What to do if an email account is hacked?

In the globalized world, communication of information has been easier than ever. Thanks to invention of internet and mass communication which has made it easier. The emergence of internet has made computer even more reliable tool. The internet has facilitated the invention of e-mails or electronic mails.

Analogous relationship between cyber laws and criminal law

The two main ingredients of criminal law are Actus reus and Mens rea. For any criminal act, the said act done must be punishable under criminal law and the act must have been committed with a motive or intention to do so. The same applies in the cyber laws as well. For example when an email or a computer is hacked the attacker or the person who hacked such device must have an intention to steal any data or source from it. When the motive cannot be proved such person cannot be punished under the Information Technology Act, 2000. Actus non facit reum nisi mens sit rea is the significant factor in penal liability.

Definition for the term e-mail

E-mails are electronic form of messages sent, received or forwarded in digital form via a computer based communication mechanism. Electronic form is defined under the Information Technology Act, 2000 which means any information generated, sent, received, or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device.[i]

Kinds of cyber crime that target email users

Phishing:

Any offences or intrusion into the sensitive information of emails can be dealt under the Act. One of the main forms of offences under cyber crime includes phishing. Phishing is kind of criminal activity in which the person attempts to fraudulently acquire any sensitive information of the targeted person. This sensitive information includes username, password and bank account details and this will used for identity theft.

Modus operandi of the attacker:

• These fraudsters create a fake website which resembles the original website by copying the source code and graphics.
• They create fake mails that contain a link which directs the victim to their fake website.
• Fraudsters put the text of a link to a legitimate site in an e-mail but use the source code to links to own fake site.

E-mail spoofing:

Any mail that appears to be sent from one source but, sent from another source.

E-mails Bombings:

Sending numerous or large emails messages to one person is considered to be email bombings and this would result in destruction of information.

Cookie hijacking

Cookies refer to the certain information that has been stored in one’s own computer’s hard drive like passwords and user preferences. Cookie hijacking is the act of stealing a particular cookie or sessions ID and by that they can access his/her web application. These cookies may contain valuable information that may result in exploiting the information to obtain information or services in a computer system.[ii]

Key logging

Key logging, also known as keystroke logging is a type of software when installed in a particular system has a capacity to record every keystroke that has been made in that system. This results in recording everything typed through that keyboard including the passwords, usernames etc. [iii]

Punishments for email hacking:

Chapter XI of The Information Technology Act, 2000 deals with the offences relating to e-mail hacking.

1. Hacking of email includes Identity theft. Identity theft is forgery and punishable under Section 464 of Indian Penal Code and it is punishable for imprisonment for a term which may extend upto two years or fine or with both.

2. Under Section 66 of the Information Technology Act, 2000, any person, dishonestly or fraudulently does any act to damage the computer resources shall be punished with imprisonment for a term which may extend upto three years or fine with 5 lakh rupees or both.[iv]

3. Section 66-C of the Act provides with the punishment for identity theft. When any person makes use of electronic signature, passwords and other unique identification feature of any other person, fraudulently shall be punished with imprisonment for a term which extends upto three years and fine of 1 lakh.[v]

4. In case of publishing or transmitting any sexually implicit content through electronic form, such act shall be punished in first term with imprisonment for a period which may extend up to 3 years with fine of 5 lakhs and during second term the punishment may extend up to 5 years with fine of 10 lakhs.[vi]

Illustrations

In Maruthapandian v. State of Tamil Nadu[vii], the email sent by the petitioner to the Bank  for disbursement of amount was hacked by the culprits and the amounts were stealthily taken. When the issue came to petitioner’s knowledge, he lodged a complaint under Section 420(cheating), 471 (Using a genuine document as forged), 420 (Cheating and dishonesty) and Section 66 of the Information Technology Act, 2000. In the case it was considered to be cyber crime and the said case was transferred to special team available in C.B.C.I.D.

In Thanuja P.A v. State of Kerala[viii], the petitioner received an email from the account of her brother who works abroad. In that particular email, she was asked to transfer an amount of Rs 1 Lakh to an account for her brother’s wife’s treatment and the account details were sent through another mail. She made the said transfer. Later it was found that the account was proved to be fake and she asked the bank to stop the payment. This is a cyber crime and falls under Information Technology Act.

Ways in which email hacking can be prevented:

1. Information Technology (Certifying Authorities) Rules, 2001 recommends certain guidelines for password management. The following features shall be implemented for passwords:

a. Minimum of eight characters without any blanks.

b. Shall be different from the existing password and the other previous ones.

c. Shall be changed every ninety days or in case of sensitive system password shall be changed at least every thirty days.

d. Shall not be shared, displayed or printed.[ix]

2. A complaint can be filed online in the cyber cell website.[x] The application letter must be addressed to the head of the cyber crime investigation cell along with your details including name, address and contact number.

3. In case where the complaint cannot be filed online, an FIR can be filed with the cyber police or the cyber crime investigation department annexing necessary documents that proves the particular crime. The documents that are necessary vary from case to case.

In case of email hacking the complaint must contain the following details:-

a)  Data that has been compromised.

b)  Copy of any messages regarding the hack. Both hard and soft copies are required.

c) If any data has been compromised, the proof of the old original data and the compromised data is required.

d) All the other necessary information within the knowledge of the complainant regarding the hacking.[xi]

Conclusion

The internet connects people around the world by using web browsers, web servers and data warehouse. This may seem advantageous but the threats imposed on the globalised world through security and data breach imposes the need of drafting a stricter legislation. The existing law must be amended in such a way that it addresses the modern issues.

Edited by Pragash Boopal

Approved & Published – Sakshi Raje

Reference 

[i] Section 2 (1) (r) of The Information Technology Act,2000