Safeguarding NGOs Against Cyber Crime


As the world is getting increasingly interconnected, it is witnessing its greatest – Cyber-Crimes! As Robert Muller, FBI Director puts it-“There are only two types of companies: those that have been hacked and those that will be”. In this issue we will deal with regulatory framework regarding cheating by personation, fraud and misrepresentation electronically.


In India, the term “Cyber-crime” is not defined in any statute or rules. In general parlance one can construct the term to mean offences relating to or using computers, internet and other electronic communications platforms such as WhatsApp, Twitter etc.

Phishing can be defined as any proposition for jobs or personal information in return for money by way email, telephone or text message. These are acts of impersonation where a person poses as a member of a legitimate organization.


  • By someone falsely representing themselves to be the non-profit and receiving donations intended for the non-profit. The miscreant may use identities of the non-profit such as logos, trademarks, program names and even employee names to make the representation look very compelling.
  • By someone falsely representing themselves to be the officers of the non-profit and inducing members of the public to make payments of processing/ registration/ application fees on the promise of grants or prizes, in return. They may seek confidential details from the public including bank details, passwords and send emails from email addresses very similar to that of key functionaries of the NGO.
  • By inducing the non-profit to make payments of processing/ registration/ application fees on the false promises of securing grants from grant making agencies. The miscreant may use identities of the non-profit such as logos, trademarks, program names and even employee names to make the representation look very compelling.

Such cyber-crimes cause the name of the NGO to be maligned. Since people are cheated, this may result in a financial liability on the NGO.


  1. Adding Disclaimer - Provide a disclaimer on the organisation’s official website/Facebook/LinkedIn or any other social media handles. The disclaimer should specifically draw attention to any possible phishing attacks and absolve the organisation from any liability arising from such an act.
  2. Providing an email address, phone number or a mailing address where any fraudulent activities can be reported to the organisation.
  3. Adding cookies to the organization’s website to track the activity of the page and take action against any suspicious users/ activities. While this is not infallible, this may act as a primary protection barrier.
  4. Official social media handles can be tracked, which may ensure a first-level tracking of the persons accessing the information provided by the organization.
  5. If it has no official page, the organization must have a person who continuously watches the various social media and is mandated with the task of reporting/removing phishing groups or posts on such groups.
  6. Not post any official documents containing sensitive information of the organisation.
  7. Check the network security if there is a chance that the person has secured phone number/ identity of applying entities by breaking into the organization portal and take measures to fix the glitches.

In the event an incident of a cyber-impersonation comes to the notice of the organization, the NGO should do the following with immediate effect:

  1. Cyber-crimes constitute a crime under various Indian laws including the Indian Penal Code. Therefore the NGO must lodge a written complaint against the impersonator to the cyber cell (https://cybercrime.gov.in) or police station and attach documents which support the facts of the case fully.
  2. Given the fact that the identities of these miscreants are seldom available, the NGO can consider filing a civil suit seeking a ‘John Doe’ order before the jurisdictional City Civil Court. A ‘John Doe’ order is a relief sought by a Plaintiff wherein the perpetrators of the crime are not known. The enforcement of rights under such an order would be against any person(s), who conspire or commit the offence.

Though it is not possible to prevent cyber-crimes from occurring, it is possible to safeguard an organisation and minimise the impact of such cyber-crimes. Do reach out to legal counsel to develop a tailored and holistic strategy against cyber-crimes.

A full service boutique law firm
On social networks
Pacta is a full-service boutique law-firm for the social and impact sector.

Pacta provides legal & company secretary services for the biggest philanthropies, family foundations, NGOs, CSR entities, public trusts, start-ups, social incubators/accelerators, schools & universities.
The Pulse is Pacta’s in-house periodic newsletter that carries legal updates for the social sector. We decrypt legalese into digestible, relevant & actionable content. In every issue, we pick a subject – a new law, amendment or judgement and contextualise it for non-profit founders and administrators.


Pacta upholds and strives to exceed the professional standards. This website is not an advertisement or solicitation of work. Legal information shared here are not and do not make up for professional legal advice. By visiting Pacta’s website you know what you are doing and you are doing it at your risk and cost. We disclaim any liability arising from the information or materials contained on this site.
Social | Impact | Legal
Copyright 2021 Pacta. Privacy Policy
New Version found. Installing.