CYBERCRIME- HOW TO TACKLE, RESPOND AND STOP IT

What is cybercrime?

Cybercrime is any criminal activity that involves a computer, networked device or network.

While most cybercrimes are carried out in order to generate profit for the cybercriminals, some cybercrimes are carried out against computers or devices directly to damage or disable them. Others use computers or networks to spread Malware, illegal information, images or other materials. Some cybercrimes do both — i.e., target computers to infect them with a computer virus, which is then spread to other machines and, sometimes, entire networks.

A primary effect of cybercrime is financial. Cybercrime can include many different types of profit-driven criminal activity, including Ransomware attacks, email and internet fraud, and identity fraud, as well as attempts to steal financial accounts, credit cards or other payment card information.

Cybercriminals may target an individual’s private information or corporate data for theft and resale. As many workers settle into remote work routines due to the pandemic, cybercrimes are expected to grow in frequency in 2021, making it especially important to protect and back up data.

The former category which requires computers as a direct weapon involves the committing of crimes like cyber terrorism, pornography, Intellectual Property Rights Violations etc. Whereas in the latter category crimes like hacking, virus attacks etc are committed. Following is the process of fulfilling cybercrime complaints.

To tackle the issue of cybercrimes, CIDs (Criminal Investigation Departments) of various cities opened up Cybercrime Cells in different cities. The Information Technology Act of India states clearly that when cybercrime has been committed, it has global jurisdiction. and hence a complaint can be filed at any cyber cell.

Steps to File a Cybercrime Complaint

So we all have to accept that if the situation arises in which our loved ones hard earned money just disappeared due to their lack of understanding of the technology or if some of our friends privacy has been breached and their personal information is circulated among the masses without there consent so what should they do or what steps should they follow.

And sometimes if the harm have already has been posed to someone they usually fell in the dark well of utter confusion and unable to understand or comprehend the necessary steps that what they should follow.

The major question arises among there mind usually about he steps are as follows:-

• Where to file a cybercrime complaint?
• What are the steps to register a cybercrime FIR?
• What evidence to provide?

How long to wait before following up and so much more!

In the event of a cybercrime, it is really upsetting to get a grasp on the situation. Worst still, to go through the process of understanding how to file a cybercrime complaint in that gruelling moment! We recommend that one should not wait for a cybercrime to strike to be aware of the response mechanism to a cyber offense.

The following section shall tell you how to file a cybercrime complaint in India in few simple steps.:-

1. The very first step to file a cybercrime complaint is to register a written complaint with the cybercrime cell of the city are currently in.

Rendering to the IT Act, a cybercrime comes under the purview of global jurisdiction. This means that a cybercrime complaint can be registered with any of the cyber cells in India, irrespective of the place where it was originally committed.

At present, most cities in India have a dedicated cybercrime cell. The last section of this article shall provide you with the list of cyber cells in India.

2. When filing the cybercrime complaint, you need to provide your name, contact details, and address for mailing. You need to address the written complaint to the Head of the Cybercrime Cell of the city where you are filing the cybercrime complaint.

3. In case you are a victim of online harassment, a legal counsel can be approached to assist you with reporting it to the police station. Additionally, you may be asked to provide certain documents with the complaint. This would, however, depend on the nature of the crime.

4. Register a Cybercrime FIR: If you do not have access to any of the cyber cells in India, you can file a First Information Report (FIR) at the local police station. In case your complaint is not accepted there, you can approach the Commissioner or the city’s Judicial Magistrate.

5. Certain cybercrime offenses come under the Indian Penal Code. You can register a cybercrime FIR at the nearest local police station to report them.

It is mandatory under Section 154, Code of Criminal Procedure, for every police officer to record the information/complaint of an offense, irrespective of the jurisdiction in which the crime was committed.

6. Most of the cybercrimes that are covered under the Indian Penal Code are classified as cognizable offenses. A cognizable offense is the one in which a warrant is not required for an arrest or investigation.

In this case, a police officer is bound to record a Zero FIR from the complainant. He must then forward it to the police station under the jurisdiction of the place where the offense was committed.

