Phishing and Cybersquatting (2024)

Table of Contents
Intention Behind Phishing: Recognizing Phishing: Safeguards Against Phishing: PHISHING - A CYBERCRIME, THE PROVISIONS OF INFORMATION TECHNOLOGY ACT, 2000 Cybersquatting FAQs

Phishing and Cybersquatting (1)

Phishing (brand spoofing) is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

Intention Behind Phishing:

The purpose behind phishing is to divulge personal information and steal the user’s identity, passwords, rob bank accounts & consequently take over the computer.

Recognizing Phishing:

The following factors might help recognize phishing:

  • Financial loss occurs;
  • Data loss occurs;
  • Introduction of virus/ malware into the computer system occurs;
  • Illegal use of the user’s details occurs.

Safeguards Against Phishing:

The following safeguards are to be implemented against phishing:

  • Use of anti-spam software;
  • One should not click hyperlinks in e-mail through unknown/ unverified sources;
  • Use of firewalls should be there;
  • Use of phishing filters;
  • Use of digital certificates should be emphasized upon;
  • E-mail protocols should be secured;
  • Reliability of the websites should be ensured;
  • Use a Web browser with anti-phishing detection;
  • Be aware of phishing phone calls;
  • Be aware of links in the mailbox.

PHISHING - A CYBERCRIME, THE PROVISIONS OF INFORMATION TECHNOLOGY ACT, 2000

Phishing fraud essentially is cybercrime and it attracts several penal provisions of the Information Technology Act, 2000 as amended in 2008 adding some new provisions to deal with the phishing activity. The following provisions of the Information Technology Act, 2000 apply to the Phishing Activity:

Section 66:The account of the victim is compromised by the phisher which is not possible unless & until the fraudster fraudulently affects some changes by way of deletion or alteration of information/data electronically in the account of the victim residing in the bank server. Thus, this act is squarely covered and punishable u/s 66 IT Act.

Section 66A:The disguised email containing the fake link of the bank or organization is used to deceive or to mislead the recipient about the origin of such email and thus, it attracts the provisions of Section 66A IT Act, 2000.

See Also
Social Engineering: Definition & 6 Attack Typesking-phisher | Kali Linux ToolsSocial Engineering and Malicious Code – GCSE Computer Science AQA Revision – Study RocketHow do Phishers target their victims?

Section 66C:In a phishing email, the fraudster disguises himself as the real banker and uses the unique identifying feature of the bank or organization say logo, trademark etc. and thus, clearly attracts the provision of Section 66C IT Act, 2000.

Section 66D:The fraudsters through the use of the phishing email containing the link to the fake website of the bank or organizations personates the Bank or financial institutions to cheating upon innocent persons, thus the offence under Section 66D too is attracted.

The Information Technology Act, 2000 makes penal provisions under the Chapter XI of the Act and further, Section 81 of the IT Act, 2000 contains a non-obstante clause, i.e., “the provisions of this Act shall have effect notwithstanding anything inconsistent therewith contained in any other law for the time being in force”. The said non-obstante clause gives an overriding effect to the provisions of the IT Act over the other Acts including the Indian Penal Code. The aforesaid penal provisions of the IT Act, 2000 which is attracted to the phishing scam are however been made bailable under Section 77B IT Act intentionally since there is always an identity conflict as to the correct or accurate identity of the person behind the alleged phishing scam and there is always a smokescreen behind the alleged crime as to the identity of the person who has actually via these online computer resources have or have not committed the offence and given the possible misuse of the penal provision for cyber offences as contained in the IT Act, the offence is made bailable.

Cybersquatting

Meaning:

Cybersquatting is the practice of registering names, especially well-known company or brand names, as internet domains, in the hope of reselling them at a profit. It is the bad-faith registration and use of a domain name that would be considered confusingly similar to an existing trademark. Cybersquatting occurs when people buy domain names to sell them to trademark owners for a profit.

Intention Behind Cybersquatting:

The purpose behind cybersquatting is to make profit from the well-merited goodwill of a corporation, steal business characteristics or name to make instant money and use the names of existingbusinesseswith the intent to sell the names for a profit to those businesses.

Recognizing Cybersquatting:

See Also
Social Engineering: Definition & Examples | KnowBe4

The following factors might help recognize cybersquatting:

  • Checking where the domain name takes;
  • Contacting the domain name registrant;
  • Paying, if it makes sense.

