Phishing attack meaning & legal definition in IT act

Phishing attack

Introduction of the Phishing attack meaning and legal definition: – Phishing is a type of social engineering in computing that involves attempting to steal valuable details, such as username and password as well as credit card information, by impersonating a trustworthy individual or company in an evidently official digital information, including an e-mail or an instant message.

Phishing aims to steal personal information, the user’s identification, essential passwords, as well as bank account details before gaining control of the computer and engaging in potentially illegal activities. Through America Online, the term “phishing” and its idea may be traced back to the 1990s (AOL). A group of hacker attacks impersonating AOL workers operated under the name of the warez community. The early “phishers” are another name for this group. Users of AOL were requested for personal login data and information details.

Definition of Phishing

Attacks known as “phishing” include delivering false communications that seem to be from a reliable source. Email is typically used for this. The primary objective is to steal confidential data such as credit card info and login credentials or to use malware to endanger the victim’s computer.

Phishing is an assault that attempted to steal your money or personal identification by misleading you into disclosing confidential information on a website that looks authentic but is actually fake, such as credit card numbers, bank account details, or credentials.

Legal definition of Phishing

Anti-Phishing Act of 2005, which was passed by California as the first state in the USA, prohibits phishing. The law also provides that those who fall victim to phishing in California are eligible for compensation that is equal to the higher the actual cost of the losses they sustained or $500,000.

Phishing is a sort of fraud that is considered a cybercrime in India and is subject to numerous penal sections of the Information Technology Act, 2000 (hence referred to as the “IT Act”).

How is phishing carried out?

In phishing, a victim is initially enticed by a fake email or other forms of communication. The communication is created to appear to be from a reputable sender. If the victim falls for it, they may be persuaded to disclose private information, frequently on a fraudulent website.

Various kinds of Phishing attacks

Deceptive or Deceitful phishing

The most prevalent kind of phishing. In this situation, the attacker tries to obtain sensitive details or information from the victims. The data is used by attackers to extract money or initiate other threats. A prominent instance is a spurious e-mail from a financial institution requesting you to click on a link and confirm your account information.

Spear phishing

It targets certain persons rather than a large population of people. Attackers frequently look up their targets on websites and social media. They can personalize their communications and come across as more genuine. The very first stage used to get penetrate a company’s business security and execute a customized attack is usually spear phishing.


The phishing attack known as “whaling” targets senior executives while pretending to be a genuine email. Whaling is a type of fraud via social engineering that takes advantage of the internet to trick victims into taking a secondary action, like starting a wire transfer of money.


Pharming directs consumers to a bogus website that looks real, much like phishing. However, in this instance, consumers are led to the fraudulent website without even having to click on a malicious link. Even if the user types in the right URL, attackers can steal either the user’s data or the website’s DNS server and route them to a fraudulent website.

Phishing is covered under the following sections of the IT Act

Section 43

Anyone who downloads, accesses, introduces, disturbs, denies, or helps another person in any way while using a computer, computer system, or computer network without the owner’s consent is subject to liability under this section.

Section 66

This section specifies sanctions for phishers who seriously affect a victim’s accounts. Anyone who commits any of the acts specified in Sec. 43 of the IT Act, imprisonment for up to 3 years or a fine of up to 5 lakh rupees, or both.

Section 66C

This provision forbids the use of digital signatures, log-in details, and any other feature that allows a person to be identified uniquely. Phishers impersonate the real owners of accounts and commit fraud. This is directly relevant to Phishing Identity Theft.

Section 66D

The clause imposes penalties for personating someone else while cheating via communication tools or computer sources. Fraudsters fake banks and other businesses by using URLs that contain links to their bogus websites.

However, Section 77B of the IT Act makes all laws related to phishing frauds bailable (Amendments 2008).

Additionally, the Indian Penal Code makes phishing punishable by the following sections: abetment (Sec. 107), forgery (Sec. 464), mischief (Sec. 425), and cheating (Sec. 415).

Conclusion of Phishing attack meaning and legal definition

As per the outcomes of a global survey conducted by the cyber security firm Sophos called “Phishing Insights 2021“. Approximately 83% of IT teams in Indian businesses reported that in 2020, there were more phishing emails aimed at their staff. This research warns companies and people of the need to avoid falling victim to these attacks in addition to demonstrating the growing tendency of phishing in India and across the world.

Frequently Asked Questions

Q. How is phishing actually done?

Ans. Avert questionable emails that ask for sensitive information by phishing. Usually, a victim gets a message that seems to have come from a person or group they know. A malware data attachment or links leading to a malicious website are then used to carry out the attack.

Q. Define spear phishing.

Ans. Targeting certain people or groups inside an organization is the goal of the phishing technique known as spear phishing.

Q. What is whaling in phishing?

Ans. The phishing attack known as “whaling” targets senior executives while pretending to be a genuine email. Whaling is a type of fraud via social engineering that takes advantage of the internet to trick victims into taking a secondary action, like starting a wire transfer of money.


Cyber Laws in India – The Importance of Cyber law

Share this Article:

Leave a Comment

Expansion Commercial Surrogacy and barriers Bailment and parole difference Prince Harry and Meghan evicted from their royal residence in the UK Silicon Valley Bank & Signature Bank both went bankrupt unexpectedly. WOMAN OR MAN, ADDRESS JUDGE AS ‘SIR’ It will completely ruin the Indian family concept: Indian Govt opposes same-sex marriage validation in S.C A man from Delhi has been arrested for harassing & stalking 50 women on social sites. If you do these things on WhatsApp, you could end up in jail. Indian government’s new rules for cryptocurrency trading and NFTs come under “Money Laundering Provisions.” chatGPT fails the UPSC exam, answering only 54/100 questions. Half of the US companies that use AI bots, ChatGPT replaces humans. Delhi minister Manish Sisodia was arrested and taken to Tihar Jail. five new Judges Of The Supreme Court who will take the oath  on February 6th. Bombay High Court rules on a woman’s right to have or not to have an abortion. “Last seen” Theory New parliament building India “Parakram Divas” Netaji Subhas Chandra Bose birth anniversary Republic Day 2023 and chief guest for Republic day 2023 About Republic day Nations with their own Republic day