7. Zero FIR offers some solace to victims of cases that require immediate attention/investigation as it avoids wasting time in enlisting the offense on police records.

For Filing Complaints Related to Social Media Cybercrimes:

1. Apart from the above steps, one must also register a complaint on the corresponding platform where the offense was committed. The steps for the same are clearly stated on every social media platform.

2. Most of the social media platforms have a clear procedure in place for reporting any abuse or other nasty offenses. You must make sure that you report such activities in the very initial stages of its occurrence. This shall enable the concerned social media platform to take immediate steps for blocking further activities and protecting the privacy of your personal information.

3. Facebook, Twitter, Instagram, Snapchat, and YouTube have a strict and clear redressal mechanism to protect its users from online abuse and cybercrimes. Make sure that you do your groundwork on their guidelines for reporting an abuse without waiting for an abuse to actually happen!

Registering an Online Cybercrime Complaint

At present, the Ministry of Home Affairs is in the process of launching a centralized online cybercrime registration portal that would eliminate the need to visit a police station for the same. However, the Cybercrime Cell of Delhi Police and Indore have already launched an online portal for educating the masses on cybercrimes and also accepting online cybercrime complaints. Following are the links to file a cybercrime complaint in India through an online portal:

1. http://www.cybercelldelhi.in/

2. http://www.indorepolice.org/cyber-crime.php

DOCUMENTS REQUIRED TO MAKE A COMPLAINT

In Email related Complaints

1. A written Complaint explaining the complete incidence
2. Copy of the alleged Email
3. Email should be taken from the original reciever. Copy of the forwarded email should be avoided
4. Full Header of the alleged Email
5. Copy of email and header should be in both hard & soft forms
6. Soft copy should be given in a CD-R only

In Social Media related Complaints

1. Copy/screenshot of alleged contents/profile
2. Screenshot copy of URL of alleged contents
3. Contents should be in both hard & soft forms
4. Soft copy should be given in CD-R only
   
   

In Mobile Apps related complaints

1. screenshot of the malicious app and the location from where it downloaded.
2. Bank statement from the victim’s account if any transactions made.
3. soft copy of all above mentioned documents in soft form

In Business Email Compromise complaints

1. Brief description of the incident, and consider providing the following financial information:
2. Originating Name
3. Originating Location
4. Originating Bank Name
5. Originating Bank Account Number
6. Recipient Name
7. Recipient Bank Name
8. Recipient Bank Account Number
9. Recipient Bank Location (if available)
10. Intermediary Bank Name (if available)
11. SWIFT Number
12. Date
13. Amount of Transaction
14. Additional Information (if available) – including “FFC”- For Further Credit; “FAV” – In Favor Of
    
    

In Data Theft complaints

1. Copy of data which has been stolen
2. Copyright certificate for the data in question.
3. Details of suspected employee who took the data from company.
4. Following documents related to suspected employee:
   1. Appointment letter
   1. Non-disclosure agreement if any
   1. List of duty assigned.
   1. List of gadgets assigned to the suspected.
   1. List of clients with whom the suspect is in touch.
5. Proof of selling of your copyright data to any client.

 Devices used by the suspect while working with the company, if any.

In Ransomware complaints

1. E-Mail id /phone number or any other means of communication through which ransom has been demanded.
2. If malware was sent in the attachment of the mail. Screenshots of the mail with full header of first receiver should be provided.

In Net banking/ATM Complaints

1. Bank statement from the concerned bank of the last six months.
2. Copy of SMSs received related to the alleged transactions.
3. Copy of your ID proof and address proof as shown in the bank records.

In Fake call frauds

1. Bank statement from the concerned bank for the last six months.
2. Make a copy of SMSs received related to the alleged transactions.
3. Copy of your ID proof and address proof as shown in the bank records.
   
   

In Lottery scams Complaints

1. Bank statement from the concerned bank of last six months.
2. Make a copy of SMSs received related to the alleged transactions.
3. Copy of your ID proof and address proof as shown in the bank records.
   
   

In Bitcoin-related Complaints

1. Complete facts in brief about the incident.
2. Address of Bitcoin.
3. Amount of Bitcoin involved.
4. Address from/to whom purchase/sale of Bitcoins is done.

