Cyber security and Privacy Awareness manual

1
Privacy Kit
Manual of cyber awareness
Chapter-1
Safe Computing
What is Safe Computing?
Safety is a state of being protected from
potential harm or something that has been
designed to protect and prevent harm. An
Example of Safety is when you wear a
seatbelt.
Today, we are more dependent on
computers and the information that they
store than ever before. From spyware,
viruses, and Trojans to identity theft and
computer hardware malfunctions - any
disruption can have a huge impact on our lives. No matter how savvy the
user, safe computing software and security settings and the secure
actions of the user.
Below are some tips that will help you protect your computer.
1. Keep your Computer
Updated: Whether individuals
choose to update their
operating system software
automatically or manually, we
recommend making it a
continuous process. It is also
important to keep other
software on your computer
updated. Software updates
often include essential bug
fixes and security features that
address existing vulnerabilities.

2
2. Keep up-to-date on
software patches:
Staying up-to-date
on the latest security
patches is critical in
today’s threat
environment. The
single most
important thing you
can do keep your
software and
computer safe is to
always run the most
up-to-date versions.
Why patch?
If your computer seems to be working fine, you may wonder why
you should apply a patch. By not applying a patch you might be
leaving the door open for a malware attack.
What to patch?
Not all the vulnerabilities that exist in products or technologies
will affect you. However, any software you use is a potential
source of vulnerabilities that could lead to compromise of security or
identity. The more commonly used a program is, the bigger target it
represents and the more likely it is that vulnerability will be exploited.
For the more obscure software you use, contact the vendor to
receive updates, patches, or vulnerability alerts. Additionally, don’t
forget to patch your Antivirus software.

3
3. Do not use open Wi-Fi:
Everybody has done it. At least
once, probably a lot more. Maybe
daily, Maybe even hourly. But just
because everybody else is
connecting to the internet via free
public Wi-Fi doesn’t mean you
should, too. Instead, you should listen
to that little voice in your head that
asks, “is this safe?” every time you
connect to a public Wi-Fi network - because you know it really isn’t.
You’re not alone. Open public Wi-Fi networks are everywhere: coffee
shops, airports, restaurants, shopping malls, public Wi-Fi is
commonplace. And so are people’s concerns about their safety on
unsecured open Wi-Fi hotspot, but like you they go ahead and connect
anyway.
There are a few big problems with using a public Wi-Fi network. The
open nature of the network allows for snooping, the network could be
full of compromised machines, or - most worryingly - the hotspot itself
could be malicious.
When you connect to an open Wi-Fi network like one at a coffee shop
or airport, the network is generally unencrypted - you can tell because
you don’t have to enter a passphrase when connecting. Your
unencrypted network traffic is then clearly visible to everyone in range.
People can see what unencrypted web pages you’re visiting, what
you’re typing into unencrypted web forms, and even see which
encrypted websites you’re connected to - so if you’re connected to your
bank’s website, they’d know it, although they wouldn’t know what you
were doing.

4
4. Lock the
computer/system when you
are not using: The physical
security of your devices is just
as important as their technical
security.
If you need to leave your
laptop, phone, or tablet for any
length of time - lock it up so no
one else can use it.
If you keep sensitive
information on a flash drive or external hard drive, make sure to keep
these locked as well. For desktop computers, shut-down the system when
not in use or lock your screen.
5. Download Files Legally:
Downloading from the internet
and sharing files are both
common, everyday practices,
and can come with a set of risks
you should be aware of. You
could unknowingly give others
access to your computer while
file sharing, who could
potentially copy private files.
This can happen when you’re
asked to disable or alter your firewall settings in order to use Peer-to-Peer
to upload to a file sharing program, which could leave your computer
vulnerable.
Downloading viruses, malware and spyware to your computer without you
knowing it, they’re often disguised as popular movie or song downloads.
Inadvertently spreading viruses and other malware that damage the
computers of those with whom you’re file sharing.

