If someone uses your private images to blackmail you, that is termed as online sextortion. It
is always important to act fast but methodically in order to not suffer too much, and most
importantly, find help. Here is the guide for dealing with the situation:

A. Neither pay nor agree with the demands

Paying the extortionist or complying with their demands often leads to further exploitation, as
it signals that you are willing to comply. Do not threaten the perpetrator or provoke them.
Keep communications brief.

B. Collect and preserve evidence

Document all communications with the extortionist, including emails, messages, and threats.
Do not erase or edit messages which could become evidence later. Capture the perpetrator’s
username, email address, or phone number along with the networks they use.

C. Report the crime

In India, you should raise your complaint with the Cyber Crime Cell at their reporting portal
at https://cybercrime.gov.in or contact the local police.
Report the extortionist’s profile and activities on the platform they are using (Facebook,
Instagram, WhatsApp, etc). Most social media sites have policies against this and can take
action to block or remove the user account.
If the images have been shared online, inform the website administrators that they should be
removed under privacy laws.

D. Protect your online accounts

Change all your passwords, especially those associated with the extortionist’s
communications. Add an extra layer of security to prevent unauthorized access. Use
resources like “Have I Been Pwned” to check whether your email or accounts are already
compromised.

E. Utilize available legal protections

India has very robust legal provisions for crimes of this nature:

Section 67A of the Information Technology Act, 2000: This Section penalizes the act of
publishing or transmitting obscene material. It attracts punishment of imprisonment and/ or
fine or both.
Section 77 of the Bhartiya Nyaya Sanhita, 2023 (Voyeurism): Criminalises acts of sharing
intimate or private content of a person without their consent. The act is punishable with
imprisonment and/ or fine or both.
Section 308 of the Bhartiya Nyaya Sanhita, 2023 (Extortion): This Section deals with
extortion by force or coercion. These cases are punishable by imprisonment and/ or fine or
both.

A. Report to the site

Most online platforms have policies against sharing explicit or private content without
consent. Here is how to report:
Social Media Platforms: Use built-in tools to report and request the removal of inappropriate
content on platforms like Facebook, Instagram, or Twitter.
For example: Facebook/ Instagram: Help Center; Twitter: Report Abuse or Sensitive Content
Video-Sharing Sites: Report the content on sites like YouTube or Vimeo using their reporting
tools.
For example: YouTube has “Report Privacy Violation”.
Web Hosts: If the content is on a personal website or blog, contact the host or domain
registrar.

B. File a complaint with Authorities

In India, uploading or sharing private images/ videos without consent is a punishable offense.
You can file a Report with the local Police by visiting your nearest police station or
cybercrime cell to lodge a formal complaint or report it online by using the National Cyber
Crime Reporting Portal at: https://cybercrime.gov.in.

C. Laws applicable in India

Section 66E of the IT Act, 2000: Punishes the violation of privacy by capturing, publishing,
or transmitting private images without consent, with imprisonment and/or a fine upto ₹2 lakh.
Section 77 of the BNS, 2023 (Voyeurism): Applies to sharing intimate content without
consent, punishable with Imprisonment up to 3 years for the first conviction, and up to 7
years for subsequent convictions.
Section 67 and 67A of the IT Act, 2020: Covers publishing obscene material or sexually
explicit content. The act attract imprisonment which may extend up to 5 years for the first
offense.

D. Request Content Removal from Search Engines

If the images/ videos appear in search engine results:
Google: Request the removal of content through the Google Content Removal Tool.
Bing or Yahoo: Similar tools exist for other search engines to remove sensitive content.

E. Key Contacts in India for Immediate Action

National Cyber Crime Reporting Portal: https://cybercrime.gov.in
Women’s Helpline (181): Offers immediate support for women in distress.
Cyber Peace Foundation: Provides assistance and resources for victims of cybercrime.

Child pornography in India is strictly prohibited and punishable under various provisions. It
is the duty of citizens to report the content to appropriate authority. The methods for reporting
include:

A. Online reporting

Online complaints can be registered by visiting the National Cyber Crime Reporting Portal at
https://cybercrime.gov.in and selecting “Report Women/ Child Related Crime” to report
Child Sexual Abuse Material (CSAM) anonymously or formally.
Childline India (1098): Dedicated number to report your grievances relating to protection of
children.

Cyber Tipline-International Report: If it is from a country other than India, then you can
report it to the National Center for Missing & Exploited Children (NCMEC) at
https://report.cybertip.org/.

B. Contact your local authorities

You can complain at your local police station or cybercrime cell. Share your document with
them for further investigation.

C. Report through the platform

Report the crime using the reporting feature on various platforms such as Facebook,
Instagram, Twitter, YouTube etc. Platforms usually have teams that take care of such
complaints and may even forward it to the law enforcement.

D. Legal Landscape in India

India has enacted some of the toughest laws to combat child pornography:
Protection of Children from Sexual Offences (POCSO) Act, 2012: It criminalizes the
creation, distribution, possession, and consumption of Child Sexual Abuse Material (CSAM).
Sentences up to 5 years of imprisonment for first-time offenders and 7 years for second-time
offenders.
Section 67B of the IT Act, 2000: Prohibits the publishing or transmitting of child
pornography. It attracts imprisonment and a fine which may extend to ₹10 lakh.

E. Child Protection Organizations

Several organizations can help in reporting and handling the case:
CyberPeace Foundation: Provides resources and assistance in cybercrime cases.
Bachpan Bachao Andolan (Save Childhood Movement): Working against child exploitation,
they can be contacted for reporting.
International Watchdog Groups: INHOPE (www.inhope.org) is one of the international
groups providing resources worldwide for reporting Child Sexual Abuse Material (CSAM).

Yes, you could be held liable for receiving an explicit image of a minor, even if you didn’t ask
for it, as possession of such material is illegal in many jurisdictions, including India. Even if
the possession is done accidentally, this act is illegal, but by reporting and deleting it, you are
not a criminal. However, your intent and actions upon receiving the image will greatly
influence how the situation is addressed. Here is what you should do to protect yourself:

A. Act Immediately

If you come across an obscene image containing a child, do not download the image to your
device or back it up to your systems (e.g., cloud storage). Possession itself is a crime. Sharing
or forwarding the image, even to law enforcement, may be considered distribution and result
in legal consequences. If such material is being distributed in a group chat, one should leave
the group immediately after reporting the problem.

B. Report the Incident

Reporting the picture proactively can help show that it was not done with bad intent and
could help the authorities take corrective action on the crime. This is how it can be done:
National Cyber Crime Reporting Portal: File a report anonymously or formally at
https://cybercrime.gov.in under the Child Pornography/ Child Sexual Abuse Material
(CSAM) category.
Local Police or Cyber Crime Cell: Visit the nearest police station or cybercrime unit to report
the crime.
To the Platform: Report the images and group details to the message platform (which may be
one of WhatsApp or Telegram). Nearly all platforms operate with zero tolerance for Child
Sexual Abuse Material (CSAM) and will very quickly remove them and report same to law
enforcement.

C. Collect and Preserve Evidence

Record the sender’s information, the date the photo was received, and any other relevant
information concerning the crime. If possible, capture a screenshot of the group chat or
sender’s profile (but do not save or store the explicit photo itself). When reporting to the
authorities, give them the information they need without forwarding or saving the image.

D. Cooperate with Investigations

When notified by authorities, of the photo, express that you did not request the material and
acted to report and take it down as soon as possible. Supply any proof or information that can
help the investigation.

If you find a charge on your card that you did not authorize, do the following for disputing it
promptly:

A. Inform your bank or card issuer

Dial the customer service number printed on the back of your card to report the charge. Share
all the information regarding the charge, such as the amount, date, and name of the merchant.
Many banks enable users to freeze their cards temporarily using their app, which will restrict
further unauthorized transactions.

B. Submit a formal dispute

Go through the process of your bank in disputing charges. This usually involves filling out a
form or submitting the request online. Provide evidence and supporting documents, if
necessary, like receipts or correspondence to prove that the charge was unauthorized.

C. File a Police Report

If you suspect fraud or theft, file a report with your local police station. Your bank may
require this report as part of their investigation.

D. Replace your card

Request a new card with a different number to prevent further unauthorized charges. Stay in
touch with your bank until the issue is resolved. Ensure the unauthorized charge is reversed
and you’re not held liable.

If a debit/ credit card goes missing or stolen, it is important to act promptly to minimize
potential fraud. What you should do:

A. Report the loss immediately

Contact your bank or card issuer: Use their customer service number, usually found either on
your bank statements or the issuer’s website.

Block the card: Request the issuer to deactivate or block the card to prevent unauthorized
transactions.

B. Monitor your account

Look for any unauthorized charges and note them for reporting. Activate transaction
notifications (if available) to stay informed about any activity on your account.

C. File a fraud report

Dispute unauthorized transactions by informing your bank about any suspicious activity.
Most banks have a formal dispute process. If the card was stolen, file a police report and
provide documentation.

D. Get a replacement card

Your bank will issue a replacement card with a new number. Update your card details for any
recurring payments or subscriptions tied to the lost card.

E. Secure your account

Update your card’s PIN and online banking password for added security. Ensure no other
banking or personal accounts have been accessed. Ensure your old card is fully deactivated,
and your account is secure.

It is very important to protect your card information while shopping online to prevent fraud
or unauthorized transactions. Here are some practical precautions with legal and security
considerations:

A. Use Secure Websites

Check for HTTPS: The website’s URL should have “https://” instead of “http://” at the
beginning, with ‘S’ signifying a secure connection.
Shop on Trusted Sites: Only shop on trusted, reputable sites. Avoid suspicious and unknown
sites.

B. Avoid Public Wi-Fi

Use Secure Networks: Avoid entering card details on public Wi-Fi. If necessary, use a Virtual
Private Network (VPN) for added security.

C. Enable Two-Factor Authentication (2FA)

According to the Reserve Bank of India (RBI) guidelines, Indian banks provide two-factor
authentication for online card transactions. Ensure that OTP (One-Time Password) or other
2FA methods are enabled for your transactions.

D. Use Virtual Cards or Payment Wallets

Virtual Cards: Some banks offer virtual debit or credit cards for online shopping. These are
temporary and minimize exposure of your actual card details.
Digital Wallets: Use wallets like Paytm, Google Pay, or Apple Pay to add an extra layer of
security.

E. Do not save card details online

RBI Tokenisation Rules, 2022: As per the RBI rules, your merchant in India cannot store
your card details. It uses tokenization to replace sensitive card details with a unique identifier
for safety.

F. Be cautious of phishing scams

Do not share your card details via email, phone, or text messages, even if the request appears
to be from a trusted source. Verify links before clicking, as fraudulent sites often mimic
legitimate websites.

G. Other measures

Use unique, complex passwords for online shopping accounts. Avoid reusing passwords
across platforms.
Establish daily or transactional limits on online purchases. Most banks provide the ability to
set a daily or transactional limit for online purchases.
Regularly update your browser and operating system to close holes in security.

H. Use RBI’s Grievance Mechanism

If you suspect unauthorized use, report it immediately. Indian consumers can also use the
RBI Ombudsman Scheme for unresolved complaints.
By following these precautions with vigilance, you can significantly reduce the risk of online
fraud.

If you believe you have been caught by an SMS phishing (smishing) scam because you
clicked a link, take the following steps immediately to limit exposure.

A. Disconnect from the Internet

Temporarily disable Wi-Fi and cellular data to avoid any further unauthorized access or data
theft.

B. Do not provide any information

If a webpage asks to input personal info or financial info, do nothing at all about that.