In Cheating-related Complaints

1. Print out the alleged email along with its full header of the email
2. Email should be taken from the original receiver. Copy of the forwarded email should be avoided
3. Bank statement from the victim’s account.
4. Details of the alleged transaction made.
5. Soft copy of all above-mentioned documents.

In Online Transactions Related Complaints

1. Bank statement from the concerned bank of last six months.
2. Make a copy of SMSs received related to the alleged transactions.
3. Copy of your ID proof and address proof as shown in the bank records.

How to register a Cyber Crime Complaint Online

In the past decades, the advancement in technology and the number of internet users have grown at a great pace and up to a great extent. With the increase in the use of the internet, it is obvious that there will be cons to excessive use as well. Instead of excessive use, certain crimes online are also committed and thus, for the protection of the victim it is necessary to have provisions for registering the complaint and intimating the officials about the commission of the crime for punishing the accused.

Step 1 

Is the situation arises where a complaint for cyber crime has to be informed, it can be done in bot on line and of line mode, the first step is to report the complaint to physical branches of cyber cell India department or if someone one want to complaint ti online they can log int to here which is a website for filing a complaint on line or call on to cybercell helpline number.

Step 2

Victim has to file a written complaint with the cybercrime cell in which the city he or she lives in. but meanwhile cybercrime is a subject matter of worldwide jurisdiction thus, the complaint can file his or her complaint from any where possible irrespective of the fact that the person stem from any other city of India.

Step 3

The following information is required to be stated by the victim at the moment when he/she want to file a complaint with the cyber cell.

• Name of the victim/person filing the complaint,
  • His contact details,
  • Address for mailing.

The written complaint shall be addressed to the head of the department.

Step 4 

In some kind of situation if victim is unable to access the cyber cell, they can report it to their nearest police station by filling First Information Report. If an error occurs and complaint dose dot get accepted in the police station then in that case they can approach the judicial magistrate or the commissioner

Step 5

One can also file a First Information Report under the provision of the Indian Penal Code if the offence falls under this Code. Every so ce officer must complain as it has been made mandatory under section 154 of the Code of Criminal Procedure.

Since most of the cybercrime under the Indian Penal Code are classified under the category of cognizable offences, thus, there is no requirement of any warrant for arresting the accused because cognizable offences are those offences in for thto carry an investigation or for making an arrest there is no requirement of any warrant.

•   The Ministry of Home Affairs is instead establishing and launching a centralised online cybercrime registration portal. The purpose is to remove the requirement of moving to the police station for lodging any cybercrime complaint.
• An online portal for registration of Cybercrime online has been launched by the Cybercrime cell of the Delhi police.

What to do if cyber cell refuses to accept your complaint?

• If the cyber cell refuses to file or accept your cyber complaint one can directly approach the nearest judicial magistrate stating the fact that the complaint has not been accepted under any circumstances.

Jurisdiction

• Information technology Act, 2000 has been dealing with computer and internet-related crimes and according to this act cybercrimes are committed all over the country. Cyber Crime Investigation Cell has jurisdiction all over the country as per section 1 and section 75 of the Information Technology Act, 2000 which deals with guiding principles concerning cyber jurisdiction and has the power to investigate all such crimes with the jurisdiction of Police officers not below the rank of deputy superintendent of police can investigate any offence under this Act.
• The central government shall appoint an officer, not below the rank of a Director to the Government of India or an equivalent officer of a state government to adjudicate and inquire about the matter. 
• Those who do not have a cyber cell in their districts can file an online complaint on the cyber cell of India.

Types of Cyber Crimes

Hacking

Hacking is “a deliberate attempt by a nonauthorized user to affect the vehicle in some material way. This includes, most alarmingly, commandeering the vehicle, but also attempting to partly control it, materially misleading the relevant artificial intelligence, or using ransomware. It also includes efforts to obtain personal or other data from the vehicle or system. It excludes inadvertent errors in the software code that may lead to a crash or other non-deliberate actions, mechanical failures, or malfunctions

A real-life example of Hacking

Vladimir Levin a Russian programmer with a computer software firm in St. Petersburg managed to get access and stole millions of dollars in 1995 from the Citibank network.

