As the world is getting increasingly interconnected, it is witnessing its greatest – Cyber-Crimes! As Robert Muller, FBI Director puts it-“There are only two types of companies: those that have been hacked and those that will be”. In this issue we will deal with regulatory framework regarding cheating by personation, fraud and misrepresentation electronically.
CYBER-CRIME & PHISHING
In India, the term “Cyber-crime” is not defined in any statute or rules. In general parlance one can construct the term to mean offences relating to or using computers, internet and other electronic communications platforms such as WhatsApp, Twitter etc.
Phishing can be defined as any proposition for jobs or personal information in return for money by way email, telephone or text message. These are acts of impersonation where a person poses as a member of a legitimate organization.
NGOs AS VICTIMS OF CYBER-CRIME
- By someone falsely representing themselves to be the non-profit and receiving donations intended for the non-profit. The miscreant may use identities of the non-profit such as logos, trademarks, program names and even employee names to make the representation look very compelling.
- By someone falsely representing themselves to be the officers of the non-profit and inducing members of the public to make payments of processing/ registration/ application fees on the promise of grants or prizes, in return. They may seek confidential details from the public including bank details, passwords and send emails from email addresses very similar to that of key functionaries of the NGO.
- By inducing the non-profit to make payments of processing/ registration/ application fees on the false promises of securing grants from grant making agencies. The miscreant may use identities of the non-profit such as logos, trademarks, program names and even employee names to make the representation look very compelling.
Such cyber-crimes cause the name of the NGO to be maligned. Since people are cheated, this may result in a financial liability on the NGO.
STEPS NGOs CAN TAKE TO PREVENT CYBER-CRIMES
- Adding Disclaimer - Provide a disclaimer on the organisation’s official website/Facebook/LinkedIn or any other social media handles. The disclaimer should specifically draw attention to any possible phishing attacks and absolve the organisation from any liability arising from such an act.
- Providing an email address, phone number or a mailing address where any fraudulent activities can be reported to the organisation.
- Adding cookies to the organization’s website to track the activity of the page and take action against any suspicious users/ activities. While this is not infallible, this may act as a primary protection barrier.
- Official social media handles can be tracked, which may ensure a first-level tracking of the persons accessing the information provided by the organization.
- If it has no official page, the organization must have a person who continuously watches the various social media and is mandated with the task of reporting/removing phishing groups or posts on such groups.
- Not post any official documents containing sensitive information of the organisation.
- Check the network security if there is a chance that the person has secured phone number/ identity of applying entities by breaking into the organization portal and take measures to fix the glitches.
In the event an incident of a cyber-impersonation comes to the notice of the organization, the NGO should do the following with immediate effect:
- Cyber-crimes constitute a crime under various Indian laws including the Indian Penal Code. Therefore the NGO must lodge a written complaint against the impersonator to the cyber cell (https://cybercrime.gov.in) or police station and attach documents which support the facts of the case fully.
- Given the fact that the identities of these miscreants are seldom available, the NGO can consider filing a civil suit seeking a ‘John Doe’ order before the jurisdictional City Civil Court. A ‘John Doe’ order is a relief sought by a Plaintiff wherein the perpetrators of the crime are not known. The enforcement of rights under such an order would be against any person(s), who conspire or commit the offence.
Though it is not possible to prevent cyber-crimes from occurring, it is possible to safeguard an organisation and minimise the impact of such cyber-crimes. Do reach out to legal counsel to develop a tailored and holistic strategy against cyber-crimes.