C. Run a virus scan on your device

Just download and activate an antivirus program, or app. This app should be designed to find
harmful programs like malware, worms etc., on your device.

D. Change all passwords

If you think you have been targeted, change your email and banking passwords and all other
sensitive account passwords. Use a different password for each account and turn on two-
factor authentication (2FA) wherever possible.

E. Monitor your financial transactions

Check your bank and credit card statements for unauthorized transactions. Report to the bank
to mark the risk as flagged.

F. Report the Incident

If the suspicious link involved financial information, notify your bank immediately to secure
your account and prevent unauthorized transactions.
File a complaint with the Indian Cyber Crime Reporting Portal at https://cybercrime.gov.in.

G. Block and delete the message

Block the sender’s number to prevent any further messages and delete the suspicious SMS.

H. Legal Protection in India

Under Information Technology Act, 2000, Smishing is a cybercrime, and an individual can
file a complaint under the following provisions:
Section 66C: Punishes for identity theft as perpetrators often impersonate legitimate entities
like banks, government bodies or other service providers.The act is punishable with
imprisonment and fine.
Section 66D: Punishes for cheating by impersonation through electronic communication or
computer resources. Punishment may range from fine to imprisonment.

If you are suffering from cyberbullying, there is a range of support available and legal action
can be taken. The following may be implemented:

A. Quick responses

Make sure to use block or report facilities on the place where the bullying activity is
happening. Save and take screenshots of messages as evidence of harassment to bring it into
your report

B. Support Help Lines

National Cyber Crime Helpline: Dial 1930 for immediate support or visit the National Cyber
Crime Reporting Portal at https://cybercrime.gov.in.
Childline India: Dial 1098 for children under the age of 18 to report cyberbullying
Women Helpline (181) for women who face online harassment.

C. Legal Provisions

Information Technology Act, 2000:
Section 66C: Punishes identity theft and online impersonation.
Section 67: Punishes publishing or transmitting obscene material on or over any computer
resource.
Bhartiya Nyaya Sanhita (BNS):
Section 351: Punishes criminal intimidation via anonymous communication.

Section 79: Addresses acts intended to insult a woman’s modesty.

D. Reporting Mechanisms

Cyber Crime Reporting: Use the link https://cybercrime.gov.in to file complaints, including
anonymous filing.
Social Media Platforms: Most platforms like Facebook, Instagram, and Twitter have in-built
tools to report abusive behaviour.
Police Station: File an FIR at your local police station, and include the evidence collected.

There are various ways you can report a cybercrime in India. Here are the main steps to
report a cybercrime in India:

A. File a Complaint with the Cyber Crime Cell

You can file a report with the Cyber Crime Police Station in your area. Many cities in India
have dedicated cybercrime police stations where experts can handle such cases.

Steps:

Go to the nearest police station, if there is a cybercrime unit in your region.
Give details of the cybercrime, such as hacking, online fraud, identity theft etc.
File a First Information Report (FIR), with as much detail as possible, including screenshots,
transaction details, emails, or other evidence.

B. National Cyber Crime Reporting Portal (Cyber Crime Helpline)

The National Cyber Crime Reporting Portal is an official reporting platform launched by the
Government of India for cybercrimes.

Steps:

<
Go to https://cybercrime.gov.in.
Register or Login to your account and open “File a Complaint” section.
Select the type of cybercrime like fraud, harassment, theft etc.
Fill out all the details of the complaint and attach the relevant documents.

After submitting the complaint, a reference number is provided for you to follow up on it.

C. Dial 112 or 100 Emergency Number to reach the Police

If you are in an immediate dangerous situation, or you find yourself as a victim of
cyberbullying or harassment, you can contact emergency numbers 112 or 100. You can have
your complaint taken by the police and transmitted to the cybercrime desk, or the police can
take appropriate and urgent action depending on the circumstances.

D. Online Service Platform

If the cybercrime involves platforms such as Facebook, Instagram, Twitter, or WhatsApp,
report the crime directly to the site. Each platform has a reporting system on abusive content
or accounts.

Steps:

Proceed to the website where the crime took place.
Look for report abuse, fraud, or violation.
Give all information and evidence related to the crime.

E. Online Banking or Payment Fraud

If you feel that your bank account has been compromised or you have been scammed via
online banking or payment systems, report it to the bank immediately. Most banks have fraud
departments dedicated to handling cybercrime related to banking.

Steps:

Contact your bank’s helpline number or visit the nearest branch.
Report the suspicious activity and request them to block your account or cards.
File an FIR with the police as well.

F. Report through other government portals

You can use other government initiatives like Digital India to report cybercrimes and cyber
security-related issues.

If you are unable to access any of the portals mentioned above, you can email the Cyber
Crime Cell of your state or the national cybercrime department. Some states have dedicated
email addresses for reporting cybercrimes

G. Report to CERT-In (Computer Emergency Response Team)

CERT-In is the security agency where the cyber incident takes place. If you feel your
personal or organizational security is in danger, like data breaching or any type of online
attacks, you may report the same to CERT-In.

Steps:

Go to the official website of CERT-In at https://www.cert-in.org.in/.
Select the incident reporting and cyber breach reporting section
Enter the required details and submit your complaint.

H. Helpline for Cybercrime Reporting

Cybercrime helpline can be reached at 1930, which is the Government’s dedicated helpline to
report cybercrimes with the steps to file a complaint.
This helpline will guide you through every step of filing a complaint and also clarify your
rights.

If you are a victim of revenge porn, you should act quickly and decisively to protect your
rights, privacy, and mental well-being.

A. Document evidence

Take screenshots of the explicit content, including URLs, timestamps, and usernames. Note
any messages, threats, or correspondence related to the incident. Avoid responding to the
perpetrator, as this could escalate the situation.

B. Report the content

Report the explicit content to the platform where it has been posted. Most platforms like
Facebook, Instagram, Twitter, and YouTube have policies against non-consensual content
and mechanisms to remove it. Use the contact form or abuse reporting system to notify the
website administrator. Request immediate takedown of the content.

C. File a Complaint with Authorities

File a complaint at your local cybercrime cell or through the National Cyber Crime Reporting
Portal: https://cybercrime.gov.in. Attach all evidence, like screenshots, URLs, and any
correspondence with the person committing the crime.
File an FIR under:
Section 77, Bharatiya Nyaya Sanhita, 2023: Punishes the act of voyeurism
Section 66E, Information Technology Act, 2000: Penalizes violation of privacy
Section 67, Information Technology Act, 2000: Deals with transmitting obscene material.

No, it is not normal or legally acceptable for legitimate employers to request payment as part
of the application process for job vacancies. Solicitation of money for job applications,
interviews, training, or onboarding often means online job scams. Here is the explanation
with the legal perspective:

A. Legal and Ethical Standards

Real employers do not demand payments for application fees, interview scheduling, training
materials, job offer guarantee etc. Any such request is unethical and could be illegal as well.
Offering job employment in exchange for money without having any valid intentions is an
offense under the Indian laws. Misrepresentation of a company’s association or employment
opportunities for personal gain is a punishable offense.

B. Legal protections against online job frauds in India

Bhartiya Nyaya Sanhita (BNS), 2023:
Section 318 (Cheating): Deceiving someone fraudulently to part with money or property,
attracts imprisonment or a fine, or both.
Information Technology Act, 2000:
Section 66D (Impersonation using Computer Resources): Using internet for impersonation of
genuine companies and cheating the job seekers.
Employment Exchanges (Compulsory Notification of Vacancies) Act, 1959:

Those listed with government employment exchanges cannot collect money from the
applicants for job vacancies, and violation of the same will attract legal action.
Consumer Protection Act, 2019:
Prevents misrepresentation of services or misleading advertisements related to job
opportunities. The victim can lodge complaints in consumer courts seeking redressal and
compensation.

C. What to do if you encounter online job fraud

Do Not Pay: Never pay any money for getting a job or interview opportunity.
Report the Scam: Cyber Crime Portal at https://cybercrime.gov.in
Police Complaint: Lodge a First Information Report (FIR) with the local police.
Verify Employers: Look for the company’s website and job postings.
Verify the company’s
registration on websites such as the Ministry of Corporate Affairs (MCA).

If you receive a suspicious call asking for personal information, you should be cautious to
avoid fraud or identity theft. Here is a step-by-step guide on how to handle such situations
effectively:

A. Do not share personal information

Legitimate organizations hardly ever ask for personal information over the phone such as
passwords, PINs, or OTPs. Sharing any such information will probably result in fraud or
identity theft. Tell the caller you will verify the request with the organization yourself.
Politely refuse to share any details with them.

B. Verify the caller’s identity

Ask for the caller’s name, department, and contact number. Do not use the number they
provide; instead, use the official contact details of the organization, available on their website
or any official documentation shared by them. Call the organization directly to confirm
whether the request was legitimate.

C. Collect and preserve evidence

Note the caller’s phone number, time of the call, and details of the conversation. If the call
was recorded automatically by your phone, save the call recording for evidence. Evidence
can help authorities track down fraudsters.

D. Report the suspicious call

Report to Authorities: Lodge a complaint at https://cybercrime.gov.in.
File the complaint at the nearest police station.
Report to Telecom Operators: Block the caller’s number and lodge a complaint with your
telecom service provider. Make use of DND (Do Not Disturb) services for decreasing spam
calls.
Report to Relevant Organizations: If the caller claimed to represent a bank, company, or
government agency, inform the organization about the call.

E. Legal Protections in India

Bhartiya Nyaya Sanhita (BNS), 2023:
Section 319 (Cheating by impersonation): This Section deals with the act of cheating by
pretending to be someone else to induce another person to share information, money, or
property.
Section 318 (Cheating and dishonestly inducing delivery of property): Punishes acts where a
person deceives with the object of fraudulently inducing delivery of any movable property.
Information Technology Act, 2000:
Section 66D (Cheating by Personation using Computer Resources): Penalizes fraud via
electronic communication, including phone calls.

No, it is not safe to give your PIN, OTP, CVV, account number, or card details over the
phone, even if the caller claims it is for verification purposes. Legitimate organizations,
especially banks and financial institutions, never ask for sensitive details over the phone.

A. What to do when someone demands sensitive details

Politely refuse and tell them you cannot disclose that information on the phone. Ask for the
caller’s name, employee ID, and contact details. Independently verify by calling the official
helpline or visiting the organization’s website.
If the call seems fraudulent, report it immediately to your bank or financial institution, Cyber
Crime Portal, and the Police station in your local area.

B. Legal Protection

Bhartiya Nyaya Sanhita (BNS), 2023:
Section 319 (Cheating by Impersonation): Punishes individuals impersonating others to
commit fraud.
Section 318 (Cheating and Dishonestly Inducing Delivery of Property): Covers deceit to gain
sensitive information or money.
Information Technology Act, 2000:
Section 66C (Identity Theft): Punishes fraudsters for stealing and misusing digital identity.
Section 66D (Cheating by Personation using Computer Resources): Specifically addresses
fraud committed over phone or online communication.

If somebody has developed a fake account based on your identity, acting as quickly as
possible would be essential to secure your reputation and to prevent illegal misuse of the
data.

A. Collect and preserve evidence

Take screenshots of the fake profile, including the bio, profile picture, posts, messages, and
interactions. Note the account’s username, URL, and any other identifying details. Evidence
is necessary when reporting the account to the authorities and the platform.

