Author: Omkar Abhijit Thosar, a student at Advocate Balasaheb Apte College of Law (ABACL)
Introduction
This case explores the phishing scam committed by the defendants who sent fraudulent emails to a certain number of targeted persons posing as Nasscom in order to extract personal data of such persons which includes credit card numbers, bank account details, etc.
Cyber scams are referred to as scams done by an individual or a group of individuals in order to hijack personal data of people through the internet. Scammers develop a structure which ensures believability and create a sense of urgency amongst the targeted individuals which induces them to act immediately without pondering over the validity and necessity of such urgency.
Cyber scams are different than other scams in the sense that they are considered to be a perceived danger since they take place in the virtual world of internet. Even though there has been a significant increase in the cases of cyber crimes people are still not concerned about the importance of cyber security until and unless they themselves become victims of cyber scams.
It also cannot be denied that preventive measures against cyber crimes are limited as the person voluntarily succumbs to such scams by clicking on a hyperlink or opening a document which contains virus. It is true that the scammers induce the person to perform the act which leads to leakage of his personal data but it is also the duty of the person to crosscheck the authenticity of the claims made by the scammers in the emails (known as phishing) or through any other sources.
Phishing in particular is a type of cyber scam in which the scammers send a forged email impersonating a reputed organization to a targeted set of individuals in order to obtain their personal financial data like credit card numbers, bank account details. The term phishing is derived from the physical activity of fishing wherein a person sets out a bait in a lake, hoping some fish latches onto it, similarly in phishing the scammers set out a clickbait, hoping that one of their targeted individuals latches onto it.
Case Analysis:
Petitioner:
National Association of Software and Service Companies (Nasscom), one of the leading software organizations at that time was the petitioner in this case. Nasscom filed a suit in the court seeking permanent injunction against the defendants from sending illegal emails in the name of Nasscom which resulted in misuse of their name thereby tarnishing their image amongst the public at large.
Offenders:
The defendants were in charge of an employment agency responsible for providing employment opportunities to job seekers. The defendants then posed as Nasscom and sent fraudulent emails to target individuals in order to extract their personal data. The defendants designed these fraudulent emails in such a way that the receiver would be induced to believe that these emails are sent from the original Nasscom itself. The defendants then used the personal data gathered from these fraudulent emails for identifying suitable candidates for different job roles and thereby projecting their image as an authentic employment agency. The defendants capitalized on the loophole of lack of legislation defining and penalizing internet fraud, let alone sub dividing into specific category of phishing.
Issues:
The main issues in this case were whether the act done by the defendants can be categorized as fraud or is it mere misrepresentation.
Bench:
The case was decided by a single judge bench of the Delhi High Court.
Decision:
The Delhi High Court held that phishing is a fraudulent act and that there is absence of any specific legislation which penalizes phishing. The court defined the act of phishing in the legal context thereby expanding the ambit of misrepresentation by linking it to the frauds committed on the virtual world of internet. The court further directed the defendants to pay monetary compensation to the petitioner for the damages incurred by them. The court also passed an injunction order thereby restricting the defendants from fraudulently posing as Nasscom.
Key Points:
Defining Phishing as a fraudulent act:
On account of lack of legislation defining and penalizing phishing, the definition of phishing given by the Delhi High Court and categorizing it as a fraudulent act served as important precedent in the domain of internet frauds.
Awarding monetary compensation to petitioner:
Under the law of torts, there are two important legal maxims – Damnum sine injuria i.e. damages incurred in absence of injury and Injuria sine damnum i.e. Injury suffered without damage. In the case herein, the petitioner has suffered an injury without damage i.e. Injuria sine damnum, since the legal right of petitioner is violated but there are no actual damages incurred.
However, the Delhi High Court regarded the infringement of the intellectual property rights of the petitioner with respect to misuse of its trademark name by the defendants and considered the intangible damages suffered by the petitioner on account of misuse of their name equating it to defamation and thereby awarded monetary compensation to the petitioner.
Abstract:
This case explores the commission of internet fraud or cyber scam by the defendants with a view of extracting personal data of targeted individuals by posing as the petitioner. The petitioner’s contention was that the defendants had misused their name with malafide intentions by sending fraudulent emails to targeted individuals with a view of extracting their personal data, thereby tarnishing their image leading to loss of reputation. The petitioner was seeking injunction against the defendants in order to restrict them from misusing their name and thereby put an end to the intangible damage caused by such illegal usage.
The Delhi High Court issued an injunction order against the defendants thereby restricting them from sending fraudulent emails posing to targeted individuals posing as the petitioner.
Keywords:
Violation of Legal Rights, Cyber scam, Phishing, Extraction of Personal Data, Injunction Order
Conclusion
This case highlights the importance of precedents set by the judiciary in cases wherein there is absence of a specific legislation governing the concerned issues of the case.
The doctrine of separation of powers which specifies that the legislature must only legislate, the executive must only administer and the judiciary must only adjudicate is not followed in the absolute sense in today’s era as states are no more just laissez-faire police state, rather the states are regarded as welfare states wherein their functions are not only restricted to maintenance of law and order. Hence, when the judiciary sets a legal precedent it performs the function of the legislature but this is the need of the hour in today’s era as the legislature cannot be overburdened with the task of legislating for each and every part of the legal domain.
References
https://indiankanoon.org/doc/1804384/
https://www.nyayshastram.com/post/nasscom-v-ajay-sood
https://www.indiancybersecurity.com/case_study_nasscom_ajay_sood.php
FAQS
Q1. What is Phishing?
Answer: Phishing is type of cyber scam wherein the scammer sends a fraudulent email posing as a reputed organization to targeted individuals with a view of extracting their personal data.
Q2. What is the significance of this case?
Answer: Nasscom vs Ajay Sood & Ors. is regarded as a landmark case in the field of cyber security as Phishing was defined and categorized as an internet fraud in this case