5
6. Backup on regular basis: Regular,
scheduled backups can protect you from
the unexpected. Keep a few months’ worth
of backups and make sure the files can be
retrieved if needed. If you are a victim of a
security incident, the only guaranteed way
to repair your computer is to erase and
reinstall the system.
7. Use HTTPS everywhere: HTTPS helps
prevent intruders from tampering with the
communications between your websites
and your user’s browsers. Intruders include
intentionally malicious attackers, and
legitimate but intrusive companies, such as
ISPs or hotels that inject ads into pages.
Intruders exploit unprotected communications to trick your users into
giving up sensitive information or installing malware, or to insert their own
advertisements into your resources. For examples, some third parties
inject advertisements into websites that potentially break user
experiences and create security vulnerabilities. Intruders exploit every
unprotected resource that travels between your websites and your users.
Images, cookies, scripts, HTML. they are all exploitable. Intrusions can
occur at any point in the network, including a user’s machine, a Wi-Fi
hotspot, or a compromised ISP.
8. Use Anti-Virus: Only install an antivirus
program from a known and trusted source.
Keep virus definitions, engines and software up
to date to ensure your antivirus program
remains effective.
Virus, worms and the like often perform
malicious acts, such as deleting files, accessing
personal data, or using your computer to attack
other computers. To help keep your computer healthy, install Anti-virus.
You must also ensure both the program and the virus signature files are
up to date.

6
9. Use Anti-Malware: Anti-Malware is a type
of software program designed to prevent,
detect and remediate malicious programming
on individual computing devices and IT
systems. Antimalware software protects
against infections caused by many types of
malware, including viruses, worms, Trojan
horses, rootkits, spyware, key loggers,
ransomware and adware.
The intent of malware is that of promoting
rogue product, redirecting your legitimate browsing to their scam sites,
intercepting your transactions, and gathering as much of your personally
identifying information as possible, all for financial gain.
10. Turn on Firewall: Windows Firewall or
any other firewall app can help notify you
about suspicious activity if a virus or worm
tries to connect to your PC. it can also block
viruses, worms, and hackers from trying to
download potentially harmful apps to your
PC.
11. Use VPN or Proxy:
What is VPN? : A VPN is secure connection
between your computer and server. All your internet
traffic and browsing data goes through that remote
server. To the outside world, the anonymous server
is doing the browsing, not you. ISPs, government
agencies, hacker or anyone else can’t track your
activity online.
In the past, VPNs were mainly used by companies
to securely link remote branches together or
connect roaming employees to the office network, but today they’re an
important services for consumer too, protecting them from attacks when
they connect to public wireless networks.

7
TOP 5 FREE VPNs
1. TunnelBear: Your IP address is
the unique number that websites
use to determine your physical
location and track you across
different sites. Use TunnelBear
VPN to keep your IP address
private from websites, hackers and
advertisers. TunnelBear VPN
shields your personal information
from prying third-parties and
hackers on public WiFi, ISPs and other local networks. Your
connection is secured with bear-grade (that’s strong) AES 256-bit
encryption.
2. OpenVPN: OpenVPN Access Server
is a full featured secure network
tunneling VPN software solution that
integrates OpenVPN server
capabilities, enterprise management
capabilities, simplified OpenVPN
Connect UI, and OpenVPN client
software packages that accommodate
Windows, MAC, Linux, Android, and
iOS environments. OpenVPN Access Server support a wide range
of configurations, including secure and granular remote access to
internal network and/ or private cloud network resources and
applications with fine-grained access control.
3. Hotspot Shield: Hotspot Shield is possibly the
most popular free VPN client in the world. It
made waves when Hulu was launched as it
allowed users to watch Hulu even when it was
blocked. Now, they have US & UK based VPN
services which you can use to protect yourself
from WiFi Snoopers, identity thefts, and
censorships. The best part is, Hotspot Shield
provides unlimited bandwidth and works on both PC & Mac.

8
4. VPNBook: It’s a free VPN
service and comes with most
advanced cryptographic
techniques to keep you safe on
the internet. VPNBook strives
to keep the internet a safe and
free place by providing free and secure PPTP and OpenVPN service
access for everyone. From our tests, we have found that VPNBook
is Romania based and claims that they do not collect any
information or log any internet activity.
5. UltraVPN: UltraVPN is a French VPN client
that hides your connection from unwanted
ears and allows you to use blocked
applications. It is also based on OpenVPN
service. Traffic is quota is unlimited.
Bandwidth is 50kb/s depending on network
conditions.
What is Proxy? : A
Proxy server is a
computer that acts as
an intermediary
between the user’s
computer and the
Internet. It allows client
computers to make
indirect network
connection to other
network services. If
use proxy server.
Client computers will first connect to the proxy server, requesting some
resources like web pages, games, videos, mp3, e-books, and any other
resources which are available from various servers over internet.
Nowadays, we use proxy server for various purpose like sharing internet
connections on a local area network, hide our IP address, implement
Internet access control, access blocked websites and so on.