Safeguards Against Cybersquatting:

The following safeguards are to be implemented against phishing:

  • One should have a registered trademark;
  • The proper domain ownership should be recorded;
  • Buying up the variations of the domain name;
  • More than one extension should be registered;
  • To fight back through arbitration.

Legal Position of Cybersquatting in India:

The cases of cybersquatting are dealt with under the Trademark Act, 1999.

In the case ofSatyam Infoway Ltd v. Sifynet Solutions Private Limited, it was observed by the Hon’ble Supreme Court that:

“As far as India is concerned, there is no legislation which explicitly refers to dispute resolution in connection with domain names. But although the operation of the Trade Marks Act, 1999 itself is not extra-territorial and may not allow for adequate protection of domain names, this does not mean that domain names are not to be legally protected to the extent possible under the laws relating to passing off”.

Options Available to Cybersquatting Victims in India:

  • Arbitration under ICANN’s (Internet Corporation for Assigned Names and Numbers) rules
  • Issuance of cease-and-desist letters to cyber squatters.

Dispute Resolution in Cybersquatting Cases:

Disputes about domain names may be resolved under UDRP (on an international level) or INDRP (national level).

UDRP: Disputes such as Cybersquatting that involve illegal/bad-faith registrations of domain names are resolved via the Uniform Domain Name Dispute Resolution Policy (UDRP) process that has been made by the ICANN. As per the guidelines of UDRP in the context of Cybersquatting, at the time of registration of a domain name, the applicant gives his agreement to submit to proceedings in case they are initiated under the UDRP of ICANN.

A complaint may be brought by an individual/organization before the administrative dispute resolution service providers if:

  • A domain name is identical or similar to the trademark in which the complainant has rights
  • The owner of the domain has no direct or legitimate interest in the domain name
  • The domain name has been registered and is being used illegally or in bad faith

INDRP:A case could be filed with the .IN registry handled by the National Internet Exchange of India (NiXI) bringing the matter to fast-track dispute resolution process whereby decisions are transferred within 30 days of filing a complaint.

Though there is no legal compensation under the IT Act, .in registry has taken proactive steps to grant compensation to victim companies to deter squatters from further stealing domains. Most squatters however operate under the guise of obscure names.

Under NIXI, the IN Registry functions as an autonomous body with primary responsibility for maintaining the .IN ccTLD (country code top-level domain) and ensuring its operational stability, reliability, and security.

Phishing and Cybersquatting (2024)

FAQs

What happens if you reply to phishing? ›

When you respond, you confirm that your email account is active, making you a target for further attacks. Your email security tools might then recognize the attacker as someone you trust, allowing future phishing attempts to land directly in your inbox.

Tell Me More
What are phishing questions and answers? ›

What Is Phishing? Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. It is usually done through email. The goal is to steal sensitive data like credit card and login information, or to install malware on the victim's machine.

Know More
What is phishing select the correct answer? ›

Phishing is the practice of sending fraudulent communications that appear to come from a legitimate and reputable source, usually through email and text messaging. The attacker's goal is to steal money, gain access to sensitive data and login information, or to install malware on the victim's device.

Get More Info
How many of breaches included phishing choose the best answer? ›

Beware of phishing emails

On top of that, 32% of all successful breaches involve the use of phishing techniques.

Tell Me More
What happens if you answer a phishing call? ›

If you accidentally answer a spam call, scammers know your number is connected to a real person and can target you with more spam calls. These targeted spam calls will try to trick you into giving up your personal information which allows cybercriminals to steal your money, your identity and even your voice.

Know More
Can you get in trouble for phishing? ›

Those charged with phishing can face fines, a prison sentence or probation. A felony phishing conviction can carry a sentence of up to five years in prison, while a misdemeanor phishing conviction can result in up to a year in prison.

Get More Info Here
What do phishing attacks get you to do? ›

Phishing (pronounced: fishing) is an attack that attempts to steal your money, or your identity, by getting you to reveal personal information -- such as credit card numbers, bank information, or passwords -- on websites that pretend to be legitimate.