B. Report the fake account

Utilize the platform’s reporting tool to report the account which is pretending to be you.
Access the profile, click on “Find Support or Report Profile”, and follow the prompts to
report impersonation. Check if the platform’s help centre mentions the procedure to report

impersonation. Submit identification documents if required by the platform to confirm your
identity. File a complaint with the local police or the cybercrime cell at Cyber Crime
Reporting Portal https://cybercrime.gov.in. Share the screenshots, along with any messages
received and correspondence over the platform.

C. Report to your social network

Inform friends, family, and colleagues about the fake account so that they cannot be deceived
or scammed. Request them to report the account as well; several reports speed up the
platform’s action against the impersonator.

D. Legal Protection in India

Bhartiya Nyaya Sanhita (BNS), 2023:
Section 319 (Cheating by Impersonation): Punishes impersonation for deceptive purposes.
Section 356 (Defamation): Covers harm to your reputation due to the fake account.
Information Technology Act, 2000
Section 66C (Identity Theft): Punishes someone for fraudulent use of someone’s identity for
unlawful purposes.
Section 66D (Cheating by Personation using Computer Resources): Specifically refers to
impersonation through the web.

A. Verify the breach

Scan through bank statements, credit card transactions, and online accounts for unauthorized
activity. Search for unknown emails, messages, or account notifications. Check if your details
have been part of a data breach. If you suspect that data of a particular organization has been
breached, reach out to them to confirm and ask about their response plan.
Immediately update passwords for compromised accounts. Use strong, unique passwords for
each account and avoid reusing them. Add an extra layer of security to all your accounts by
enabling Two-Factor Authentication. Monitor the bank accounts, credit cards, and other
accounts for unauthorized activity. Log out from all your devices remotely in case the
platform permits it, especially email and social media.

B. Protect your financial information

Report to your bank or credit card company: Let them know about the risk of compromise
and ask them to check the latest transactions. Freeze your account or card so that no
unauthorized use can take place.
Report a fraud alert or credit freeze: For India, one can contact credit bureaus like CIBIL,
Experian, Equifax, or CRIF High Mark to report fraud alert or freeze the credit file. A credit
freeze prevents new credit accounts from being opened in your name without your consent.

C. Report the compromise

File a complaint with the Indian Cyber Crime Reporting Portal at https://cybercrime.gov.in.
Visit your local police station to file an FIR, providing details of the breach along with
supporting evidence.
Report the breach to the company or service provider where your information was
compromised.
The Indian Computer Emergency Response Team (CERT-In) handles cybersecurity incidents.
You can report breaches to them via their website at https://www.cert-in.org.in.

E. Legal Protections in India

Information Technology Act, 2000:
Section 66C (Identity Theft): Punishes the fraudulent use of another’s identity for unlawful
activities.
Section 66D (Cheating by Personation using Computer Resources): Punishment for
impersonation online or any other electronic means.
Bhartiya Nyaya Sanhita, 2023:
Section 318 (Cheating and Dishonestly Inducing Delivery of Property): Covers fraud and
misappropriation of financial or personal information.

It is annoying dealing with spam emails, SMS, and even calls that always try to make you
insure yourself or open up bank accounts. Below is how to handle them:

A. Do not respond to spam

Do not respond to spam emails or SMS, even to unsubscribe, since this confirms that your
contact information is active. Do not accept calls from unidentified numbers and never press
any button in automated calls. Through your phone settings or email applications, block the
sender or report the message as spam.

B. Register with DND (Do Not Disturb)

For SMS and Calls:
Register your number with the National Do Not Call (NDNC) Registry:
Send an SMS: Type “START DND” and send it to the number 1909.
Use the NDNC portal to select categories of communication you want to block.
After
registration, telemarketers should not call or message again.
For Emails:
Look for the “Unsubscribe” link at the bottom of valid marketing emails.
Exercise caution with unsubscribe links in suspect emails to prevent phishing scams.

C. Report spam messages and calls

Report spam messages and calls by forwarding the message to the number 1909 or using the
telecom operator’s app or portal. Include details like the sender’s number and message
content.
If the spam is related to financial services, file a complaint with your bank and notify the
RBI’s Ombudsman.
Report to TRAI (Telecom Regulatory Authority of India): TRAI regulates telecommunication
in India and provides mechanisms to report spam.

D. Legal Protection

Bhartiya Nyaya Sanhita, 2023:
Section 351 (Criminal Intimidation): Punishes for anonymous or threatening calls.
Information Technology Act, 2000:
Section 66A: Prohibits sending offensive messages electronically.

Section 72: Protects against misuse of personal data obtained in breach of confidentiality.
Telecom Commercial Communications Customer Preference Regulations, 2018:
Issued by TRAI, these Regulations govern unsolicited commercial communication, and the
violators face penalties.

If the files you have are held hostage and you are being asked for money (a ransomware
attack), follow these instructions in mitigating the situation and recovering your files without
worsening the problem:

A. Do not pay the ransom

Paying does not ensure that you will be able to access your files again. It promotes more
criminality to occur. Instead, recover the filed through legitimate means.
Immediately disconnect your desktop/ mobile from Wi-Fi, mobile data, or any other network
so that it will not spread this ransomware to other devices or systems. If necessary, shut down
the affected device to halt further encryption.

B. Identify the ransomware

Look for the ransom note, or file extensions added to your locked files. Note any contact
details or names mentioned in the demand.
Use Ransomware Identification Tools to identify the variant of ransomware by uploading
either your encrypted files or a ransom note.

C. Report the incident

To local authorities: File your complaint with the local police or at a Cyber Crime Cell.
To the Indian Cyber Crime Reporting Portal: Report the attack through
https://cybercrime.gov.in.
To CERT-In (Indian Computer Emergency Response Team): CERT-In is responsible for
dealing with all types of cyber incidents in India. Report your ransomware incident at
https://www.cert-in.org.in.

D. Try to recover your files

From Backups: Recover your files from a clean backup, if available. Make sure it is clean
and not infected.
Use Decryption Tools: Some ransomware variants have free decryption tools available
online. Check reliable sources like “No More Ransom” at https://www.nomoreransom.org.
Protect your device from further harm.

E. Prevent future attacks

Avoid clicking on suspicious links or downloading attachments from unknown sources.
Confirm the authenticity of websites before giving personal or financial information. Use a
different, unique, and strong password for each of your accounts and devices. Regularly
backup important files on an external drive or secure cloud storage.

F. Legal Protections in India

Information Technology Act, 2000:
Section 66 (Computer-Related Offenses): Punishes acts involving unauthorized access or
damage to computer systems.
Section 43: It covers the unauthorized access, viral distribution, or DoS attacks. The culprit is
liable to pay compensation to the victim.
Bhartiya Nyaya Sanhita, 2023
Section 308 (Extortion): Deals with threats for demanding payment or other concessions.

If your personal information has been compromised, take immediate steps to secure your
accounts and minimize damage. Secure affected accounts, notify financial institutions, and
report the breach. Keep an eye on financial accounts and credit reports for suspicious
behaviour. Strengthen the security parameters to ensure your data would not get hacked again
in the future.
Use the provisions available under the Information Technology Act, 2000, and Bhartiya
Nyaya Sanhita, 2023, to protect your rights:
Information Technology Act, 2000:

Section 43: Provides protection against unauthorized access or data theft, and the offenders
must compensate for damages caused.
Section 66C (Identity Theft): Punishes fraudulent use of identity.
Section 72: Penalizes unauthorized disclosure of personal data by intermediaries.
Bhartiya Nyaya Sanhita, 2023:
Section 318 (Cheating): Deals with cheating and dishonestly inducing delivery of property. It
includes fraudulent activities involving stolen personal data.

No, most jurisdictions, including India, will not allow a company or application (app) to sell
your personal information to a third party without your explicit consent. Here is an
explanation with legal context:

A. General Principles

Privacy by Consent: Generally, companies need to obtain your informed consent before
sharing, selling, or disclosing your personal data to third parties.
Terms and Conditions: Consent is often embedded in the terms of service or privacy policy. If
you agree without reading, you might unknowingly allow data sharing.

B. Legal Protections in India

Information Technology Act, 2000
Section 72: Penalizes disclosure of personal information obtained through unlawful or
unauthorized means.
Section 43A: Organizations must take reasonable security practices to protect sensitive
personal data or information (SPDI).
Compensation is payable in case of harm if there is
negligence in maintaining SPDI.
Digital Personal Data Protection Act, 2023
Consent-Based Data Processing: The Act prohibits processing or sharing personal data
without the user’s explicit consent, except under lawful exceptions. Businesses need to be
transparent about how the data is used or shared, and users can withdraw consent anytime.

Consumer Protection (E-Commerce) Rules, 2020
E-commerce organizations cannot manipulate or misuse user data and must process user data
fairly and lawfully.
Sector-Specific Rules:
Telecom: As per the guidelines of the Telecom Regulatory Authority of India, telecom
providers cannot share customer data without consent.
Banking: The Reserve Bank of India mandates strict confidentiality of customer financial
data.

C. How to prevent unauthorized data sharing

Limit the permissions of apps on your devices to only the necessary ones. Use apps from
known developers and read reviews for privacy issues. Keep track of how your personal data
is being used or shared by the company.

To prevent applications or platforms from sharing your information across platforms without
your consent, follow these practical steps and leverage applicable legal protections:

A. Control permissions and settings

Go to the privacy settings of the application/ platform. Turn off options for data sharing or
“personalized advertising” when available. Grant only permissions necessary for the app (for
example, camera or location access). Do not provide access to contact information, call logs,
and other sensitive information unless absolutely required. Refrain from logging in to apps or
platforms using your social media accounts (“Sign in with Facebook” etc.). Utilize individual
email IDs or dedicated accounts to use each different platform.

B. Opt-out of cross-platform data sharing

Locate and access the opt-out option for the sharing of data between cross-platform services
on privacy policies or the account’s setting page. Some allow the data used in the process of
creating the account for providing targeted advertising. Turn off ad preference tools offered
by companies such as Google, at https://adssettings.google.com, to limit usage of data used
for ads. Make use of the “Do Not Track” function in your browser or apps that support it.

Install a trusted VPN to mask your location and prevent tracking across platforms. Set your
browser to block third-party cookies, which are commonly used for cross-site tracking.

C. Legal protections against cross-platform sharing

Information Technology Act, 2000:
Section 43A: Requires platforms to have “reasonable security practices” in place for user
data. Sharing data across platforms without explicit consent is a violation of this section.
Section 72: Penalizes unauthorized disclosure of user information.
Digital Personal Data Protection Act, 2023:
It will require explicit user consent for cross-platform data sharing. Users will have the right
to withdraw consent if they suspect misuse.
Consumer Protection (E-Commerce) Rules, 2020:
Prohibits unfair trade practices, such as data sharing without users’ consent.

Under the Information Technology (Reasonable Security Practices and Procedures and
Sensitive Personal Data or Information) Rules, 2011, framed under Information Technology
Act, 2000, categorises Sensitive Personal Data or Information (SPDI) in India. According to
the IT Rules, 2011, the following are considered SPDI:
i. Passwords: Any passwords used to access systems, services, or personal accounts.
ii. Financial Information: Bank account details, credit or debit card information, and other
payment-related data.
iii. Health Data: Health or medical conditions including physical, physiological, and mental
health conditions or medical history and records.
iv. Biometric Information: This includes information such as fingerprints, facial recognition
data, retina scans, or voice samples for identification purposes.
v. Sexual Orientation: Information indicating an individual’s sexual preferences or
orientation.
vi. Genetic Data: Any information obtained from DNA testing or other genetic profiling.

vii. Official Identifier: Aadhaar, PAN, passport number, or voter ID number.
viii. Location Data (in specific circumstances): Real-time or historical location data that can
accurately identify an individual’s location.
ix. Other Information: Any information collected in order to deliver a particular service,
which would cause harm or violate privacy if misused.