9
 To share Internet connection on a LAN. Some small
businesses and families have multiple computers but with only
one Internet connection, they can share Internet connection
for other computers on the LAN with a proxy server.
 To hide the IP address of the client computer so that it can
surf anonymous, this is mostly for security reasons. A proxy
server can act as an intermediary between the user's
computer and the Internet to prevent from attack and
unexpected access.
Use Proxy Server for IE
 Click "Tools" -> "Internet Options" -> "Connections" -> "LAN
Settings" -> select "Use a proxy server for your LAN" -> "Advanced",
configure as bellow.

10
Use Proxy server for Firefox
Click "Tools" -> "Options" -> "Advanced" -> "Network" -> "Connections" -
> "Settings" -> "Manual proxy configuration", configure as bellow.

11
Use Proxy server for Chrome
Click "Tools" -> "Settings" -> "Advanced" -> "Network" -> select "Change
Proxy Settings" -> "Connection" -> "LAN Settings" -> Select "Use a proxy
server for your LAN" -> "Advanced", configure as below.

12
12. Use TOR: The Tor
network is a group of
volunteer-operated servers
that allows people to improve
their privacy and security on
the Internet. Tor's users
employ this network by
connecting through a series of
virtual tunnels rather than
making a direct connection,
thus allowing both
organizations and individuals
to share information over
public networks without compromising their privacy. Along the same line,
Tor is an effective censorship circumvention tool, allowing its users to
reach otherwise blocked destinations or content. Tor can also be used as
a building block for software developers to create new communication
tools with built-in privacy features.
Individuals use Tor to keep websites from tracking them and their family
members, or to connect to news sites, instant messaging services, or the
like when these are blocked by their local Internet providers. Tor's hidden
services let users publish web sites and other services without needing to
reveal the location of the site. Individuals also use Tor for socially sensitive
communication: chat rooms and web forums for rape and abuse survivors,
or people with illnesses.
Journalists use Tor to communicate more safely with whistle-blowers and
dissidents. Non-governmental organizations (NGOs) use Tor to allow their
workers to connect to their home website while they're in a foreign country,
without notifying everybody nearby that they're working with that
organization.

13
13. Don’t store password in
browser: Most recent versions
of web browsers prompt you to
save usernames and
passwords for various sites on
the internet.
This feature can be useful, but
can also put your money and
personal information at risk if
you are not careful.
Information Services and
Technology recommends that
you do not save passwords with
your browser for sites which
have:
 Private information about
you or someone else (e.g.,
medical records);
 Private financial
information (e.g., credit
card numbers);
 Private correspondence
(e.g., email).
You put yourself at risk when you save passwords for these types of sites.
Below are instructions to disable the password saving feature, or to force
the browser to clear all currently saved passwords, on commonly used
browsers.

14
To disable password saving in internet Explorer on Windows:
1. Internet Explorer
2. Select Tools > Internet options > Content.
3. Under “AutoComplete”, click Settings.
4. To stop password saving, uncheck Usernames and password
forms.

15
To clear all existing saved usernames and passwords, click on Clear
Passwords, then click OK in the warning dialog box.
To disable password saving in Firefox
on Windows:
1. Open Firefox
2. Click on open menu
3. Under “Menu”, Click on
Options

16
4. Select Privacy & Security
5. To stop password saving, uncheck Remember Logins and
passwords for websites

17
To disable password saving in Chrome on Windows:
1. Open the Chrome menu using the button on the far right of the
browser toolbar.
2. Choose the Settings menu option.

18
3. Click the advanced settings…located at the bottom of the
page.
4. In the “Passwords and forms” section, click the Manage
passwords.
5. In the Manage passwords Section. To stop password
saving, turn it off this option.

