Posted on: July 12, 2020 Posted by: admin Comments: 0

Author : Rheea Lall, Student at Presidency University, Bengaluru


Across the world, with the rapid development in the technology, the modus operandi of crimes have also been transformed. The cyberspace offers great ease and opportunities to everyone including the criminals. It provides a platform for the criminals to commit traditional crimes in a modern way. In the virtual world where it is very easy to gain information on the internet, possibility of the personal information of an individual falling into wrong hands have been increasing. The information acquired can be used for any kind of fraud or gaining other wrongful benefit by using someone else’s identity. This kind of activity is known as Theft of Identity in Cyberspace.

Cyberspace Identity Theft is an exploding cybercrime. It can be very devastating. In the wrong of Identity Theft the subject is intangible objects, i.e. any data or information. According to NortonLifeLock’s annual Cyber Safety Insights Report, about 4 in 10 respondents in India (39 Percent) have come across, identity theft.[1] The cases of identity theft goes unreported as the victim remains unaware of the victimization. Criminalizing, investigating, prosecuting and punishing the cyber criminals seems to be a distant dream. This paper aims to analyze the different kinds of identity theft, techniques used, intricacies of present laws and the measure to prevent this crime.


An individual’s identity is the unique characteristics which is the distinguishing factor between individual and others. Legally, the identity of a person can be determined by government document including birth certificate, AADHAR card, driving license, Voter ID or any other sensitive personal information. Identity traits can be measured into three types:

  1. Physical traits
  • By way of appearance (Face, Gender, Stature)
  • By means of Behavior (Personality traits, Posture, Gait, e.g. way of typing)
  • Biology (Voice recognition, DNA, Fingerprints, Retina or retinal patterns)
  • Augmentation (Personal Records)
  1. Assigned traits
  • Name, Address
  • Identifying number (Driving license no.)
  • Ad hoc Account No. (Financial credentials like Credit cards, Bank account)
  • Computer linked (Passwords, Electronic Signature, Crypto logic keys)
  1. Abstract traits[2]

Identity theft may be fraud or another illegal activity where the identity of an existing individual is utilized as a target or vital instrument without that individual’s assent.[3] In this wrong, the accused uses fraudulent methods to avail the victim’s identity in order to use it to obtain credit or access resources and any other benefit. This fraudulent act is done by electronic medium with the help of internet. Committing such thing is easy because of the technology but tracking the accused is much difficult. Identity theft further leads to other crimes related to the misuse of the identity of an individual. The victim had to suffer financial, mental and emotional health consequences.

Identity theft can be understood in different stages including the possessing the identity, using the identity for committing a wrong and discovery of it. Firstly, the cybercriminal possess the identity of the victim by using different techniques of identity theft. Secondly, the acquired identity of the victim is utilized for monetary gains or to escape from arrest or else to cover up one’s identity from the law implementing authorities. Violation in this stage may incorporate account takeover, opening new accounts, extensive utilization of the victim’s debit or credit card[4], insurance fraud etc. Thirdly, discovery of the theft, sometimes it is discovered immediately in case of misuse of credit card, but in other cases it may even take years for the discovery.


The fraudsters uses various social media platforms for obtaining personal information of people. There are various methods for stealing identity which are as follow:

Phishing: A phishing attack have a potential to entrap multiple recipients. In this method, the cybercriminal sends deceptive emails to trick the recipient of some financial institution or any other trusted institution for obtaining information. In order to acquire the information they give reasons such as the information is required for better services or in case of failure of giving information the account will be suspended etc.

Pharming: In such type of practice, when the victim clicks on the authentic link, he will be automatically directed to a fake website without his consent. This can be done by installation of malware in the computer of victim. Multiple users can be targeted by this, at the same time.

Skimming: Utilizing this technique, criminals use a little electronic gadget called “skimmers” that can duplicate credit or debit card information after swiping the card. Since any card with a magnetic strip such as library cards are programmable, criminals can create extra cards by utilizing stolen data.[5] Then it can be used to withdraw money by way of fraud from the account of the victim. But, the credit card remains with the victim itself.