Legal Framework Governing Sensitive Personal Data in India

Information Technology Act, 2000
Section 43A: Requires collecting SPDI to put in place “reasonable security practices” for data
protection. Victims of data breaches on account of negligence can claim compensation.
Section 72A: The disclosure of information without consent can be punished with
imprisonment or a fine or both.
Digital Personal Data Protection Act, 2023
This Act replaced the Information Technology (Reasonable Security Practices and
Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules),
framework with more expansive definitions and rights. It provides more stringent protection
of sensitive, personal data, including explicit user consent for processing and restrictions on
cross-border data transfer.

If you find out that someone is circulating a deepfake of you, it is crucial to act quickly and
wisely to safeguard your reputation, privacy, and legal rights.

A. Avoid response

Do not respond to the person sharing the deepfake as this can exacerbate the situation.
Capture screenshots, record URL links, and save the deepfake and any associated content.
Document how you came across the deepfake including the date, time, and what platform it
was on.
Most platforms, including social media sites or video-sharing platforms, have policies against
using deepfakes in malicious ways. Use their reporting tools to report it and ask them to take
down the content.

B. Legal Action

Lodge a complaint with the police or Cyber Crime Cell or on the National Cyber Crime
Reporting Portal at https://cybercrime.gov.in. Give evidence and details about the deepfake
and its use.

C. Legal Provisions

Section 67 of the Information Technology Act, 2000: Punishes publishing or transmitting
obscene material in electronic form.
Section 67A of the Information Technology Act, 2000: Penalizes the publication or
transmission of sexually explicit material.
Sections 356 and 351 of the Bhartiya Nyaya Sanhita, 2023: Punishes the acts of defamation
and criminal intimidation.
Section 78 of the Bhartiya Nyaya Sanhita, 2023: Stalking is covered under this Section and
includes the creation and distribution of harmful digital content.

Ownership of AI-generated content rights is dependent on the jurisdiction in which it is
made, the nature of the content, and the agreements stipulated in the user and AI platform.

A. General Principles of Copyright Law

Generally, copyright laws of most countries, including India, recognize only works created by
humans and not machines for granting copyright protection. If the work is created solely by
an AI with no human interference, it may not be eligible for copyright protection. If the
specific instructions or prompts given by the user have an impact on the AI-generated output,
the authorship of the resulting work could be claimed by the user based on the relevant legal
framework and the terms of service of the AI platform. Ownership is very often determined
by the terms and conditions of the platform. Generally, these include:
User Rights: Many of these platforms allow users to claim ownership or obtain a license for
the content they have contributed. For instance, OpenAI states that it permits users to retain
ownership over their output provided such usage does not violate its terms of use.

Platform Rights: Some platforms might retain the rights to use, reproduce, or modify the
created content. Check the platform’s policies for clear-cut understanding of ownership and
usage.
Indian Legal Context: India does not have specific legislation governing AI-generated
content. Still, general copyright principles under the Indian Copyright Act, 1957, could be
applied.

Can I trademark a logo generated by AI?

Yes, it is possible to trademark an AI-generated logo. However, specific conditions must be
met to prove ownership and fulfil trademark eligibility requirements.
Legal Provisions in India:
Trademark Act, 1999, allows the registration of a logo, symbol or design as a trademark
provided it satisfies the following conditions:
1. Distinctiveness: The logo must have the ability to differentiate your goods or services from
other competitors.
2. Non-Conflict: The logo, symbol or design must not infringe on existing trademarks.
3. Ownership Claim: The applicant must be able to prove ownership of the logo.

If your social media post has been embedded on several websites without your permission,
here’s a step-by-step guide to address the issue:

A. Identify the use of the post

Check how your post is being embedded (e.g., with or without attribution, for commercial or
non-commercial use). Determine if it was embedded using official sharing tools offered by
the platform, such as the embed feature available on Twitter or Instagram or copied without
permission. Capture screenshots or screen recordings of every occurrence of your post being
embedded. Record the URLs, timestamps, and any other information about the websites
using your content. Check the terms of use of the social media platform where your post was
originally shared. Many platforms grant websites limited rights to embed public posts, but
misuse or repurposing might violate these terms.

B. Contact the Website Owners

Locate the contact details of the website administrator, which can be usually found in the
“Contact Us” or “About Us” sections or through a WHOIS lookup for domain registration
information. Politely request that your post be removed. Evidence may include links and
screenshots. If the website is hosted in a jurisdiction that recognizes the Digital Millennium
Copyright Act (DMCA), you can file a DMCA takedown notice. Tools like Google DMCA
Dashboard can help file notices for Google search results.

C. Report to the Social Media Platform

Platforms like Twitter, Instagram and Facebook allow users to report misuse of their content.
Use their reporting tools to alert them about unauthorized embedding. Temporarily set the
post’s privacy settings to Private or Friends only to prevent further misuse.

D. Take Legal Action

Legal Provisions under Indian Law
Copyright Act, 1957: You are the owner of the post as a creator, and any reproduction or
embedding without permission is a violation of copyright.
Information Technology Act, 2000: Misuse of electronic content provisions are also
applicable.
File a Complaint: Approach the Cyber Crime Cell or report through the National Cyber
Crime Reporting Portal at https://cybercrime.gov.in, and provide evidence and details of the
infringement.

Identifying a Ponzi scheme requires alertness and an understanding of the characteristics of a
Ponzi scheme, as they usually masquerade as legitimate investment opportunities.

A. Common Characteristics of a Ponzi Scheme

Promises of high returns with low risk
Consistently high returns
Obscure or complicated business models
Aggressive recruitment strategy.

Non-registered investments or not subjected to any regulation
Pressure to reinvest or limited access to funds
Unlicensed sellers
Dependence on continuous recruitment

B. Legal Framework in India

As per the Indian laws, Ponzi schemes are illegal and punishable under:
Banning of Unregulated Deposit Schemes Act, 2019: Prohibits acceptance of unregulated
deposits and provides penalties for offenders.
Securities and Exchange Board of India Act, 1992: Regulates investment schemes.
Ponzi
schemes often violate SEBI regulations.
Bhartiya Nyaya Sanhita, 2023: Provisions for cheating, breach of trust and criminal
conspiracy may be applicable.

It can be both rewarding and risky in the trading of cryptocurrencies. On one hand, it gives
profit opportunities; on the other, it presents massive challenges and uncertainties. Here is a
detailed overview to help you decide whether it is safe for you to trade in cryptocurrencies:

A. Benefits of cryptocurrency trading

High Returns Potential: Cryptocurrencies have shown quick appreciation in price over short
periods.
Decentralization: Transactions are processed on decentralized networks, thus ensuring that
transactions do not depend on a central authority.
Accessibility: Cryptocurrencies are traded 24/7 meaning investors have all the flexibility in
their investments.
Portfolio Diversification: Cryptocurrencies can diversify investment portfolios due to their
low correlation with traditional assets.

B. Risks of Cryptocurrency Trading

High Volatility: Prices can fluctuate dramatically within hours, leading to significant gains or
losses.
Regulatory Uncertainty: Cryptocurrencies are not uniformly regulated globally, and some
countries restrict or ban them.
Security Risks: Hacking and fraud are rampant in the cryptocurrency world.
Frauds and Phony Schemes: Ponzi schemes, fake exchanges, and phony ICOs (Initial Coin
Offerings) have fleeced many investors of their money.
Complexity and Lack of Knowledge: It is not easy to understand the technology behind
blockchains or understand market trends.

C. Legal Status of Cryptocurrencies in India

Legality: Cryptocurrency is not completely banned in the country but, on the other hand,
hasn’t been strictly regulated. The RBI delisted its bank service ban in 2020 on
cryptocurrencies.
Tax: Income obtained from cryptocurrency would be taxed under the Income Tax Act, 1961,
with a flat tax of 30%, along with the TDS levied for every transaction at a rate of 1%.
Regulation: The Indian government had proposed a Cryptocurrency and Regulation of
Official Digital Currency Bill in 2021, for the creation of an official digital currency by the
RBI while imposing restrictions on private cryptocurrencies, but its status remains unclear.

Registering a domain name in India or internationally is an easy process.
Select Domain Name: Pick up a name which would be the representation of your brand,
business, or personality. It should be unique, memorable, and must be related to your
purpose. Check if there are available extensions like .com, .in, .org etc.
Check for availability of the Domain Name: One can check domain name availability through
domain registrar websites such as GoDaddy, Namecheap, Google Domains, or BigRock
(popular in India). It is essential to ensure that your desired name is not already registered or
trademarked by someone else.
Select Registrar: Choose a reliable domain registrar authorized by either ICANN for
international domain registrations or INRegistry for India-specific domain registrations.

Examples include, for India: BigRock, Hostinger, ZNetLive, and for International: GoDaddy,
Namecheap, Bluehost.
Register the Domain: Create an account on your chosen registrar’s website and follow the
process specified by the selected registrar to register the domain.
Privacy Protection: Consider enabling WHOIS Privacy Protection to hide your personal
details from public domain registration records.
Make the Payment: Pay for the domain name using available payment options. Domain
prices vary based on the extension and popularity of the name.
Verify your Registration: After completing the purchase, you will receive a confirmation
email. For international domains, ensure ICANN verification. For .in domains, follow
INRegistry requirements.
Link your Domain to a website: Use hosting services to build a website and connect your
domain to it. Hosting providers often offer integrated domain management tools.
Legal and Compliance Considerations: Ensure compliance with the Information Technology
Act, 2000 (India) or local laws governing domain usage. Avoid infringing on trademarks or
copyrights to prevent disputes.

A Distributed Denial-of-Service (DDoS) attack is a malicious attempt to disrupt the normal
traffic of a targeted server, service or network by overwhelming the target or its surrounding
infrastructure with a flood of Internet traffic. A quick and systematic response is essential in
mitigating a DDoS attack.

A. Detection and identification of the attack

Utilize various network monitoring tools to detect unusual traffic flows, such as sudden
spikes or traffic from particular IP ranges. Confirm that intrusion detection systems (IDS) or
firewalls send alerts when an abnormal activity takes place.

B. DDoS mitigation initiations

Use DDoS Protection Service: When you have a DDoS protection service like Cloudflare,
Akamai, AWS Shield, engage this service at once.

Use of Content Delivery Network (CDN): Traffic must be rerouted through a CDN so that the
bad requests can be offloaded.

C. Implement rate limiting and filtering

Throttle Traffic: Limit the number of requests per IP address to reduce the load from
attackers. Identify and block IPs generating excessive traffic using firewalls or Access
Control Lists (ACLs).
Temporarily increase bandwidth capacity to absorb the traffic surge, and distribute the traffic
amongst various servers for the purpose of avoiding overloading at a given point.

D. Communicate with stakeholders

Notify the security team and the manager before an attack reaches them, and let the affected
customers be aware of your efforts to mend the situation.
Isolate essential systems and data from the attacked network. Ensure that backup and
recovery systems are not accessible to the attack.

E. Reach out to your Internet Service Provider (ISP)

Report the attack to your ISP; they can help filter out malicious traffic. Ask for temporary
rerouting of traffic or traffic scrubbing services.

F. Preserving evidence

Keep a record of all suspicious traffic to analyze and present. Save the server logs, IDS alerts,
and other pertinent information for possible post-attack investigation.