19
To disable password saving in Safari on Mac OS:
1. Go to Safari Preferences.
2. Select the Autofill tab, and for AutoFill web forms toggle the
option for Usernames and passwords option.
3. Select the Password tab. make sure 'AutoFill usernames and
passwords' is unchecked and use the 'Remove All' to clear any
saved passwords there.
14. Cover Mic and
Camera with Tape: It is
certainly possible for
hackers to install malware
on computers that allow
them to turn on a
computer's camera and
record or take screenshots
of what is going on.
The threat of this can be
mitigated by taking
common security steps -
installing anti-virus
software, having a firewall,
and not clicking any suspicious links in emails.
For those using desktops, the best way to ensure that you're not being
watched is simply to unplug your webcam. For laptop users, this isn't an
option, so the approach of covering it up might be best. The Electronic
Frontier Foundation even sells a specially-designed sticker set for the
purpose.
Mac users are a little safer - a green light next to the webcam is designed
to activate any time the camera is being used, so you should be alerted
to any unsolicited recording. This isn't always the case, however.

20
15. Most Importantly, Stay Informed: Stay
current with the latest developments for
Windows, MacOS Linux, and UNIX systems
and in various smartphone operating systems.
Regularly browse for security updates and
important issues concerning various operating
systems and applications.
Most importantly, you should keep an ongoing
conversation about internet safety and privacy
issues. Update your children on any online
scams you learn about and initiate discussions about cyberbullying,
predators, sexting and more. Remember, there is no better way to protect
your children from bad decisions that nurturing critical thinking and raising
awareness. For tips on talking to your kids about online safety.
In an increasingly security-conscious world, many of us know the basics
about phishing, strong password parameters, VPNs and benefits of
encryption. Why we sometimes choose to disregard those rules is another
question: the important thing is that we know them and we make informed
decisions, which is not always true when it comes to our children. Being
security-conscious cyber citizens is not enough anymore. We must protect
our children until we teach them the basics of online security.

21
Chapter-2
Internet Surfing Tips
What is Internet Surfing or Browsing?
A browser is a program on your
computer that enables you to search
("surf") and retrieve information on
the World Wide Web (WWW), which
is part of the Internet. The Web is
simply a large number of computers
linked together in a global network
that can be accessed using an
address in the same way that you
can phone anyone in the world given
their telephone number.
The Internet can be a confusing and dangerous place. Without a safety
net, people can fall into the danger zones of pornography, predators,
many online scams, Internet viruses, and spyware. With such free access
to the Internet around the world, many have abused it as an opportunity
to take advantage of others.
But, there's no reason to fear the Internet. When used properly, with the
right precautions and the right information; the Internet educates,
positively influences, and provides a creative outlet for today's kids.
Below are some tips for Surfing Internet.
1. Use private browsing in
Firefox: As you browse the
web, Firefox remembers
lots of information for you -
like the sites you've visited.
There may be times,
however, when you don't
want people with access to
your computer to see this
information, such as when
shopping for a present.
Private Browsing allows
you to browse the Internet
without saving any information about which sites and pages

22
you’ve visited. Private Browsing also includes Tracking
Protection, which prevents companies from tracking your
browsing history across multiple sites.
2. Check for green lock and HTTPS in
URL: HTTPS is a modification of the HTTP
(Hyper Text Transfer Protocol) standard
used to allow the exchange of content on the
Internet. The “S” stands for secure, which
means the HTTP connection is encrypted —
preventing exchanged information from
being read in plain text, or “as you see it.”
Even if someone were to somehow obtain the encrypted data shared in
the exchange, it would be nonsense with nearly no means of decryption
to retrieve the original content. Think of HTTPS as locking a door before
starting a meeting; only the parties in the room can see what is happening.
3. Keep your browser
Up to Date: The most
important reason to keep
your browser up-to-date
is for your own safety and
security, and that of your
computer. There are
many different sorts of
security threats that you
can be subject to when
you're browsing the web:
identity theft, phishing
sites, viruses, Trojans, spyware, adware, and other sorts of malware.

23
Another reason to keep your
browser up-to-date is that
you won't necessarily be
getting the best browsing
experience otherwise. You
won't always know when
you see a web page that
isn't displaying properly – a
well-designed site degrades
gracefully so that you don't
suffer unnecessarily with an
old browser – but for the
most up-to-date functions and features, you will need to update your
browser regularly.
4. Think before you click on unknown links: When you’re online, don’t
click something unless you know it’s from someone or something that you
recognize. But there’s a reason that it’s important to repeat this. Clicking
unknown links is STILL one of the most common forms of security
breaches.
A common thing to be aware of is that some
scammers look at what information is available
about you online. If your email address, job title,
websites you like, etc. is online, and then there is
ample opportunity for a scammer to craft
something that is customized to get your attention.
Your social media leaves you somewhat vulnerable because of the
amount of information available online. But it’s more than just what you
share.