Vishing: In this technique phishing is done over a fake phone call. It is done generally with fake Caller Id to trick the victim and represent themselves as legitimate, in order to acquire information.

Hacking: Unapproved approach to computer systems or network to obtain individual or organizational data can be termed as hacking. The information may be sold to gain profit. It is a method of exploiting the personal computer or network of the victim in order to control the victim’s activity.

Malicious software: The cybercriminals trick people to install malware so as it become easy to attack on the computer of the victim. It is often installed while using any unauthorized website for downloading free games or movies online. Once the malware is installed in the computer it become easy to attack on that computer and access the personal information.

Unsecure Websites: Secured websites have prefix “https:” and not “http:”. Stealing of information can be done quite easily by unsecured website. The user must check whether the website is secured or not before making any transaction.

Weak password: Most often people use short and easy passwords for their Social media accounts. Weak passwords are easy to break for the cybercriminals. It is always suggested to use long and unique passwords with special character, so as to maintain the security of the social media account.

Targeting children online: Children are easy target of cybercriminals. They share the information without even realizing the consequences of it.


Identity Theft takes place in different forms including criminal, financial, synthetic, medical, identity cloning and concealment which are discussed as follows:

Criminal Identity Theft: This can be identified where the criminal provides the information of the victim to the law enforcement authorities, as his own. It can be done just by creating fake ID. And the consequence can be issue of warrant or arrest of the victim.

Financial Identity Theft: People become victim of financial identity theft very often. The cybercriminal use the wrongfully acquired personal information of an individual to gain financial benefit. It can be exceptionally stressful at times. It can take long time varying from months to years, to correct the impacts of financial identity theft and outcome may be huge volumes of debt and low credit score.[6]

Identity Cloning and Concealment: Here, a criminal collects personal identifiers and then impersonates an individual in an effort to conceal themselves from authorities to avoid arrest, deportation or even just creditors. This can go on undetected virtually forever.[7]

Synthetic Identity Theft: In this category, criminals make false characters utilizing forged or genuine data, or a combination of the two. For example, the cybercriminal might utilize a genuine Social Security number, but utilize a title that’s not related to that number. Children and perished individual can be at risk since their Social Security numbers ordinarily aren’t effectively utilized.[8]

Medical Identity Theft: When the cybercriminal employs the victim’s private data to get medical care or the insurance benefit in the name of the individual. These sorts of thefts usually result in wrong entries being made in existing medical records or indeed the making of sham medical records beneath the victim’s title.[9]


The number of cases of cyberspace identity theft is increasing rapidly despite that a very less number of cases are reported. In most of the cases the crime goes unreported as the victim is unaware that he has fallen prey to such crime. In some of the cases the victim does not report the crime despite being aware of his victimization. The reason being the doubt in law enforcement agencies, unaware about where to report, family member of the perpetrator, embarrassment and so on.


Identity theft is another borderless and a rapidly growing crime. This is a multi-jurisdictional crime as the accused may be anywhere across the globe and this makes investigation a really tough task. Another problem is that there is no specific legislation for identity theft. Identity theft is an invasion of the privacy of an individual and hence is violative of Article 21 of the Indian Constitution that guarantees the right to privacy.  Therefore, Information Technology (Amendment) Act, 2008 along with Sections of Indian Penal Code manages the punishment for such activities.

Provisions under the Information Technology Act: In India, the IT Act plays the principal role in controlling technology based crimes. Section 43 of the Act come up with punishment in the shape of compensation for accessing the computer of the owner without his permission. Section 66 of the Act deals with imprisonment which may extend to three years or fine which may expand to five lakh rupees or both to any individual who malafidely does any act referred to in Section 43. Section 66B provides Punishment for falsely receiving stolen computer asset or communication device is detainment for a term which may expand to three years or with fine which may expand to rupees one lakh or with both.[10] Penance for Identity theft is specifically given in Section 66C of the IT Act, which was inserted by Amendment Act of 2008, as whoever, with wrong intention utilize the electronic signature, password or any other unique identification feature of any other individual, shall be imprisoned for a term which may expand to three years and moreover be obligated to fine which may expand to rupees one lakh.[11] Section 66D provides punishment for cheating by impersonation utilizing computer resources.

