Tuesday, September 15, 2015

Change of Bank details fraud

-Adv. Rajas Pingle, Cyber Law Expert, Netlawgic Legal Services LLP.
Although not new in other countries, the “change of bank details” scam has taken Indian Companies by a storm, where large amount money is getting siphoned off from their respective bank accounts.

Modus Operandi 

The Fraudsters will hack into the email accounts of the targeted Companies and learn about the business transactions between Company A (the seller, the consignor) and Company B (the buyer, the paying company).  Later, fraudsters, impersonating to be Company A, will send fictitious emails (which are very similar to genuine emails) to Company B, claiming that the payment receiving bank account number have changed, and requesting Company B to credit the amount payable to the designated bank account (Fraudster's bank account). Once the money is transferred to the fraudster's bank account, it will be further routed to different bank accounts or will be withdrawn within very short span of time.
The Police investigation shows that its very difficult to pinpoint these fraudsters as they use advanced techniques to hide their 'Internet Protocol' addresses.

To avoid being the next victim, here are some simple precautions.

1) Get the landline numbers of the Supplier's office (even Skype accounts can be hacked) and get in touch with the respective senior management/employees of the Supplier Company.
2) Ask each supplier for their bank accounts in advance and if at all theres a change in the bank account, confirm the same over landline/phone.
3) Email accounts can be hacked we have already established that, for an extra level of safety: have invoices faxed to you, and check whether the sending fax number belongs to the Supplier’s Company.
4)A small amount of wire transfer can be done to check the authenticity of the Supplier's bank account.
5) Watch out for the give aways:
  • Often the letter will include the invitation “in order to confirm this instruction, please call me on my direct dial number xxx” – this will be an unconnected rented line or accommodation office managed by the fraudsters;
  • Similarly beware of supposedly confirmatory emails from almost identical email addresses, eg .com instead of .co.in, or, abcd@xyz1.com instead of abcd@xyz.com which has been set up by the fraudster for that purpose;
  • Does the letter or email contain any errors? – often many typos can be found.
6) The most important thing to do would be, to educate employees/staff in your Company/Organisation by inviting industry experts for trainings/informative sessions on 'Cyber Crimes & Information Technology Law' 
Disclaimer: This does not constitute a legal opinion and would not create Attorney-Client relationship. This article is only for information and awareness purpose and merely a possible interpretation of the law.
Picture - http://siliconangle.com/blog/2015/08/10/ubiquiti-networks-falls-victim-to-46-7m-email-scam/

Monday, January 19, 2015

Power to Adjudicate vis-à-vis Compensation Suits

-Adv. Rajas Pingle, Cyber Law Expert, Netlawgic Legal Services LLP.
- http://rajaspingle.blogspot.in/


Keeping in mind the ever increasing amount Cyber Crimes in the country and the over burdened Courts to decide the cases relating to loss of a party, Legislators introduced Section 46 in Information Technology Act, 2000 which specifically empowers the IT Secretary (Adjudicating Officer) of a respective state to hear and decide compensation suits for which the amount does not exceed Rs. 5 Crore. Furthermore the Adjudicating Officer has been empowered with certain powers of Civil Court.

When can a victim file a complaint before Adjudicating Officer?

A person who is affected by the following acts of a perpetrator can file a complaint before Adjudicating Officer mainly under Section 43 and 43A of the Information Technology Act, 2000.
Section 43: If any person without permission of the owner or any other person who is in-charge of a computer, computer system or computer network -
(a) accesses or secures access to such computer;
(b) downloads, copies or extracts any data, computer data base or information from such computer, including information or data held or stored in any removable storage medium;
(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer;
(d) damages or causes to be damaged any computer
(e) disrupts or causes disruption of any computer
(f) denies or causes the denial of access to any person authorized to access any computer
(g) provides any assistance to any person to facilitate access to a computer,
(h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer
(i) destroys, deletes or alters any information residing in a computer resource
(j) Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code.
Compensation limit - As per the loss
Section 43A:
Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, to the person so affected
Compensation limit - As per the loss

Duration of the Proceedings

According to the Information Technology (Qualification and Experience of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003, Rule 4(k) clearly states that, as far as possible, every application shall be heard and decided in four months and the whole matter in six months.
How is the Quantum of Compensation decided?
The following factors are taken into the consideration while adjudicating the matter;(a) the amount of gain of unfair advantage, wherever quantifiable, made as a result of the default;
(b) the amount of loss caused to any person as a result of the default;
(c) the repetitive nature of the default.

To sum up the article, people who have been affected by the instances like,

  • Unauthorised Copying of Data/Data Theft;
  • Credit/Debit Card fraud;
  • Net Banking Fraud;
  • Damage to the Computer;
  • Body Corporate negligent in protecting your sensitive personal information;
  • Denial of access to the Computer (Mobile phone, tablet, Laptop etc..) and so forth..
can approach the Adjudicating Officer which is the IT Secretary of every state.
Disclaimer: This does not constitute a legal opinion and would not create Attorney-Client relationship. This article is only for information and awareness purpose and merely a possible interpretation of the law.
Image - http://searchbuzz.co/wp-content/uploads/2012/05/ehh-630-gavel-keyboard-law-istock-630w.jpeg
Image Copyrights are with the Owner.