24
5. Use NOscript add-on blocker plugins: NoScript
(or NoScript Security Suite) is a free software
extension for Mozilla Firefox, SeaMonkey, and other
Mozilla-based web browsers, created and actively
maintained by Giorgio Maone, an Italian software
developer and member of the Mozilla Security Group.
It allows executable web content based on JavaScript,
Java, Flash, Silverlight, and other plugins only if the
site hosting is considered trusted by its user and has
been previously added to a whitelist. It also offers specific
countermeasures against security exploits.
NoScript blocks JavaScript, Java, Flash, Silverlight, and other "active"
content by default in Firefox. This is based on the assumption that
malicious websites can use these technologies in harmful ways. Users
can allow active content to execute on trusted websites, by giving explicit
permission, on a temporary or a more permanent basis. If "Temporarily
allow" is selected, then scripts are enabled for that site until the browser
session is closed.

25
6. Turn on do not track button: Do Not Track,
the feature in web browsers and web sites that
asks advertisers and data miners not to track
your browsing habits, is a relatively new
service. It's also typically an opt-out feature.
So, here's everywhere that you can enable Do
Not Track so advertisers can't snoop in on your
habits.
Essentially, ad and analytics companies watch what you do online, and
then tailor the web experience based on your history. That means targeted
ads, specific articles, and more. They typically do this through cookies in
your browser.
Enable Do Not Track in These Browsers:
Chrome: Head into the Settings page and click "Show advanced
settings." Scroll down to the Privacy section and select Do Not Track.
Mobile Chrome: Head into the Settings and then Privacy > Do Not Track.

26
Firefox: Select Preferences > Privacy and check the box marked, "Tell
websites I do not want to be tracked."
Internet Explorer: Click the Tools button and then Internet Options >
Advanced. Select "Always send Do Not Track Header."
Safari: Head into Preferences > Privacy and check the box marked "Ask
website not to track me."
7. Erase your trail justdelete.me: Some Web sites make it difficult to
figure out how to delete your accounts. JustDelete.me can save you time
by providing direct links to the cancellation pages of numerous Internet
sites.
Web companies don't want you to close out your accounts with them,
which is understandable. If you leave, their revenue-earning potential
decreases. Some companies make the process of deleting your account
relatively easy, while others make it practically impossible or confusing.
Just Delete Me is a list of the most popular web apps and services with
links to delete your account from those services. Each one is color coded.

27
Green is easy, yellow is medium, red is difficult, and black is impossible.
When you click on a service, you're automatically taken to the page where
you can delete your account so you don't have to go searching for it.
Likewise, you can snag the Chrome extension and be taken to the account
deletion page right from the URL bar when you're on a site, as well as get
up to date information about whether an account is easy to delete before
you sign up. If you want to keep track of your accounts and delete as many
as possible, this is a good place to start.
8. Use Sandboxie: Sandboxie uses isolation
technology to separate programs from your
underlying operating system preventing unwanted
changes from happening to your personal data,
programs and applications that rest safely on your
hard drive.
Web Browsing?
Secure your favourite web browser and block
malicious software, viruses, ransom-ware and zero
day threats by isolating such attacks in the Sandbox; leaving your system
protected.
Email
Run your favourite email program in Sandboxie so you never have to
worry about suspicious attachments or spear phishing attacks.
Data Protection
Sandboxie prevents internet websites and programs from modifying your
personal data (i.e. My Documents), files & folders on your system.
Application Testing
Safely test and try new programs and applications within Sandboxie and
prevent unauthorized changes to your underlying system that may occur.

28
9. Use DuckDuckGo Search Engine: DuckDuckGo (DDG) is an Internet
search engine that emphasizes protecting searchers' privacy and avoiding
the filter bubble of personalized search results. DuckDuckGo
distinguishes itself from other search engines by not profiling its users and
by deliberately showing all users the same search results for a given
search term. DuckDuckGo emphasizes returning the best results, rather
than the most results, and generates those results from over 400
individual sources, including key crowdsourced sites such as Wikipedia,
and other search engines like Bing, Yahoo!, Yandex, and Yummly.
DuckDuckGo positions itself as a search engine that puts privacy first and
as such it does not store IP addresses, does not log user information and
uses cookies only when needed. By default, DuckDuckGo does not collect
or share personal information.
10. Use Disconnect Search Engine: Disconnect Search already makes
your searches—no matter what engine you choose, whether it's Google,
Bing, Yahoo, or even the already-private DuckDuckGo—completely
private and untraceable. Searches are routed through Disconnect and