Trojan attack

A Trojan Horse Virus is a type of malware that downloads onto a computer disguised as a legitimate program. The delivery method typically sees an attacker use social engineering to hide malicious code within legitimate software to try and gain users’ system access with their software.

A simple way to answer the question “what is Trojan” is it is a type of malware that typically gets hidden as an attachment in an email or a free-to-download file, then transfers onto the user’s device. Once downloaded, the malicious code will execute the task the attacker designed it for, such as gain backdoor access to corporate systems, spy on users’ online activity, or steal sensitive data.

 thus, it is classified as follows-

• Backdoor – it acts like remote control and authorises the hacker to have control over an infected network or computer. It can involve sending or deleting files and also rebooting the computer.
• Trojan- banker- it is used for stealing the legitimate owner’s bank or account details, which includes the details of credit and debit cards as well.
• Trojan downloader- it helps in installing and downloading a new version of malicious software in a particular computer.
• Trojan spy- it helps in tracking data or getting a list of applications etc.

Example of Trojan

A trojan named Zbot has infected more than 37,000 computers in the United Kingdom through a dridrive-download. Users visiting a compromised site would unknowingly receive the virus as a cookie and then it steals all the data of the users.

Virus and worm attack

Viruses and worms are malicious programs that self-replicate on computers or via computer networks without the user being aware; each subsequent copy of such malicious programs is also able to self-replicate.

Malicious programs which spread via networks or infect remote machines when commanded to do so by the “owner” (e.g. Backdoors) or programs that create multiple copies that are unable to self-replicate are not part of the Viruses and Worms subclass.

The main characteristic used to determine whether or not a program is classified as a separate behaviour within the Viruses and Worms subclass is how the program propagates (i.e. how the malicious program spreads copies of itself via local or network resources.)

Example of Virus and worm attack

A virus named Melissa is considered to be the most damaging virus ever released. It was the fastest spreading email-based worm ever. Melissa lured people by claiming in an email that it contains the list of passwords for pornographic sites and when the message opened it created havoc on the computer systems.

Identity theft 

identity theft is the crime of obtaining the personal or financial information of another person to use their identity to commit fraud, such as making unauthorized transactions or purchases. Identity theft is committed in many different ways and its victims are typically left with damage to their credit, finances, and reputation.

Example of Identity Theft

Abraham Abdallah duped several credit score companies into providing them with information, and then steal millions of dollars from America’s richest people including Warren Buffet and Steven by using their identities.

Email related crimes

Email spoofing 

The most commonly accepted email spoofing definition is a threat that involves sending email messages with a fake sender address. Email protocols cannot, on their own, authenticate the source of an email. Therefore, it is relatively easy for a spammer or other malicious actors to change the metadata of an email.

Email spamming 

Spam email is unsolicited and unwanted junk email sent out in bulk to an indiscriminate recipient list. Typically, spam is sent for commercial purposes. It can be sent in massive volume by botnets, networks of infected computers.

Email booming

On Internet usage, an email bomb is a form of net abuse that sends large volumes of email to an address to overflow the mailbox,^[1][2] overwhelm the server where the email address is hosted in a denial-of-service attack (DoS attack)^[3] or as a smoke screen to distract the attention from important email messages indicating a security breach.^[4]

Phishing

Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker^[1] or to deploy malicious software on the victim’s infrastructure like ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim.^[2] As of 2020, phishing is by far the most common attack performed by cybercriminals, the FBI‘s Internet Crime Complaint Centre recording over twice as many incidents of phishing than any other type of computer crime.The purpose is to extract personal information like passwords, credit and debit card numbers etc. Criminals have an objective of gaining access to the login credentials of the real owner of the system, network or device etc. through this kind of attack. By being cautious of these kinds of suspected email attachments the user can protect themselves from phishing attacks and at the same time protect their personal information.

The scammers may try to trap a person in this scam by claiming fake information that unauthorised or suspicious activity is happening on a particular person’s account.

HDFC Bank guidelines on Cyber Crime

How to avoid phishing scams?