Get More Info
What is a common example of a phishing attempt? ›

Phishing attack examples

A spoofed email ostensibly from myuniversity.edu is mass-distributed to as many faculty members as possible. The email claims that the user's password is about to expire. Instructions are given to go to myuniversity.edu/renewal to renew their password within 24 hours.

Read On
What kind of phishing happens over the phone? ›

2. Vishing. Vishing, which is short for "voice phishing," is when someone uses the phone to try to steal information. The attacker may pretend to be a trusted friend or relative or to represent them.

Show Me More
How do I know if I got phished? ›

Look for: Unsolicited and suspicious messages, emails and social posts containing shortened links. Web pages that ask for login credentials or other sensitive information. Suspicious emails with uncharacteristic language.

Keep Reading

What are the dangers of phishing? ›

Phishing attacks aren't just a nuisance, they can seriously disrupt an organization's operations. Once an attacker's found their way into your network, they can install malware or ransomware, which could cause system outages and other nasty disruptions.

Get More Info
How is phishing dealt with? ›

Fortunately, most types of phishing can be stopped if you take the right precautions. That means: Use effective cybersecurity countermeasures. Modern antivirus and anti-phishing solutions, alongside effective spam filters, will screen out many phishing attempts.

View More
Where do 90% of all cyber attacks come from? ›

Research by Deloitte found that 91% of all cyberattacks begin with a phishing email (an email that looks like it's from someone you know but is actually from criminals). That's how web giant Yahoo was targeted a few years ago, exposing the contents of half a billion user accounts to criminals.

Show Me More
Do 90% of cyber attacks start with phishing? ›

Over 90% of Cyber-Attacks Begin with Phishing - How Can Attacks be Stopped? Phishing is now so common that almost all (96%) businesses suffer from its ill effects, including credential theft, Business Email Compromise, and ransomware infection.

See More
What percentage of phishing attacks are successful? ›

Global Average Phishing Email Click Rates

In 2021, the average click rate for a phishing campaign was 17.8%. 9. More targeted spear phishing campaigns had an average click rate of 53.2%.

Keep Reading
Can you get hacked if you reply to someone? ›

You can't get hacked by simply replying to a text. However, engaging with a hacker in any way will make it more likely that you get hacked. They'll find a way to fool you and make you click a link, which is what leads to you getting hacked.

Read On
Is responding to a phishing text bad? ›

Don't respond to smishing messages, even to ask the sender to stop contacting you. Responding to smishing messages verifies that your phone number is active and that you are willing to open such messages, which may lead to an increase in the unsolicited text messages you receive.

Continue Reading
What should you do if you accidentally responded to a phishing email text message? ›

If you believe you've been phished, you will want to address password security and monitor any accounts that may have been compromised: For compromised accounts: If you know the accounts that have been compromised after you have responded to a phishing email, change the password for those accounts immediately.

Read The Full Story
What happens if you accidentally click on a phishing email? ›

Clicking on a phishing link can transmit basic information like your location and device stats, redirect you to a fake website, or download malware.

Get More Info Here
Top Articles
Fantasy News, Player Stats, Rumors and Rankings
Fantasy News, Player Stats, Rumors and Rankings
Heritage Funeral Home Sioux Falls South Dakota
Eso Sergeant Set
What Time Does Walmart Electronics Close
Luciipurrrr_
Pickwatch Nfl Against The Spread
Indiana Wesleyan University Sharepoint
Kenner And Stevens Funeral Home
Staff Recognition and Milestone Service Awards | 2024
Verity Or Falsity Of A Proposition Crossword Clue
Label Shopper Oberlin
Latest Posts
How to play fantasy football: Your 101 guide for the 2021 NFL season
Fantasy News, Player Stats, Rumors and Rankings
Article information

Author: Fredrick Kertzmann

Last Updated:

Views: 6268

Rating: 4.6 / 5 (46 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Fredrick Kertzmann

Birthday: 2000-04-29

Address: Apt. 203 613 Huels Gateway, Ralphtown, LA 40204

Phone: +2135150832870

Job: Regional Design Producer

Hobby: Nordic skating, Lacemaking, Mountain biking, Rowing, Gardening, Water sports, role-playing games

Introduction: My name is Fredrick Kertzmann, I am a gleaming, encouraging, inexpensive, thankful, tender, quaint, precious person who loves writing and wants to share my knowledge and understanding with you.