G. Report the attack

In India, report the attack to the Cyber Crime Reporting Portal at https://cybercrime.gov.in or
CERT-In. For international incidents, report to the Computer Emergency Response Teams
(CERTs) or law enforcement agencies.

If you suspect that you are the target of a romance scam, it is time to be cautious and protect
yourself.

A. Do not send money

Never send money for any reason, no matter how convincing or urgent the situation seems.
Scammers use emotional manipulation to exploit trust and urgency. Ask them for detailed
information about their situation and look for inconsistencies in their responses. Use reverse
image search tools like Google Images to check if their profile pictures are used elsewhere
online because scammers often use stolen photos.
Do not reveal confidential information like your financial details, address, or identity
document, as this may expose you to even more exploitation.

B. Block and Report

Block the person in the platform from where you knew them to restrict communication.
Submit their account at the platform by saying they broke the terms of use and attempted to
scam you. Keep records of all conversations, messages, emails, or requests for money
because it can be used as evidence before any authority, such as the Cyber Crime Reporting
Portal, Govt. of India at https://cybercrime.gov.in, or your district police or cell for
cybercrimes.

C. Legal Provisions in India

Section 66D of the Information Technology Act, 2000: Impersonation and cheating using
computer resources can result in imprisonment along with fine.
Section 318 of Bhartiya Nyaya Sanhita, 2023: Cheating and dishonestly inducing delivery of
property can result in imprisonment along with fine.

1. Can the government use my personal data/ information without my permission?

The government’s use of your personal data or information without your explicit permission
depends on the legal framework and circumstances under which the data is being accessed or
used. In India, this is governed by the Constitution of India and specific laws that provide for
privacy regulations.

A. Constitutional Protections

Right to Privacy: Declared to be a fundamental right under Article 21 (Right to Life and
Personal Liberty) by the Supreme Court of India in the landmark Puttaswamy Judgment
(2017). All use of personal data made by the government shall conform to the principles of
legality, necessity, and proportionality and thus be subject to prior authorization by law.

B. Laws granting government access

Certain laws allow the government to access personal data for certain purposes such as
national security, public safety, or crime investigation.
For instance:
Information Technology Act, 2000: Section 69 states that the government can intercept,
monitor, or decrypt information for reasons such as national security or preventing incitement
to offenses. This requires proper authorization and oversight.
Indian Telegraph Act, 1885: Section 5(2) permits interception of communication in an
emergency or in the interest of public safety but with procedural safeguards.
Digital Personal Data Protection Act, 2023: This legislation deals with collection, storage,
and processing of personal data. It allows the government to process personal data without
consent through specific exemptions that include sovereign functions, national security, or
disaster management. It provides accountability and mandates the protection of individuals’
data.

C. Limitations for government use

The government shall use personal data only if any of the following conditions are met:
Legality: The act of data use is supported by law or a regulation.
Purpose Limitation: There has to be purpose for which the data is used, like public interest or
security.
Proportionality: Access to data should not be more than needed.
Oversight: Proper authorization and checks exist to prevent misuse.
In summary, the government can exercise personal data for a specific purpose, but such
exercise must be done strictly according to legal and procedural measures in order not to
violate privacy rights of subjects and public interest.

Banks and financial institutions typically are barred from selling information on your
creditworthiness to other parties without permission. Nevertheless, there are several scenarios
under which data sharing would be permissible or even necessary to comply with laws.
Here’s a breakdown of the legal structure surrounding data sharing by banks.

A. Legal framework controlling data sharing by banks

RBI Rules: Banks and financial institutions are obligated to keep customer information
confidential under the RBI Code of Bank’s Commitment to Customers. Sharing of sensitive
financial information is permitted only with explicit consent, except where such disclosure is
required by law or regulatory authorities.
Credit Information Companies (Regulation) Act, 2005: Banks share your credit-related
information with Credit Information Companies (CICs), like CIBIL, Experian, or Equifax,
for assessing creditworthiness. This sharing is permitted by law and does not require your
explicit consent, as it is necessary for maintaining the credit ecosystem.
Digital Personal Data Protection Act, 2023: Processing and sharing your personal data for
their purposes without obtaining consent is only permissible when done to comply with a
legal or regulatory requirement. Sharing personal data with third parties for direct marketing
or purposes that are unrelated to the account will require obtaining consent.

B. Circumstances when banks might share data

For legally required data sharing: With regulatory bodies (e.g. RBI, SEBI, or Income Tax
Department) for compliance and fraud prevention. With Credit Information Companies
(CICs) for maintaining credit scores.
With your consent**: When you give explicit consent to have your data shared with third
parties like lenders, insurers, or marketers, while undertaking loan applications and other
services.
Third-party service providers: Data shall be disclosed to vendors or service providers to
process payments for you, but even these services are controlled by tight confidentiality
agreements.

C. Prohibited Practices

Never shall a bank sell your creditworthiness or personal financial data for profit without
your consent. Unsolicited data sharing for marketing purposes or advertising is considered a
violation of privacy acts.

D. Your Rights

Right to Information: According to the Digital Personal Data Protection Act, 2023 (DPDP
Act), you can ask banks for information about how your data is being used and shared.
Right to Opt-Out: You have the right to withdraw consent to data sharing which is not
mandated by law.
Right to file complaint: If you suspect misuse of your data, you can approach the bank’s
grievance redressal system, Banking Ombudsman or Data Protection Board under the DPDP
Act.

2. Is it mandatory to accept the terms and conditions of an application/ platform
specifically if you don’t agree with their privacy policy in order to use the
application/ platform?

No, you are not required to accept the terms and conditions of an application or platform if
you do not agree with their privacy policy; however, refusal to accept these terms may result
in being unable to use the application or platform.

A. Consent under DPDP Act

Under laws like the Digital Personal Data Protection Act, 2023 (DPDP Act), in India, consent
is a fundamental requirement for processing personal data. Consent must be given voluntarily
without coercion. Forcing users to accept terms they disagree with could be considered
coercive under these laws.

B. The real scenario

Most applications and platforms require users to accept their Terms of Service and Privacy
Policy before granting access. These terms are a binding legal agreement between the user
and the service provider. If you don’t agree to their terms, including their privacy policy, then
the service has the right to deny you access because, in effect, you are refusing to enter into
the legal agreement they require.

C. What can you do if you disagree?
Request limited consent: Some services let you opt out of certain data-sharing practices and
still use their services.
Use alternative services: Seek services whose privacy policies align with your preferences.

File complaints: If the terms violate privacy laws, you can report the service to regulatory
authorities (e.g., Data Protection Board in India).

D. Legal Context in India

Under the DPDP Act, 2023, the data processing has to be done lawfully, fairly, and in a
transparent manner. The Act reiterates that consent must be free, informed, specific, and
unambiguous. If the policy of a platform forces you to agree to data collection which is not
required for the service provided, then that can be challenged as a violation of your rights.

Cookies are small text files placed on your device (computer, smartphone, or tablet) by
websites you visit. They track, store, and retrieve information about your browsing activity to
improve user experience, deliver content personalized to your needs, or analyse website
performance.

A. Types of Cookies

i. Session Cookies: Temporary cookies that are deleted when you close your browser.
ii. Persistent Cookies: They stay on your device for a specified period or until manually
deleted.
iii. First-Party Cookies: They are set directly by the website you are visiting.
iv. Third-Party Cookies: They are set by entities other than the website you are visiting, such
as advertisers or analytics providers, embedded on the website.

B. Essential vs. Non-Essential Cookies

C. Implications of Accepting Cookies

Advantages:

Saved preferences and relevant recommendations.
Smooth transition to websites depending on cookies to work properly, e.g. online shopping
stores.

Disadvantages:

Cookie may raise concern over data privacy as your surf activities may be monitored.
Higher risks of targeted advertisements or profiling for third-party advertisement providers.

D. Implications of Rejecting Cookies

Benefits:

Better privacy and control over personal data.
Reduced risk of behavioural profiling or unauthorized tracking.

Drawbacks:

Websites may not function correctly, particularly those relying on essential cookies.
Repeated prompts to configure cookie preferences during each visit.

To protect sensitive information when employees use their personal devices, commonly
known as Bring Your Own Device or BYOD, a combination of technical, procedural, and
policy measures should be adopted by organizations. The following are the key steps:

A. Implement a BYOD Policy

Create and communicate a comprehensive BYOD policy that outlines acceptable use, data
security protocols, and employee responsibilities. Obtain employee consent to adhere to the
policy, especially regarding monitoring or remote access in case of a security breach.

B. Use Mobile Device Management (MDM) Solutions

Install MDM software to enforce security policies, control app installations, and remotely
wipe corporate data if the device is lost or stolen. Use software to separate personal and
corporate data on the same device, ensuring company data is isolated and secure.

C. Enforce strong authentication

Require Multi-Factor Authentication (MFA) for accessing sensitive systems or data.

D. Encrypt sensitive data

All data held on employee-owned devices and computers must be encrypted both when
stored and while in transit. Use safe, secure, and encrypted virtual private networks for
remote access to company networks. Restrict access to data based on employee roles and
functions. Employees should have access only to the data and systems necessary for their job.

E. Install security software

Ensure that antivirus and anti-malware software is installed on all personal devices used for
work. Prevent unauthorized access through firewalls. Educate employees about the risks
associated with using personal devices for work, such as phishing, malware, and unsecured
Wi-Fi. Encourage vigilance over suspicious links, emails, or messages.

F. Comply with Data Protection Laws

Ensure that BYOD practices comply with relevant privacy and data protection regulations,
such as the Digital Personal Data Protection Act, 2023, in India.
Organizations can therefore strengthen their safeguarding of sensitive information while
granting workers the freedom to use personal devices by adopting an effective combination
of policies, tools, and employee training. It further enhances security, reduces data breach
risks, and minimizes breaches of regulations.

If someone has already registered your name as a domain and is selling it at an unreasonably
high price, it might be a case of cybersquatting (the practice of registering, trafficking in, or
using a domain name with bad faith intent to profit from another’s name, trademark, or
brand).

A. Determine if the domain violates your rights

If the domain contains your name, brand, or trademark, and it is being misused, it could
constitute cybersquatting. Assess whether the domain name is being used in bad faith, e.g., to
mislead users, harm your reputation, or extort money.

B. Attempt an amicable resolution

Use the WHOIS lookup tool (if the information is public) or the registrar’s contact system to
reach out to the domain owner. Politely negotiate for a reasonable price without admitting
any rights over the domain. If the owner demands an exorbitant price, document all
communications for future legal action.

C. Legal recourse options

File a complaint under the Uniform Domain Name Dispute Resolution Policy (UDRP): If the
domain infringes your trademark or was registered in bad faith, you may file a complaint
with one of the following accredited dispute resolution service providers: WIPO (World
Intellectual Property Organization), and National Internet Exchange of India (NIXI) for “.in”
domains.
To prevail, you must demonstrate:
i. The domain name is either identical or confusingly similar to your trademark or name.
ii. The registrant has no rights or legitimate interests in the domain.
iii. The domain name was registered and is being used in bad faith.

D. Legal Action under Indian Law:

Trade Marks Act, 1999: If you own a trademark of your name, you can bring an action under
this act for infringement. Remedies may include transfer of the domain and damages.
Information Technology Act, 2000: In case the domain is misused for fraudulent purposes or
harms your reputation, you can file legal action for a misuse of personal data or identity.

Report to ICANN: You can file a complaint if the domain owner has violated ICANN
policies. This will not help resolve ownership disputes but may bring out policy breaches.

If you find a domain that is similar to your brand, it should be protected straight away as
there may be confusion or potential damage to your business.

