Upload File

it act

27
IT ACT YAGYAVALKYA INSTITUTE OF TECHNOLOGY Submitted To: SubmittedBy: Mr. Manish Dave Abhilasha Agarwal (Asst. Professor CS & IT)IT- 8 th Sem ( 4 th Yr)

Upload: abhilasha-agarwal

Post on 12-May-2015

134 views

Category:

Documents


4 download

Report

Tags:

TRANSCRIPT

Page 1: It act

IT ACT

YAGYAVALKYA INSTITUTE OF TECHNOLOGY

Submitted To: Submitted By: Mr. Manish Dave Abhilasha Agarwal(Asst. Professor CS & IT) IT- 8t h Sem ( 4th Yr)

Page 2: It act

IT ACT

Enacted on 17th May 2000- India is 12th nation in the world to adopt cyber laws

IT Act is based on Model law on e-commerce .

Page 3: It act

To provide legal recognition for transactions:-

Carried out by means of electronic data interchange, and other means of electronic communication, commonly referred to as "electronic commerce“

To facilitate electronic filing of documents with Government agencies and E-Payments

To amend the Indian Penal Code, Indian Evidence Act,1872, the Banker’s Books Evidence Act 1891,Reserve Bank of India Act ,1934

Objectives of the IT Act:

Page 4: It act

Cyber crime is a generic term that refers to all criminal activities done using the medium of computers, the Internet, cyber space and the worldwide web.

Cyber Crime:

Page 5: It act

It is the act of tricking someone into giving confidential information (like passwords and credit card information) on a fake web page or email form pretending to come from a legitimate company (like their bank).

What Is Phishing???

Page 6: It act

A message is sent from the Phisher to the user.

A user provides confidential information to a Phishing server.

The Phishers obtains the confidential information from the server.

The confidential information is used to impersonate the user.

The Phishers obtains illicit monetary gain.

How it works ??

Page 7: It act

Man-in-the-middle attacks URL Obfuscation Attacks

Techniques of Phishing attacks

Page 8: It act

The attacker sits between the customer and the real web-based application, and proxies all communications between the systems.

This form of attack is successful for HTTP communications.

Man-in-the-middle attacks:

Page 9: It act

It involves minor changes to the URL, the fraudster tricks the user to follow a hyperlink (URL) to the attacker’s server, without the users realizing that he has been duped.

URL Obfuscation Attacks:

Page 10: It act

Unawareness among public Unawareness of policy Technical sophistication

Major factors for increase in Phishing Attacks:

Page 11: It act

Lack of awareness regarding the phishing attacks among the common masses.

The users are unaware that their personal information is actively being targeted by criminals.

They do not take proper precautions when they conduct online activities.

Unawareness among public:

Page 12: It act

Bank/financial institution policies. Procedures for contacting customers, particularly

for issues relating to account maintenance and fraud investigation.

The policies of an online transaction.

Unawareness of policy :

Page 13: It act

URL obfuscation to make phishing emails. Web sites appear more legitimate. Execution of malicious code from a hostile web

site.

Technical sophistication :

Page 14: It act

The following Sections of the Information Technology Act, 2000 are applicable to the Phishing Activity:

Section 66 Section 66A Section 66C Section 66D

Provisions of Information Technology Act, 2000

Page 15: It act

The account of the victim is compromised by the phisher which is not possible unless & until the fraudster fraudulently effects some changes by way of deletion or alteration of information/data electronically in the account of the victim residing in the bank server. Thus, this act is squarely covered and punishable u/s 66 IT Act.

Section 66:

Page 16: It act

The disguised email containing the fake link of the bank or organization is used to deceive or to mislead the recipient about the origin of such email and thus, it clearly attracts the provisions of Section 66A IT Act, 2000.

Section 66A:

Page 17: It act

In the phishing email, the fraudster disguises himself as the real banker and uses the unique identifying feature of the bank or organization say Logo, trademark etc. and thus, clearly attracts the provision of Section 66C IT Act, 2000.

Section 66C:

Page 18: It act

The fraudsters through the use of the phishing email containing the link to the fake website of the bank or organizations personates the Bank or financial institutions to cheat upon the innocent persons, thus the offence under Section 66D too is attracted.

Section 66D:

Page 19: It act

A petition filed by an Abu Dhabi-based NRI(Umashankar Sivasubramaniam), who claimed he received an email in September 2007 from ICICI, asking him to reply with his internet banking username and password or else his account would become non-existent.

He replied, he found Rs 6.46 lakh transferred from his account to that of a company, which withdrew Rs 4.6 lakh from an ICICI branch in Mumbai and retained remaining balance in its account.

Case Study:

Page 20: It act

But ICICI Bank claimed that the petitioner had negligently disclosed the confidential information such as password and had fallen prey to a phishing fraud.

A bank Spokeperson said "Customers are fully appraised on security aspects of internet banking . We reassure that our security systems are continuously audited and neither the security nor our processes have been breached."

Page 21: It act

In his application for adjudication filed section 66, 66A,66C,66D under the IT Act to the state IT secretary on June 26, 2008, he held the bank responsible for the loss.

Further, the Spokesperson said “we have hundreds types of transactions, which can be completed online without having to walk into a branch. Customers get the best experience and a safe environment while transacting online."

Page 22: It act

Techno-legal consultant said “the order may lead to tightening of cyber laws in the country, "Phishing fraud is very common but banks are not accepting the liabilities. It will set a good precedent.“

April 12, 2010, Tamil Nadu IT secretary directed “ICICI Bank to pay Rs 12.85 lakh within 60 days for the loss suffered by him due to a phishing fraud incident involving fraudulent transfer of an amount of Rs 6.46 lakh. “

Page 23: It act

The compensation includes not only the loss suffered by the petitioner, but also interest and other expenses.

Page 24: It act

Example:

Page 25: It act

If you have provided account numbers, pin number, password, login detail to the phisher, immediately notify the bank with which you have the account so that your accounts can’t be

compromised.

What do you do if you think you are a victim?

Page 26: It act

Check your credit card and bank account statements regularly and look for unauthorized transactions, even small ones. Report discrepancies immediately .

Ensure that your system has the current security software applications like; anti-spam, anti-phishing, anti-virus and anti-spyware etc.

You must CALL Customer Support Service because in case you find the email suspicious .

Precautionary Measures:

Page 27: It act

Thank You


India Start-ups IT Security & IT Act 2008

IT Act of India

Class it act

It Amendments Act

Cyber law-it-act-2000

IT Act 2000

nullcon 2010 - Comparative analysis of “The IT Act, 2000″ and The IT(amendment) Act, 2008″

It act law ppt

IT Security Act 2

Ankur It Act Report

Mouthshut petition on IT Act

Group V2 - IT ACT 2000

PUCL IT Act petition

IT Amendment Act 2008

IT ACT 2000-PPT

IT ACT 2000 Slides

It Act Law Presentation

Cyber Law & It Act 2000

It act and cyber crime

It act seminar

Recovery Act: IT Opportunities

Final It Act Ppt

It Act Section 2000

cyber law IT Act 2000

IT Act With Master Guide to Income Tax Act

capex provison in it act

Moving from IT to ACT

IT Act 2000 NIIConsulting

IT ACT 2008

Amendment to IT Act

Information Technology and IT act

Presentation on IT ACT 2000

Cybercrime and IT ACT

Prueba Act It Ud

IT ACT 2012 Updated as Per Finance Act 2012