Phishing is one of the fastest-growing Internet crimes in recent history. Millions of people are affected, and billions of dollars are stolen. Phishing is a technique used to extract personal information from victims by means of deceptive and fraudulent emails for identity theft. As a result of this, the organizations as well consumers are facing enormous social and economic effects. Phishing is causing two-way damage. This chapter lists the effects of phishing to e-commerce and summarizes techniques available that can be used to prevent phishing with special reference to Indian laws.
TopDefinition
Phishing, also known as “brand spoofing” or “carding”1 is a process employing the immense capabilities of the Internet to socially engineer people by imitating legitimate forms and methods into imparting their confidential information for purposes of identity theft.2 “Phishing is a particularly invidious attack on the Internet community because it always involves two separate acts of fraud. The phisher first ‘steals’ the identity of the business, it is impersonating and then acquires the personal information of the unwitting customers who fall for the impersonation. This has led commentators to refer to phishing as a ‘two-fold scam’ and a ‘cybercrime double play” (Stevenson, 2005).
The Delhi High Court opined in National Assn. of Software and Service Companies v. Ajay Sood3 that,
Phishing is a form of Internet fraud. In a case of ‘phishing’, a person pretending to be a legitimate association such as a bank or an insurance company in order to extract personal data from a user such as access codes, passwords, etc. which are then used to his own advantage, misrepresents on the identity of the legitimate party. Typically ‘phishing’ scams involve persons who pretend to represent online banks and siphon cash from e-banking accounts after conning consumers into handing over confidential banking details.
The United States Department of Justice defines phishing as, “Criminals’ creation and use of e-mails and Websites-designed to look like e-mails and Websites of well-known legitimate businesses, financial institutions, and government agencies in order to deceive Internet users into disclosing their bank and financial account information or other personal data such as usernames and passwords” (Department of Justice, 2004).
“The hacker news group alt. 2600 first published the word “phishing” on the Internet in January 1996, although the term was used by computer security trespassers, or hackers, before then” (McNealy, 2008).
The genesis of the word “phishing” is attributed to several sources. It is commonly suggested that the basic etymology arises from the fact that the scammers are “fishing” for confidential information from gullible customers.4 The orthographic substitution of ‘ph’ for ‘f’ is most likely by analogy to “phone phreaking” (Rosenbaum, 1971), or to distinguish the Internet scam from the sport.5 Contraction of the term “password harvesting” is another suggested basis of the word “phishing.”6 In its initial stages, phishing essentially focused on obtaining passwords of America Online accounts. By 1996, hacked accounts were called “phish”, and by 1997 phish were actively being traded between hackers as a form of electronic currency. With time, the nature of information being phished for has graduated from user account details to access to all personal data.