Meaning and Types of Cyber Banking Fraud

Cyber banking fraud refers to unlawful activities conducted over digital platforms to fraudulently gain access to banking information or steal money from bank accounts using deceptive techniques or technological tools.

These frauds typically exploit the vulnerabilities of internet banking, mobile banking, ATMs, and other digital financial services.

Phishing

Phishing is a fraudulent attempt to acquire sensitive data like login credentials, OTPs, or credit card information by impersonating a trustworthy entity via email.

Example: A fake email claiming to be from the Reserve Bank of India asking the user to verify their account details by clicking a link that leads to a fake website.

Vishing

Vishing (Voice Phishing) uses phone calls to deceive users into revealing confidential information. Fraudsters pretend to be from a bank, RBI, or a mobile operator.

They usually claim suspicious activity on the user’s account and ask for OTPs or PINs under false pretences.

Smishing

Smishing (SMS Phishing) involves sending fraudulent SMS messages that trick users into clicking on malicious links or disclosing personal information.

Example: “Your SBI account is blocked. Click here to reactivate: www.fake-link.in”

Online banking credential theft

This involves stealing login credentials such as usernames and passwords for internet banking platforms using keyloggers, malware, or through social engineering techniques.

Attackers use this data to illegally access and siphon off money from the victim’s account.

SIM Swapping

SIM swapping is when a fraudster gets a duplicate SIM card issued for your phone number, thereby gaining access to OTPs sent via SMS for banking transactions.

By taking control of your mobile number, they bypass two-factor authentication and execute unauthorized transactions.

Relevant Laws

IT Act, 2000 (Sections 66, 66C, 66D)

• Section 66: Deals with computer-related offences including unauthorized access and data theft. Punishable with imprisonment up to 3 years and/or fine up to ₹5 lakh.
• Section 66C: Deals with identity theft, i.e., fraudulent use of passwords, digital signatures, or other unique identification features. Punishment: 3 years and ₹1 lakh fine.
• Section 66D: Covers cheating by personation using computer resources — includes phishing, vishing, and smishing. Punishment: 3 years imprisonment and fine up to ₹1 lakh.

Indian Penal Code, 1860 (Sections related to cheating, fraud, forgery)

• Section 420: Cheating and dishonestly inducing delivery of property. Punishment: up to 7 years and fine.
• Section 468: Forgery for purpose of cheating — relevant in fake websites, documents, etc.
• Section 471: Use of forged documents as genuine — can be applied to fake bank correspondence or screenshots.

Prevention of Money Laundering Act, 2002

This act can be invoked when cyber banking fraud is part of a larger money laundering scheme. The act empowers agencies to attach, confiscate, and recover property derived from illegal banking fraud.

Such frauds are classified as scheduled offences when connected to predicate offences under the IPC or IT Act.

Money Laundering using Digital Platforms

Prevention of Money Laundering Act, 2002

Money laundering refers to the process of concealing the origins of illegally obtained money, typically by passing it through a complex sequence of banking transfers or commercial transactions.

In the digital era, digital platforms like online wallets, cryptocurrency exchanges, shell websites, and e-commerce portals are often misused to disguise illicit money. These methods allow rapid transfers with minimal traceability.

The Prevention of Money Laundering Act, 2002 (PMLA) is the key legislation in India that combats such financial crimes. Its objectives include:

• Preventing and controlling money laundering
• Confiscating and seizing property obtained from laundered money
• Imposing reporting obligations on financial institutions, intermediaries, and payment gateways

Key Sections:

• Section 3: Defines the offence of money laundering
• Section 4: Punishment for money laundering (Rigorous imprisonment of 3–7 years and fine)
• Schedule: Lists predicate offences under IPC, IT Act, etc. linked to cyber frauds

Digital Significance: Now includes cryptocurrencies, online shell companies, and cross-border e-wallets as sources and mediums for laundering illicit gains.

Online Trading Fraud

Online trading fraud involves deception related to financial instruments like stocks, forex, cryptocurrencies, or commodities, offered via fake or unregulated trading platforms.

Modus Operandi:

• Fraudsters pose as brokers or agents offering unrealistic returns
• Victims are lured into depositing funds through UPI or wallet transfers
• Fake dashboards show increasing profits until the site is suddenly shut down

Common in India through unregistered forex platforms and illegal crypto exchanges. These activities also violate SEBI regulations and the Foreign Exchange Management Act (FEMA).

Legal Remedies: Sections 66C, 66D of IT Act, IPC 420 (cheating), and PMLA provisions (if money laundering involved).

Investment Scams

Investment scams trick people into investing money in fake schemes, often with the promise of high returns, using digital advertisements, social media platforms, or phishing emails.

Types of Online Investment Scams:

• Ponzi Schemes
• Fake cryptocurrency Initial Coin Offerings (ICOs)
• Multi-Level Marketing (MLM) frauds

Case Example: Fraudulent app-based investment schemes that collect crores from small investors across India, then vanish without trace.

Applicable Laws:

• Prize Chits and Money Circulation Schemes (Banning) Act, 1978
• SEBI Act, 1992 – for unregulated collective investment schemes
• IT Act & IPC for fraud and data misuse

Cyber Extortion

Cyber extortion involves the use of online threats to extract money or data from victims. It often includes ransomware attacks, email threats, and DDoS (Distributed Denial of Service) threats.

Common methods:

• Ransomware: Malware that encrypts files and demands payment for the decryption key
• Threatening exposure of private or sensitive data
• Threatening reputational harm or attacks on business servers

Applicable Indian Laws:

• Section 66 of IT Act: Computer-related offences
• Section 384 of IPC: Punishment for extortion (up to 3 years and fine)
• Section 503 & 507 of IPC: Criminal intimidation and anonymous threats

International Issue: Extortion via dark web and crypto payments are harder to trace, requiring international cyber law cooperation and CERT-In intervention.