29
Anonymized, so they appear to come from Disconnect instead of a
specific user. Plus, those queries are encrypted, so ISPs (or anyone riding
their lines) can't see what you're looking for. Disconnect also never logs
keywords, IP addresses, or other personally identifiable information. Each
search is just as anonymous as the first one.
The service has been available in the form of a browser extension and an
Android app up to this point, but if you don't want to install anything (or
can't, because you're at work), you can head right over to their website to
search directly. Hit the link below to give it a try.
https://search.disconnect.me/
11. Lukol: Lukol uses a proxy server to deliver customized search results
from Google using its enhanced custom search yet conserves your
privacy by removing traceable entities. Lukol is considered as one of the
best private search engines that protects from online fraudsters and keeps
the spammers away by safeguarding you from misleading or inappropriate
sites. It ensures full anonymity of your searches.
https://www.lukol.com/

30
12. Use lightbeam: Lightbeam is a Firefox add-on that enables you to
see the first and third party sites you interact with on the Web. Using
interactive visualizations, Lightbeam shows you the relationships between
these third parties and the sites you visit.

31
13. Use TOR for no Digital Trace: Another way to go anonymous, when
you are browsing is to install the TOR browser. This one comes is based
on too many VPN-style features that make your Internet activity to bounce
around different parts of the world, making it a lot tougher for both the
government and companies to find. When you are using this, you should
not share your personal credentials at all.
14. Use uBlock Origin add-on for ad blocker:
uBlock Origin is a free and open source, cross-
platform browser extension for content-filtering,
including ad-blocking. The extension is
available for several browsers: Safari (Beta),
Chrome, Chromium, Edge, Firefox, and Opera.
uBlock Origin has received praise from
technology websites, and is reported to be much
less memory-intensive than other extensions with similar functionality.
uBlock Origin's stated purpose is to give users the means to enforce their
own (content-filtering) choices.

32
15. Panopticlick: Panopticlick is a research project designed to better
uncover the tools and techniques of online trackers and test the efficacy
of privacy add-ons.
When you visit a website, you are allowing that site to access a lot of
information about your computer's configuration. Combined, this
information can create a kind of fingerprint — a signature that could be
used to identify you and your computer. Some companies use this
technology to try to identify individual computers.

33
16. Use VirusTotal Website: VirusTotal, a subsidiary of Google, is a free
online service that analyzes files and URLs enabling the identification of
viruses, worms, trojans and other kinds of malicious content detected by
antivirus engines and website scanners. At the same time, it may be used
as a means to detect false positives, i.e. innocuous resources detected as
malicious by one or more scanners.
VirusTotal’s mission is to help in improving the antivirus and security
industry and make the internet a safer place through the development of
free tools and services.
https://www.virustotal.com/#/home/upload

34
Chapter-3
Introduction To Mobile Security
Mobile Security is also known as
Mobile Device Security has become
increasingly important. According to
ABI Research number of unique
mobile threats grew by 261% in last
two quarters of 2012.There are
mainly three targets of an attacker
Data, Identity and Availability. Threats to mobile device include Botnets,
Malicious Applications, Malicious links on social networks, Spywares etc.
1. Lock your screen set passwords and user privileges: The best way
to protect your phone is setting up a screen lock. Screen lock won’t allow
an attacker to access your phone. You can set a screen lock in many
different ways such as setting screen lock using Password, PIN, Pattern,
Face Detection, Fingerprint etc. A user privilege is a right to execute a
particular type of SQL statement, or a right to access another user's
object. The types of privileges are defined by Oracle. Roles, on the other
hand, are created by users (usually administrators) and are used to group
together privileges or other roles.