A. Determine the similarity:

Determine if the domain name identical or confusingly similar to your trademark or brand.
Determine if it contains and conducts activity which would potentially deceive consumers,
harm your brand reputation or weaken your brand.
Check out the domain for content in order to ascertain if it is currently being used, or whether
it is parked, i.e., has only a placeholder page with no meaningful content. If the domain is
used for a completely unrelated purpose or for commercial gain, it might be infringing upon
your trademark rights.

B. Confirm your trademark or brand rights

If you have a registered trademark for your brand name, you have stronger legal grounds to
claim the domain. Even if not, your business may still retain common law rights, depending
on how long you’ve used the name in commerce and built-up recognition. Consider whether
the domain owner’s use of the name would cause a likelihood of confusion with consumers
or otherwise harm your brand’s reputation.

C. Contact the domain owner

Try to obtain contact information of the domain registrant using the WHOIS lookup tool (if it
is available). Make a formal request to the owner of the domain in order to discuss the
transfer or even amicably resolve the problem. Request them to desist from using the domain
name, if it creates confusion with your brand or trademark.
If the domain is available for sale, you can negotiate with the domain holder to make a fair
deal to purchase it. Use safe payment services such as an escrow service (such as
https://www.escrow.com/) to make the transaction secure for both parties.

D. Initiate legal proceeding

UDRP Complaint – Uniform Domain Name Dispute Resolution Policy: If the domain name is
held in bad faith by someone and causes confusion over your trademark or brand, you may
file a complaint under UDRP if the domain is registered under the generic top-level domains
like .com, .net.
You must prove:
i. The domain name is identical or confusingly similar to your trademark.
ii. The domain registrant has no legitimate rights or interests in the domain.
iii. The domain was registered and is being used in bad faith.
UDRP procedures are usually quicker and more cost-effective than court litigation.

E. Legal action in court

If UDRP does not work or if the domain is registered under a country-specific top-level
domain (like .in, .io etc.), you may need to file a trademark infringement lawsuit in court.
Indian Law: You can approach the court by filing an application under the Trade Marks Act,
1999, in case your trademark rights are infringed by the domain name.
ICANN Complaint: If the domain is in violation of ICANN Policies (for example, using a
domain to host illegal activities), you can submit a complaint to ICANN, but this usually does
not resolve disputes over ownership.

Whether a domain name incorporating a trademark is legal or illegal will depend upon the
circumstances under which the name was acquired, as well as its use.

A. Trademark Infringement:

You purchase a domain name that features someone else’s registered trademark. However,
you put up a website that, due to similar naming, tends to confuse potential visitors to that
website who might be confused as to which entity the website is associated with, it can be
deemed trademark infringement.
Infringement may arise in the following circumstances:

Bad Faith Registration: If the domain is registered with the intention of making a profit from
the goodwill of the trademark, or to sell it to the trademark owner at a higher price, which is
considered cybersquatting.
Trademark Dilution: When the domain name likely to cause consumer confusion concerning
the source, sponsorship, affiliation, or reputation of the trademark owner, this would be a
basis for determining that the registration infringes.
Use a famous brand name in a domain name which will cause customers to believe that your
site is somehow associated with the brand in question.

B. Sometimes using a trademark in a domain name can be legal:

Fair Use: Where the trademark is used descriptively or nominatively and where the site will
not cause confusion to the business of the trademark owner, it is considered acceptable. An
example could be where a legitimate commentary or review of a brand is done on a site.
Non-commercial or parody uses: The use of a trademark in non-commercial activities such as
personal blogs or parody sites may be covered by the provisions of freedom of speech or fair
use doctrines, depending upon the country or jurisdiction.

C. Cybersquatting and Uniform Domain Name Dispute

Resolution Policy (UDRP):
Cybersquatting occurs when a domain is registered with the intention of profiting from the
trademark owner’s goodwill. For instance, buying a domain similar to a well-known brand
for the purpose of selling it to that brand at a profit may attract legal action. Trademark
owners can file a complaint under the UDRP for generic top-level domains such as .com, .net
etc., to recover domain names that they believe were registered in bad faith.
It is not illegal to purchase a domain with a trademark if you have the trademark owner’s
permission, or if the domain does not infringe on the trademark owner’s rights (for example,
there would be no confusion caused, or it falls within fair use). However, purchasing a
domain that includes a trademark without a legitimate reason or using it in bad faith can lead
to legal consequences, including the loss of the domain or a lawsuit. Always verify the
trademark status and seek legal advice before purchasing such a domain.

Receiving an email that seems to be from your bank asking you to click a link to verify your
account might be a phishing attempt. Here are some steps you can take to determine whether
the email is legitimate or a scam:

A. Verify the email address
Observe the sender’s email address carefully. Though the display name may resemble one
from your bank, the email address could be slightly off or use a domain that does not sound
trustworthy. It might look something like this: “[email protected]”
rather than something directly from your trusted domain: “yourbank.com.”

B. Check the link
Roll over the link in the email without clicking. This will display the actual URL where the
link will take you. If it looks strange or doesn’t resemble the bank’s site, it is probably
something to be cautious of, like “yoursecure-banklogin.com”. If the link leads to a login
page, ensure that it begins with “https://”, denoting a secure connection, and find a padlock
symbol in the address bar.

C. Check for vague language
A valid bank email will usually greet you by your full name. Be wary if the email uses a
generic salutation such as “Dear Customer” or “Dear User”. Scammers will try to create a
sense of urgency, such as saying your account will be locked or suspended unless you verify
your details immediately. Banks do not usually work this way, so if the message contains
threats, it is likely a scam.

D. Look for spelling and grammar errors

Legitimate messages from banks are usually well-written, free of spelling or grammatical
errors. Many phishing messages contain spelling or grammatical mistakes, use unusual
punctuation, or awkward word choices.

E. Report the email to your bank

If you are suspecting spam, forward your email to the fraud or security department of the
bank. Nowadays, most banking institutions have specially allocated email ids to report spam,
such as “[email protected]”, among others.

F. What to do if you have already clicked the link

If you’ve already clicked the link or entered personal information, here are some immediate
steps:
Change your bank account password: Immediately log into your bank account and change
your password.
Two-Factor Authentication (2FA): If available, enable 2FA to secure your account.
Monitor your bank statements: Regularly check for any unauthorized transactions.
Notify your bank: Call your bank’s fraud department and report the issue so that they can
watch for fraudulent activity on your account.

If you have experienced unauthorized debit activity on your bank account following a visit to
some website, you should act fast to minimize possible damage to your finances.

A. Contact your bank immediately

Call your bank’s customer service or fraud department right away to report the unauthorized
transactions. Most banks have a dedicated fraud helpline. Provide them with details about the
transactions, such as the amounts, dates, and any suspicious activity you’ve noticed. Ask the
bank to temporarily freeze or lock your account to prevent further unauthorized transactions.
Request a detailed transaction history to help identify all potentially fraudulent activity on
your account. Initiate a formal dispute with the bank for the unauthorized charges. The bank
may reverse the charges if you report the fraud promptly.

B. Change your online banking credentials

Change your online banking password and make it strong, with a mix of letters, numbers, and
symbols. Avoid using the same passwords on other websites. If your bank supports 2FA then
monitor your account for any new unauthorized transactions. Set up account activity alerts if

your bank has that service. Monitor your bank statements and online banking portal regularly
for further suspicious activities.

C. Report the website

Determine if the website you visited is legitimate or a phishing site. Check the website’s
URL, look for any unusual characters, and ensure it uses “https://” (the ‘s’ indicates a secure
connection). If you suspect malware or phishing attacks, make a complete scan of your
device using updated antivirus or anti-malware software and eliminate any threats. If the
website is indeed fraudulent or harmful, you should report it to the appropriate authorities
(e.g., the Cyber Crime Cell in India).
Consumer protection agencies in certain countries can help in cases of financial fraud, such
as the National Consumer Helpline in India.
If your bank account number or other personal information has been compromised, contact
credit rating agencies (e.g., CIBIL in India, Equifax or Experian internationally) to place a
fraud alert or credit freeze on your account. This will help prevent identity theft or opening
new accounts in your name.

If you spot unauthorized cryptocurrency-related activity, then act fast to avoid loss of further
effects and safekeeping of your assets.

A. Change wallet and change passwords:

If you suspect unauthorized access to your cryptocurrency wallet or exchange account,
change the passwords right away. Be sure that the password is difficult enough that it is a
combination of upper and lower-case letters, numbers, and special characters. Enable 2FA in
your accounts holding cryptocurrencies. This is a second form of verification, in addition to
your password, such as an SMS code or an authentication app. If you are using API keys for
trading, make sure to revoke the same immediately and replace them with new ones.

B. Monitoring your transactions

Examine the transaction history in your wallet or exchange account to identify any
unauthorized transfers. Check for any unusual or unknown activity, such as transactions to
unfamiliar addresses. Use a blockchain explorer (like Etherscan, Blockchain.com, or

Blockchair) to follow the destination of these unauthorized transactions. This might give you
some idea of where your funds are going.

C. Report the activity

If the unauthorized activity involves an exchange (like Binance, Coinbase, etc.), reach out to
their customer support right away. Give them all the details of the suspicious activity and ask
for an investigation or freeze of your account so that no further withdrawals can be made.
In case of severe theft or fraud, report the matter to the cybercrime authorities of your
country. You can file a complaint with the Cyber Crime Cell in India on the
cybercrime.gov.in portal.

Cryptojacking is a form of cybercrime whereby a website or malware uses your device’s
processing power to mine cryptocurrency without your consent. It can be difficult to identify
websites that may engage in cryptojacking, but here are some signs and steps you can take to
protect yourself:

A. Monitor system performance and usage

In case your main computer or device slows drastically in performance (due to a loud fan,
slowing processing speeds) while on a particular website, it is a sign of cryptojacking.
Cryptojacking scripts are using the resources within your CPU to mine their cryptocurrency.
Generally, this leads to high CPU usage.
The overheating of your device is also another effect of an extended period of CPU usage.
This means that when you visit a particular website, and your device starts to feel unusually
hot, it may indicate cryptojacking.
If your mobile’s battery is rapidly draining while accessing a particular website, this is yet
another indication of a running background cryptojacking script.

B. Check for unusual network activity

If your internet data usage suddenly spikes while visiting a website, it could be a sign that
malicious scripts are running on the page. Cryptojacking requires constant communication
with mining servers, which can use up a lot of data.

Another source of slow internet connection could be websites using your device’s resources
to mine cryptocurrency; the mining script consumes network bandwidth.

C. Install anti-cryptojacking browser extensions

Apply some browser extensions; these include, No Coin, MinerBlock and AdBlock Plus with
cryptojacking blocking. They will immediately identify and automatically block
cryptojacking scripts to ensure that scripts do not load on your system.

D. Examine site code and resource

Some websites contain cryptocurrency mining scripts such as Coinhive – which has mostly
been shut down but may have been replaced with similar services. To examine the code:
Right-click on the webpage and open Inspect or View Page Source based on the browser.
Search for keywords such as “coinhive”, “cryptominer” or “js”, which indicates it is a script
using JavaScript mining.

E. Run website scanners and security tools

Scan your device with a reputable antivirus program to find any malware running
cryptojacking scripts. Some antivirus software has detection of cryptojacking as part of their
real-time protection.
Use tools such as Web of Trust (WOT) or VirusTotal, as they can check a website’s
reputation. These services are able to check websites that are known to host malicious
content, including cryptojacking scripts.

