguard our privacy, we could all become victims of identity theft.”
 Bill Fay, What is Identity Theft?, DEBT.ORG.  Consumer Sentinel Network, Data Book 2019 2, FEDERAL TRADE COMMISSION (Jan., 2020).  Id. at 7.  Hemani Sheth, 4 in 10 Indians have experienced identity theft in the virtual world: Report, THE HINDU BUSINESSLINE (Apr. 08, 2020).  The Harris Poll, 2019 Cyber Safety Insights Report Global Results, NORTON LIFELOCK ™ (Mar. 30, 2020).  Id.  Supra note 2.  Brian Stack, Here’s How Much Your Personal Information is Selling for on the Dark Web, EXPERIAN (Dec. 06, 2017).  Abhijit Ahaskar, Every four of 10 Indians have experienced identity theft, NortonLifeLock, LIVEMINT (Apr. 07, 2020).  (2011), Appeal No. 2 of 2010 – Before the Cyber Appellate Tribunal, New Delhi.  Yogesh Sapkale, Aadhar Data Breach Largest in the World, Says WEF’s Global Risk Report and Avast, MONEYLIFE.IN (Feb. 19, 2019).  Id.  Bill Nelson Quotes, BrainyQuote.com, BRAINYMEDIA INC. (Jul. 3, 2020).
1. Abhijit Ahaskar, Every four of 10 Indians have experienced identity theft, NortonLifeLock, LIVEMINT (Apr. 07, 2020, 01:51 PM), https://www.livemint.com/news/india/every-four-of-10-indians-have-experienced-identity-theft-norton-survey-11586245264537.html.
2. Bill Fay, What is Identity Theft?, DEBT.ORG (last visited on Jun. 12, 2020, 11:11 PM), https://www.debt.org/credit/identity-theft/.
3. Bill Nelson Quotes, BrainyQuote.com, BRAINYMEDIA INC. (Jul. 3, 2020), https://www.brainyquote.com/quotes/bill_nelson_168644.
4. Brian Stack, Here’s How Much Your Personal Information is Selling for on the Dark Web, EXPERIAN (Dec. 06, 2017), https://www.experian.com/blogs/ask-experian/heres-how-much-your-personal-information-is-selling-for-on-the-dark-web/.
5. Consumer Sentinel Network, Data Book 2019 2, FEDERAL TRADE COMMISSION (Jan., 2020), https://www.ftc.gov/system/files/documents/reports/consumer-sentinel-network-data-book-2019/consumer_sentinel_network_data_book_2019.pdf.
6. Hemani Sheth, 4 in 10 Indians have experienced identity theft in the virtual world: Report, THE HINDU BUSINESSLINE (Apr. 08, 2020), https://www.thehindubusinessline.com/info-tech/4-in-10-indians-have-experienced-identity-theft-in-the-virtual-world-report/article31289761.ece.
7. The Harris Poll, 2019 Cyber Safety Insights Report Global Results, NORTON LIFELOCK ™ (Mar. 30, 2020), https://us.norton.com/nortonlifelock-cyber-safety-report.
8. Vinod Kaushik & Anr. v. Madhvika Joshi & Ors., (2011), Appeal No. 2/2010 – Before the Cyber Appellate Tribunal, New Delhi (Chairperson: Hon’ble Mr. Justice Rajesh Tandon).
Yogesh Sapkale, Aadhar Data Breach Largest in the World, Says WEF’s Global Risk Report and Avast, MONEYLIFE.IN (Feb. 19, 2019), https://www.moneylife.in/article/aadhaar-data-breach-largest-in-the-world-says-wefs-global-risk-report-and-avast/56384.html