Relative Sections under Indian Penal Code: The elements of both theft and fraud are included in the wrong of Identity Theft. Certain arrangements in the Indian Penal Code, like forgery and fraud, which prior represented such violations regarding false documents, were corrected by the Information Technology Act, 2000 to incorporate electronic records.[12] Section 464, Section 465, Section 468, Section 469, Section 471 and Section 474 of IPC dealing with forgery, making sham records, forgery for purpose of cheating, reputation, using as genuine a forged document  and possession of a document known to be forged and intending to use it as genuine respectively can be integrated with the provisions of the IT Act.[13]

Provisions are formulated in the Data Protection Laws and Regulation 2020 in an effort of securing sensitive personal data, so as to guarantee assurance of data and privacy.

The Government has made certain recommendations that two new sections must be included in the Indian Penal Code, i.e. Section 147A and Section 419A. Section 147A deals with punishment for cheating by utilizing any unique identification feature of some other individual. Section 419A come up with punishment for cheating by imitating in the cyber space.


Everyone being a part of the virtual world, no one is immune to cybercrimes and it is affecting each one of us. Developments have been done like cyber police station are set up and infrastructure has been improved. Although, more technical advancements are necessary to prosecute and investigate cybercrime. Some of the suggestions to prevent Identity Theft are as follows:

  1. Strictly control common contact with information records by reviewing who ought and has to have approach to. Limit the approach to restricted staff with strict rules for those who have the power to handle the personal- identifying data.[14]
  2. Safeguard the digital data with modern and updated security measures like password security, data encryption and firewalls that keep violators out by keeping away unapproved entrance.[15]
  3. Credit reports must be checked regularly.
  4. Never give any of the personal information on a phone call or mail. Rather visit the institution in whose name the call or mail is received.
  5. The victim of identity theft after getting knowledge of his victimization, instantly disclose the circumstance to the Police. The Police has an obligation to assist him/her, take a formal report and make referrals to other agencies, when appropriate.
  6. Evidence related to the complaint of identity theft must be kept safe including, but not limited to social media messages, log files, mail receipts, and cancelled checks.

Staying alert is very necessary while being active in the virtual world. Oversharing of information must be prevented as it may be very dangerous. An individual can reduce the risk of identity theft just by mere use of common sense.


With the growing advancement in the technology, the threat of Cyberspace Identity Theft is also increasing.  As the crime is of global nature, international cooperation is very essential to control this crime. No accurate and widely accepted definition of Cyberspace Identity Theft is yet found in any legislation, across the world. For Investigating, prosecuting and punishing cybercriminals the prosecuting agencies needs to be trained well in technology. Vigilance among people is highly required regarding safe internet practice. To mitigate the risk of Identity Theft, protective steps must be taken at individual and state level.


[1] 4 in 10 Indians have experienced identity theft: Report, available at accessed on 07.05.2020.

[2] Identity Theft; Social Engineering and Cyber Crimes, available at accessed on 04.07.2020.

[3] B.-J Koops, R. Leenes, identity Theft, Identity Fraud and/or Identity-related Crime, Datenschutz and Datensicherheit, 30 (2006)9, p.556.

[4] Identity Theft- A Research Review, available at accessed on 07.07.2020.

[5] An analysis of identity theft: Motives, related frauds, techniques and prevention, available at accessed on 10.07.2020.

[6] What are the Most Common Types of Identity Theft? Available at accessed on 08.07.2020.

[7] Types of Identity Theft, available at accessed on 08.07.2020.

[8] Types of Identity Theft, available at accessed on 08.07.2020.

[9] Supra note 7.

[10] Cyber Theft- A Serious Concern in India, available at,to%20three%20years%20and%20shall accessed 09.07.2020.

[11] Section 66C, The Information Technology Act, 2000.

[12] Identity Theft- A Critical and Comparative Analysis of Various Laws in India, available at accessed on 10.07.2020.

[13] Supra Note 10.

[14] Economic Impact of Identity Theft in India: Lessons from Western Countries, available at accessed on 07.07.2020.

[15] Id.

Leave a Comment