The guidelines to avoid phishing scams by HDFC Bank are followed as-

Identify signs of fraud

To know about phishing websites and email, you need to look carefully at the subject matter which is delivered by the websites or email as phishing websites and email will often be riddled with grammatical errors and fake branding.

Inspect a website before interacting with it and look at the URL or website address closely. As you will never see a misspelling in the bank name and a genuine bank website address will always be prefixed with ‘https’. That is an indication that all communication between your browser and the bank’s website is encrypted.

Click cautiously

Another way to identify phishing websites or emails is most phishing sites spread their reach on the internet by posting flashy and lucrative links on websites with high user traffic. It is advisable to inspect links before interacting with them because clicking on them can seriously compromise your security. If you find anything suspicious then do a quick web search to identify the bank’s official website address or URL.

Exercise caution

The best way to avoid phishing is to become more and more cautious by using only trusted and genuine software and services when banking online. Access websites only through official links and sources, and follow proper security procedures.

Also, check if the website is secure by inspecting its URL for the SSL certificate also it is advisable to have two devices – one for work and one for personal use- so that the security of the work device is never compromised.

How to recover from a phishing attack?

The guidelines to recover from a phishing attack by HDFC Bank are followed as-

Change all your passwords

The first step you should take to keep the damage minimum from phishing is to change your login credentials and passwords. Since the scammer could have access to all your accounts so it is advisable to change your credentials and passwords as soon as possible and to keep them out of the system and prevent further damage.

Contact the officials

The next important step would be to call your bank and explain the situation to them. As by informing them they will then freeze your account so that no further transaction can be conducted. After informing your bank officials it is also advisable to inform the cybercrime division as most states have a cybercrime division.

Scan your system

The third important step to recovering from a phishing attack is to scan your system to ensure the attacker did not install any malware or backdoor software on the device for future attacks.

Delete emails from unknown sources

It is also advisable for the customers to go through your inbox once a week and delete marketing mailers and emails from unknown sources.

If you ever find yourself at the receiving end of a phishing scam, don’t panic because even the most complicated attack can be resolved with the help of your bank and the police authorities. Above all, remember to exercise caution in all your online transactions.

To know more you can visit the HDFC website here.

Trolling

A troll is Internet slang for a person who intentionally tries to instigate conflict, hostility, or arguments in an online social community. Platforms targeted by trolls can include the comment sections of YouTube, forums, or chat rooms.

Trolls often use inflammatory messages to provoke emotional responses out of people, disrupting otherwise civil discussion. Trolling can occur anywhere that has an open area where people can freely post their thoughts and opinions.

Cyberbullying

Cyberbullying or cyber harassment is a form of bullying or harassment using electronic means. Cyberbullying and cyber harassment are also known as online bullying. It has become increasingly common, especially among teenagers, as the digital sphere has expanded and technology has advanced.^[1] Cyberbullying is when someone, typically a teenager, bullies or harasses others on the internet and other digital spaces, particularly on social media sites. Harmful bullying behavior can include posting rumors, threats, sexual remarks, a victims’ personal information, or pejorative labels (i.e. hate speech).^[2] Bullying or harassment can be identified by repeated behavior and an intent to harm.^[3] Victims of cyberbullying may experience lower self-esteem, increased suicidal ideation, and various negative emotional responses, including being scared, frustrated, angry, or depressed.^[4].

Steps to prevent Cyberbullying

Today’s generation has grown up using technology and is well versed with it. So it is essential to keep a check on them and the parents must keep a check on the activities of their children. Because the teenagers have less maturity and understanding to make a difference between what is right and what is wrong that is the reason why they are more vulnerable to cyberbullying and that is why parents must have a constant check on the activities of their children while they use the internet.

There are various warning signs to be looked upon to check whether the person at your place is bullied or might be bullying someone. These signs are as follows-

• Time fluctuation in the use of phone or laptop by an adult  or child,
• The tendency to avoid healthy discussions online,
• Hiding of profile from others,
• Indifferent behaviour towards social activities.
• Signs of becoming stressed or depressed etc.

After observing all the warning signals if there is a situation of the person facing cyberbullying then it is essential to report the case to the cyber crime cell as soon as possible.