F. Be aware of ads or pop-ups

Sometimes, cryptojacking is caused by malicious ads or pop-ups on websites. The ads could
be loading hidden scripts that mine cryptocurrency without your permission. Be cautious of
websites with aggressive pop-ups or ads.
Install a blocking ad blocker like uBlock Origin or AdBlock Plus that will block malicious
ads that could contain cryptojacking scripts.
Cryptojacking can be very hard to detect, but staying vigilant, using security tools, and
monitoring your device’s performance will help minimize the risk of falling victim to this
type of cybercrime. Be cautious about the websites you visit, regularly update your software,

and use browser extensions and antivirus programs to help identify and block cryptojacking
scripts.

In India, victims of data breaches have several legal recourse options available to them to
seek redress and protection of their rights.

Under the Information Technology Act, 2000,
Compensation for Failure to Protect Data: Section 43A provides for compensation to
be paid by a body corporate to a person affected by its failure to implement
reasonable security measures resulting in unauthorized access to sensitive personal
data or information.

Punishment for Disclosure of Information in Breach of Law: Section 72A imposes
penalties for disclosure of information in breach of lawful contracts, resulting in
wrongful loss or gain to any person. It applies to individuals who have access to
sensitive personal data or information in the course of providing services under lawful
contracts.

Under the Information Technology (Reasonable Security Practices and Procedures and
Sensitive Personal Data or Information) Rules, 2011, Rule 5 requires that prior to the
collection of sensitive personal data, the body corporate must obtain consent, either in writing
or through fax regarding the purpose of usage before collection of such information.

Civil Remedies – Victims of data breaches may have the right to claim damages under civil
law for losses suffered as a result of the breach. This may include financial losses, identity
theft, reputational damage, and other harms caused by the unauthorized access to their
personal data.

Regulatory Authorities – Once established, victims can file complaints with regulatory bodies
including the Data Protection Authority of India (DPAI) and the Indian Computer Emergency
Response Team (CERT-In). These agencies have the authority to examine the data breach
and take the necessary punitive measures against the parties involved.

Law enforcement agencies may receive criminal complaints from victims against the people
or organizations who caused the data breach. Under the pertinent provisions of the IT Act or
other applicable legislation, law enforcement officials may look into the situation and start
criminal actions.

Victims of data breaches in India have various legal recourse options available to them under
the Information Technology Act, 2000, and related rules and regulations. These include
compensation under Section 43A, penalties under Section 72A, civil remedies, complaints to
regulatory authorities, filing criminal complaints, and seeking redress through consumer
forums or courts. The legal framework aims to protect the rights of individuals whose
personal data is compromised in data breaches and hold accountable entities responsible for
failing to implement adequate security measures.

Various provisions under Indian law address the dissemination of false information and the
misuse of digital platforms.

Under the Information Technology Act, 2000, Section 66D deals with the punishment for
cheating by impersonation using a computer resource. The punishment for this offense is
imprisonment and a fine. Examples of this offense include creating a fake Facebook profile,
unauthorized access to another person’s account, or hacking someone’s income tax account.

Under the Information Technology Act, 2000, Section 69A gives the Central Government the
power to block public access to information on computer resources. If it is necessary or
feasible to do so in the interest of India’s sovereignty and integrity, defence, security, friendly
relations with other states, public order, or to prevent incitement to commit any crime related
to the aforementioned, the government may order any government agency or intermediary to
block public access to any information generated, transmitted, received, stored, or hosted in
any computer resource.

Under the Bharatiya Nyaya Sanhita, 2023, Section 353 deals with statements that lead to
public mischief. It states that anyone who makes, publishes, or circulates a statement,
rumour, false information, or report with the intent to cause public fear or alarm is punishable
with imprisonment, fine, or both. 

Under the Bharatiya Nyaya Sanhita, 2023, Section 356 deals with defamation. It states that
any spoken or written words, signs, or visible representations that are published to harm a
person’s reputation is considered defamation. Defamation can also apply to deceased people,
companies, or groups if it negatively impacts their reputation or hurts their close
relations. The punishment for defamation under Section 356 is simple imprisonment, a fine,
or both.

How can I protect myself from identity theft online?

 Use strong passwords: Use a strong password or secret security PIN and change it
regularly.
 Avoid suspicious websites: Stay away from suspicious websites and links.
 Do not share personal information: Never give your personal information to anyone.
 Protect your documents: Keep your documents and important data safe.
 Use a firewall: Use an authorized security firewall to protect your electronic devices
from being hacked.
 Limit exposure of personal information: Limit the exposure of your credit cards and
other personal information cards.
 Check your credit: Get a free weekly copy of your credit report from all three credit
bureaus.
 Monitor your credit card account: Monitor your credit card account and all
transactions.
 Enable two-factor authentication: Enable two-factor authentication (2FA) for your
online accounts.
 Check your bank statements: Regularly check your online bank and credit card
accounts.
 Report the fraud: File an FIR and report the incident to the cyber cell
If you are a victim of identity theft, you can: 
 File a police report at the fraud department of your local police station 

 Report the incident to the cyber cell

Under the Information Technology Act, 2000, Section 66D, phishing involves fraudulent
schemes designed to obtain sensitive information from individuals, such as passwords and
banking details. The legal provision imposes a penalty of imprisonment or a fine or both. 
Under the Information Technology Act, 2000, Section 43, whoever, without the permission
of the person in charge of the computer system, accesses, downloads any data, introduces a
computer virus, or causes denial of access will be liable to pay penalty.

1. How to recover my stolen data?

If your data has been stolen in India, you can take legal action under the Information
Technology Act, 2000 (IT Act), and related laws. Some of the options available to you
include: 
 Filing a complaint: You can file a complaint with regulatory authorities or consumer
forums.
 Initiating legal proceedings: You can initiate legal proceedings against the entities
responsible for the data breach.
 Seeking compensation: You can seek compensation under Section 43A of the IT Act.
 Seeking penalties: You can seek penalties under Section 72A of the IT Act
How to secure my personal information after an online fraud?
Some steps you can take to secure your personal information after an online fraud in India:
 Report the incident: You can report financial fraud through the National Cyber Crime
Reporting Portal.
 Use strong passwords: Use unique and strong passwords for each of your online
accounts. 
 Enable multi-factor authentication: This adds an extra layer of security by requiring
you to enter a code or OTP in addition to your password. 

 Use a secure internet connection: Use a VPN (Virtual Private Network) to encrypt all
traffic before it reaches your device. 
 Be cautious of suspicious links: Don’t share personal information or click on
suspicious links in unsolicited calls, texts, or emails. 
 Verify sender authenticity: Double-check sender information before responding to
messages.
 Prioritize secure websites: Look for the “https://” prefix and a padlock symbol to
identify secure websites.
 Be prudent in online deals and investments: Avoid deals or investment opportunities
that promise unrealistically high returns. 
 Stay informed and educate others: Share knowledge about prevalent scams with
friends and family. 
 Monitor your accounts regularly: Keep a close eye on your financial statements and
report any discrepancies or suspicious activities to your bank or financial institution. 
 Get banking alerts: Sign up for banking alerts so your bank can contact you when
specific activity occurs on your accounts.

Cyberstalking, like stalking, is designed to intimidate, harass, and disgrace, but it uses
technology. Cyber stalkers employ a variety of technologies, including social media, email,
instant messaging (text and SMS), computers, mobile devices, and Internet information.

 Search your name online: Conduct a search of your full name along with your city
and state using Google or your preferred search engine. This can reveal any publicly
available information about you online. It’s a useful step to identify potential privacy
risks and make adjustments to your online privacy settings.
 Monitor your credit report: Regularly check your credit report to stay informed about
your financial activity. You are entitled to a free credit report annually from the three
major credit reporting agencies: Equifax, Experian, and TransUnion. Additionally,

free credit monitoring services like Credit Karma can provide alerts for any changes
or activities in your credit report.
 Avoid accepting friend requests from strangers: Apply the same caution online as you
would in person. Only accept friend requests from people you’ve met and trust.
 Update your social media profile: Use neutral profile names that do not reveal your
gender or age. Inform your friends and family not to share your personal information
with others.
 Review social media privacy settings: Adjust settings to limit what others can do,
such as restricting posts on your wall to friends only. Disable facial recognition
features to avoid automatic tagging in photos. Additionally, turn off location services
to protect your whereabouts.
 Change passwords regularly: Update your passwords periodically, such as monthly or
quarterly. Use memorable phrases or browser-generated passwords and document
them securely. Enable two-factor authentication (2FA) for extra security; this ensures
you’ll be alerted to unauthorized login attempts.
 Secure your devices: Protect your computer and mobile devices by avoiding public
Wi-Fi for transactions involving sensitive information. Instead, use a secure private
network or a virtual private network (VPN).
 Install and update anti-virus software: Use reputable anti-virus and anti-spyware
programs to scan your devices regularly and safeguard against malicious attacks.
Keep the software updated to enhance protection.
 Cover your webcam: Prevent unauthorized access by covering your webcam when it
is not in use.
 Exercise caution with emails: Avoid opening attachments or clicking on links from
unknown or untrusted sources to reduce the risk of phishing or malware attacks.
 Be mindful of online posts: Limit the amount of personal information you share
online. Avoid posting details like your home address, phone number, or frequent
hangout spots, as this information could be exploited by malicious actors

If you have fallen victim to a fraudulent transaction in India, prompt action is crucial to
enhance the chances of recovering your funds. Here’s a structured approach to assist you:

A. Immediate Steps:

 Contact Your Bank Immediately: Notify your bank or financial institution about the
unauthorized transaction as soon as possible. Prompt reporting can help in freezing
the transaction and preventing further unauthorized access. According to the Reserve
Bank of India (RBI), if the fraudulent transaction is reported promptly, the customer’s
liability may be limited.
 Report to the National Cyber Crime Reporting Portal: File a complaint through the
National Cyber Crime Reporting Portal. This platform allows victims to report
financial frauds, initiating investigations to recover lost funds and prevent further
fraudulent activities.

B. Legal Procedures:

 File a Police Report: Visit your local police station to file a First Information Report
(FIR). A police report is often required by banks and insurance companies to process
claims related to fraud.

C. Follow-Up Actions:

 Monitor Account Statements: Regularly review your bank and credit card statements
for any unauthorized transactions. Early detection can prevent further losses.
 Update Security Measures: Change your account passwords and enable two-factor
authentication to enhance security

D. Utilize Support Services:

 Cyber Crime Helpline: Dial 1930 to report financial cyber frauds. This helpline
provides assistance and guidance on the steps to take following a cyber fraud incident.
 Legal Services Authorities: Utilize state and district legal services authorities and Lok
Adalat’s for support in reclaiming your money. They can assist in legal proceedings
and dispute resolution.

E. Prevention Measures:

 Stay Informed: Educate yourself about common fraud schemes to recognize and avoid
potential scams.
 Be Cautious with Personal Information: Avoid sharing sensitive information like
passwords, PINs, or OTPs with anyone.

What is two-factor authentication and how do I enable it?

Two-factor authentication (2FA) is a security process that requires two forms of
identification to access a resource or data. It’s a type of multi-factor authentication (MFA)
that uses two authentication factors, such as something you know (like a password) and
something you have (like a smartphone app). 

Here’s how 2FA works
The user logs in with their username and password.
The authentication server validates the password.
If the password is correct, the user is prompted for the second factor.
The authentication server sends a unique code to the user’s second factor.
The user confirms their identity by providing the second factor.
2FA helps protect users’ identities and devices from cybercriminals. It’s also a vital tool for
businesses to protect their data and networks.