The steps to prevent cyberbullying are followed by as-.

Step 1: Educate yourself

If you want to prevent cyberbullying then it is very important for you and for your children to understand what exactly it is.

Step 2: Protect your password

To prevent cyberbullying it is also very important for the netizen that you must safeguard your password and all private information from curious peers. Never give ballow bullies anything embarrassing about yourself.

Step 3: Raise awareness

It is the responsibility of all parents and individuals to bring awareness to cyberbullying whether it be through a movement, a club an event or a campaign.

Step 4: Setup privacy controls

Change your privacy controls and restrict who can see your profiles to only trusted friends.

Step 5: Never open messages from people you don’t know

There is an old saying that ‘precaution is better than cure’ never open messages from people you don’t know, delete them without reading them as they could contain viruses and infect your computer. It is best to not engage and ignore them. 

Step 6: Always log out of your accounts on public computers

Staying logged in n public computers you run the risk of the bully changing your password and locking you out for a period of time. So, don’t give anyone the slightest chance to pose as you or to share false information.

Step 7: Don’t be a cyberbully

We cannot see the change in society until and unless we promised to change ourselves. It is your responsibility to treat others as you want to be treated. If you find someone getting cyber bullied then help him and don’t become a cyberbully.

Ransomware

It is a form of malware or malicious software which after taking control of the computer restricts the person to access his system. To prevent the system from ransomware infection it is essential to defend one’s system by keeping it updated and by installing the software only after knowing every detail about it. Such defensive steps shall be necessarily taken into consideration.

Installing anti-virus software is another defensive step which helps in detecting such malicious software. Keeping a backup of documents and files is important and automatic backup shall also be done.

Cyberstalking

The term stalking refers to keeping a check or surveillance on some particular person by an individual or a group of individuals. When it is done through the means of the internet or by following the other person constantly on his/her social media account then it is known as cyberstalking. It often takes the form of harassment and is overlapping with cyberbullying. 

There were no specific laws dealing with cyberstalking before February 2013 amendment. But the scenario changed after this year. Section 354D of Indithe the Penal Code deals with providing punishment for cyberstalking. According to this provision any man who repeatedly follows or contacts a woman or tries to do so to foster personal interaction despite clear indication by a woman showing her disinterest or who monitors the internet, email or other forms of electronic communication used by a woman, then it amounts to the offence of stalking. 

There is an exception to this section that stalking done for the following purposes will not be liable to punishment under section 354D –

• If a man pursued it to prevent or detect crime and the man accused has been entrusted with the responsibility of preventing and detecting the crime by the State; or
• It was pursued under any law or to comply with any condition or requirement imposed by any person under any law; or
• In particular circumstances such conduct was reasonable and justified.

Steps to protect yourself against cybercrime

The steps to prevent yourself from cybercrime are followed as-

Step 1: Use a good internet security suite

There are many good internet security suites available in the market. Just buy the premium version of any security suite which helps you to protect your financial information whenever you go online.

Step 2: Use strong passwords

It is advisable to change your passwords regularly and don’t repeat your passwords on different sites, always try to make them complex by using a combination of at least 12 letters, symbols and numbers.

Step 3: Keep your software updated

Whenever your system asks you to update your software always update it. As cyber criminals frequently use known exploits, or flaws, in your software to gain access to your system. When your system software is updated then there are fewer chances that you’ll become a cyber target.

Step 4: Manage your social media settings

It is advisable to keep your personal and private information locked down because cybercriminals can often get access to your personal information with just a few data points, so the less you share publicly, then it better would be for you.

Step 5: Strengthen your home network

It is advisable to use a strong encryption password as well as a virtual private network. Use a VPN whenever you use a public Wi-Fi network, whether it is a cafe, hotel, airport or library.

Step 6: Know what to do if you become a victim

The first thing you can do is to identify what kind of cybercrime has been committed then, the next thing is you need to alert the cyber cell of your city in the case, if you don’t have any cyber cell in your city then you need to alert the local police. It is important even if the crime seems minor because it may prevent such criminals from taking advantage of other people in the future.