In India, individuals concerned about whether their personal information was part of a data
breach can follow these steps according to applicable laws and best practices:

A. Check notifications by data fiduciaries

 Data Protection Framework: Under the Digital Personal Data Protection Act, 2023
(DPDPA), organizations classified as “data fiduciaries” are required to notify the Data
Protection Board of India and affected individuals in the event of a significant
personal data breach.

 Look for communications (emails, SMS, or letters) from companies or services where
your data might be stored. Companies often notify affected individuals after
discovering a breach.

B. Monitor CERT-In Alerts

 Role of CERT-In: The Indian Computer Emergency Response Team (CERT-In) is the
national nodal agency for handling cybersecurity incidents. It regularly publishes
alerts and advisories about data breaches.
 What to Do: Visit the CERT-In website (cert-in.org.in) to check for recent breach
notifications.

C. Verify Using Online Tools

 Global Tools: Platforms like Have I Been Pwned (https://haveibeenpwned.com/)
allow users to check if their email addresses or phone numbers have been
compromised in a data breach.
 Note on Legality: While these tools are not specific to Indian law, they are widely
recognized and often used globally.

D. Contact the Data Protection Officer (DPO)

 DPO Role Under DPDPA: Organizations that process significant volumes of personal
data are required to appoint a Data Protection Officer (DPO). You can request
information about a breach directly from the DPO.
 What to Do: Reach out to the company’s DPO through the contact information
typically provided in their privacy policy or website.

E. File a Grievance

 Under DPDPA: You can file a grievance with the data fiduciary, and if unsatisfied,
escalate it to the Data Protection Board of India.
 Procedure: Submit your complaint in writing or via email to the concerned
organization.

F. Legal Recourse

 Consumer Protection Act, 2019: If you believe the data breach caused you financial
or reputational harm, you can file a complaint in a consumer forum for negligence in
data protection.
 Information Technology Act, 2000: Section 43A and Section 72A of the Information
Technology Act, 2000, penalize negligence and disclosure of personal information
without consent.

G. Proactive Measures

 Regularly update passwords for online accounts.
 Enable two-factor authentication (2FA).
 Monitor your financial transactions and credit reports for unusual activity

Protecting your online business from cybercrime requires implementing robust cybersecurity
measures and fostering cyber hygiene practices. Here are key steps drawn from best practices
for individuals, families, and organizations:

A. Secure Online Presence and Data

 Use Strong Passwords and Multi-Factor Authentication (MFA): Protect business
accounts with complex passwords and enable MFA for an added layer of security.
 Regularly Update Software: Ensure all software, operating systems, and applications
are updated with the latest security patches to mitigate vulnerabilities.
 Install Antivirus and Anti-Malware Software: Use trusted software to detect and
prevent malicious activities on business systems.

B. Protect Business Systems and Devices

 Restrict Access: Limit access to sensitive business systems and data based on role
requirements.
 Set Secure Browsing Practices: Conduct transactions on secure, private networks,
avoiding public Wi-Fi for business activities.

 Encrypt Sensitive Data: Use encryption tools to protect customer data, payment
information, and proprietary business data.

C. Monitor Online Activities

 Educate Employees: Train staff to recognize phishing emails, malicious links, and
suspicious attachments. Encourage them to avoid clicking on unknown links or
downloading unverified files.
 Implement Parental Control Software (if applicable): Businesses with child-focused
content should ensure appropriate filters and controls are in place.
 Monitor Business Accounts: Regularly review account activity for unauthorized
access or changes.

D. Establish Privacy and Security Policies

 Draft Clear Guidelines: Define acceptable use policies for electronic devices and
online interactions within the business.
 Control Device Usage: Limit the use of personal devices for work-related tasks and
secure all devices with passwords or biometric authentication.
 Handle Obscene Content Appropriately: Have protocols for dealing with
inappropriate content under laws like Sections 67 and 67A of the IT Act, 2000.

E. Cyber Hygiene Practices

 Disable Unnecessary Features: Turn off location tracking and unnecessary
permissions on business devices and applications.
 Secure Communication Channels: Use encrypted communication platforms for
internal and external communications.
 Log Out After Use: Ensure employees log out of business accounts after use,
especially on shared devices.

F. Respond to Cyber Incidents

 Develop an Incident Response Plan: Prepare to handle data breaches, ransomware
attacks, or other cyber threats effectively.

 Report Cybercrimes: Utilize platforms like the National Cyber Crime Reporting
Portal to report incidents promptly.
 Retain Evidence Securely: In case of a cybercrime, ensure that evidence is preserved
for investigation purposes.

G. Raise Awareness

 Conduct Regular Training: Keep yourself and employees informed about evolving
cyber threats and mitigation techniques.
 Promote Responsible Digital Behavior: Reinforce the importance of ethical and
secure practices in online interactions.
By combining these proactive measures, businesses can create a secure environment that
minimizes the risk of cybercrimes and protects valuable assets.

If your social media account has been hacked, follow these steps to secure it and prevent
further damage:

A. Act quickly

 Log out of all sessions: If you can still access your account, log out of all active
sessions on all devices.
 Change password immediately: Use a strong, unique password that combines letters,
numbers, and special characters.

B. Recover access

 Use Account Recovery Tools:
o Go to the platform’s login page and click on “Forgot Password.”
o Follow the instructions to reset your password.
 Contact support: If you ca not recover your account, contact the platform’s support
team. Provide any requested information to verify your identity.

C. Secure linked accounts

 Check connected accounts: If your hacked account was linked to email or other
platforms, ensure those accounts are secure by changing their passwords.
 Enable Two-Factor Authentication (2FA): Add an extra layer of security to prevent
future hacking.

D. Notify friends/ followers

 Warn your network: Inform them that your account was hacked and advise them to
ignore any suspicious messages or posts.

E. Scan for malware

 Check your devices: Run a comprehensive malware and virus scan to ensure no
keylogger or spyware caused the breach.

F. Monitor for unusual activity

 Keep an eye on your account: Watch for unauthorized posts, messages, or account
changes.
 Check privacy settings: Review and update your privacy settings to restrict access.

G. Report the hack

 Report to the platform: Social media platforms usually have a “Report a hacked
account” option in their help centre.
 Notify authorities: If the hack leads to financial loss or identity theft, file a report with
local authorities or a cybercrime cell.

H. Stay vigilant in the future

 Avoid clicking unknown links: Be cautious with links in emails, messages, or ads.
 Use unique passwords for each account: Avoid reusing passwords across multiple
platforms.
 Regularly update passwords: Change them periodically to reduce risk.

Spotting an online scam can save you from financial loss, identity theft, and other negative
consequences. Here are key signs to identify if you might be falling victim to an online scam:

A. Unsolicited contact

 Unexpected messages: Receiving emails, texts, or social media messages from
unknown individuals or organizations.
 Urgent or threatening language: Claims like “Act now or lose access” or “Your
account will be suspended.”
 Offers too good to be true: Promises of large sums of money, lottery winnings, or
exclusive deals without any effort on your part.

B. Request for personal information

 Sensitive data: Asking for your bank details, passwords, Social Security Number, or
credit card information.
 Verification requests: Posing as a trusted organization (e.g., your bank or government
agency) and requesting you to “verify” your details.

C. Payment requests

 Unusual payment methods: Asking for payment through gift cards, cryptocurrency,
wire transfers, or prepaid debit cards.
 Advance fee scams: Requiring a payment upfront for a service, loan, or reward.

D. Suspicious links or attachments

 Misspelled URLs: Links that look similar to legitimate websites but have slight
differences in spelling.
 Malicious attachments: Files with strange extensions (.exe, .scr) in unsolicited emails.

E. Pressure to act quickly

 Sense of urgency: Claims that you must act immediately to avoid losing money,
access, or opportunities.
 No time for verification: Attempts to discourage you from thinking or verifying the
information.

F. Lack of professionalism

 Poor grammar or spelling errors: Emails or messages full of typos or grammatical
mistakes.
 Unusual communication styles: Lack of official branding, unprofessional tone, or
irrelevant details.

G. Unverified or impersonated sources

 Impersonating trusted entities: Fake emails or calls pretending to be from banks, tech
support, or well-known companies.
 No contact details or fake details: Legitimate businesses usually have clear, verifiable
contact information.

H. Overemphasis on secrecy

 “Don’t Tell Anyone” Requests: Scammers might ask you to keep the deal confidential
to avoid being exposed.

I. Reviews or feedback

 Search online: Look for reviews or scam alerts about the person, email, or company.
 Complaints from others: A history of negative experiences or reports can be a red
flag.

J. Scenarios common in scams

 Phishing Scams: Fake emails or websites mimicking legitimate companies to steal
login credentials.
 Romance Scams: People feigning romantic interest to request money.
 Tech Support Scams: Calls or pop-ups claiming your computer is infected and
offering “help” for a fee.
 Job Offer Scams: Fake job postings requiring upfront payment for training or tools.

If you unknowingly used copyrighted content online, it’s important to address the
situation responsibly to minimize potential legal or reputational consequences.

First, assess the situation by identifying the content in question, such as images,
videos, text, or music. Confirm that the content is indeed copyrighted and not in the
public domain or under a permissive license (e.g., Creative Commons).

Next, take immediate action by removing the copyrighted material from your
platform (e.g., website, social media, YouTube). Replace it with something original,
licensed, or freely available.

If necessary, consider reaching out to the copyright owner to apologize, explain the
situation, and request permission to use the content, potentially by paying a licensing
fee or adhering to their terms.

Check for any legal consequences, such as receiving a cease-and-desist letter. If you
do, comply by immediately removing the infringing content. Also, assess if your use
qualifies as fair use, as this may be applicable in certain cases (e.g., for criticism,
commentary, research, or parody). Fair use is subject to interpretation and varies by
jurisdiction.

If the content has been widely distributed, mitigate any damage by making a public
acknowledgment of the mistake and your corrective actions. If you earned money
from using the copyrighted content, be prepared to discuss compensation with the
copyright holder.

Educate yourself by learning about copyright laws in your country to avoid future
issues. Make it a habit to source content from reputable platforms offering royalty-
free or Creative Commons-licensed materials.

To prevent similar problems, always create original content when possible and get
written permissions or licenses for third-party content. Additionally, ensure that you
attribute any content under Creative Commons or other licenses in accordance with
the specific terms.

If you are unsure about the situation or facing legal threats, consulting an intellectual
property attorney is advisable for specific guidance tailored to your case.

By taking swift corrective action and learning from the experience, you can minimize
the impact and avoid similar issues in the future.

As with a lot of copyright infringement issues, the best way to avoid copyright
infringement on social media is to make sure you get permission from the original creator
or owner before reposting or using the content. If you are not sure who the owner is, do
not risk it.

If someone is using your copyrighted content online without your permission, you can: 

 Contact the infringer
Ask the infringer to remove the content. You can try to reach a win-win outcome
by asking for something in return, like a booking or an advert. 
 Take legal action
If the infringer refuses to remove the content, you can pursue legal action, with
the help of an intellectual property lawyer, and can submit a copyright removal
request.
 Consider copyright exceptions
 Consider if fair use, fair dealing, or a similar copyright exception applies.
 Copyright infringement disputes are usually resolved through direct negotiation, a
notice and take down process, and litigation in civil court.

No, simply giving credit does not automatically grant permission to use copyrighted
material. While attribution is essential, you also need to obtain the necessary permissions
or licenses to use the content legally, unless it falls under exceptions like fair use.

A. Carefully Review the Notice

B. Collect Supporting Documents

C. Respond Promptly and Appropriately