35
Step 1: Open the Settings
Step 2: Go to Security & Fingerprint

36
Step 3: Choose Screen lock and set the password
2. Use Secured Network: It’s good
to be extra careful whenever you go
online using a network you don’t
know or trust – like using the free
Wi-Fi at your local cafe. The service
provider can monitor all traffic on
their network, which could include
your personal information. If you are
using a service that encrypts your
connection to the web service, it can make it much more difficult for
someone to snoop on your activity. When you connect through a public
Wi-Fi network, anyone in the vicinity can
monitor the information passing between
your device and the Wi-Fi hotspot if your
connection is not encrypted. Avoid doing
important activities like banking or shopping
over public networks. If you use Wi-Fi at
home, you should make sure you use a
password to secure your router by using

37
strong password and avoid using default password. Using default
password may become an advantage for an attacker, they can change
your settings and snoop on your online activity. There are two main types
of encryption WPA (Wi-Fi Protected Access) and WEP (Wired Equivalent
Privacy).Your computer, router, and other equipment must use the same
encryption. WPA2 is strongest; use it if you have a choice. It should protect
you against most hackers. Some older routers use only WEP encryption,
which likely won’t protect you from some common hacking programs.
Consider buying a new router with WPA2 capability.
3. Use Anti-virus Software: Antivirus or anti-virus software (often
abbreviated as AV), sometimes known as anti-malware software, is
computer software used to prevent,
detect and remove malicious
software. Antivirus software was
originally developed to detect and
remove computer viruses. Antivirus
software is program that help to
protect your computer against most
viruses, worms, Trojan horses, and other unwanted invaders that can
make your computer "sick." Viruses, worms etc. performs malicious acts,
such as deleting files, accessing personal data, or using your computer to
attack other computers. For avoiding such malicious activities and to keep
your computer healthy, install Antivirus. It is important to constantly update
the anti-virus software on a computer because computers are regularly
threatened by new viruses. The anti-virus updates contain the latest files
needed to combat new viruses and protect your computer. These updates
are generally available through your subscription. Viruses can be
prevented by taking sensible precautions, including:
 Keeping your operating system up to date
 Using up to date anti-virus software
 Not opening an email attachment unless you are expecting it and
know the source (many email servers scan emails with anti-virus
software on the user's behalf)
 Back up your computer
 Use a strong password
 Use a firewall
 Use a pop-up blocker
 Scan your system weekly

38
4. Update your Mobile OS: Updating mobile’s OS is necessary because
it keeps your mobile free from the viruses. If one will not update its
mobile’s operating system regularly he/she needs to face the
repercussions and the repercussions may lead to the loss of sensitive
data. Before you proceed, be sure to backup all of your data, just in case
something goes wrong with the update. You should be backing up your
information regularly. There is a multitude of backup apps available out
there from carriers, manufacturers, and third parties, download and use it
(Verify before using third party applications). Download and use How to
update your mobile’s Operating System:
Step 1: Go to Settings

39
Step 2: Select System Updates
Step 3: Click on Download Now

40
Rooting is always an option - If you want the latest OS as soon as it's
available, you can always choose to root your phone, which enables you
to access updates when you want them. That's just one of the many
benefits of rooting your Android device. You'll also be able to access
features not yet available to unrooted Android smartphones and tablets,
and you'll have more control over your device to boot.
Steps for rooting – (Rooting may lead to some disadvantages)
Step 1: Free download KingoRoot.apk.
Step 2: Install KingoRoot.apk on your device.
Step 3: Launch "Kingo ROOT" app and start rooting.
Step 4: Waiting for a few seconds till the result screen appear.
Step 5: Succeeded or Failed.

41
5. Use Lock Code Apps and Vaults : Use of lock codes and vaults is
mainly for the applications that you have downloaded on your device. Lock
codes and vaults can help you in securing your apps by some code or
password. It is as same as putting PIN, Pattern or Password on your
device, you can download Vaults or Lock Code Apps from the PlayStore.
Using Lock Code Apps or Vaults will help you in maintaining confidentiality
of your personal information. According to survey 60% of the total
population doesn’t use Lock Code Apps or Vaults and hence results to the
personal information expose. How to download Lock Code Apps and
Vaults:
Step 1: Go to PlayStore
Step 2: Search for the App Locks

42
Step 3: Choose wisely and Download

43
6. Use Kids/Guest modes: Guest mode is one of many new features of
the new version of Android Lollipop 5.0 it mainly add two accounts first for
the User and second for the Guest (unknown user). These new feature
Guest Mode, which lets you hand your phone over to someone else
without giving them access to any of your data. How to enable guest
mode:
Step 1: Go to Settings -> User
Step 2: Click on Guest or Add user

44
7. Set up SIM Lock: A SIM lock, simlock, network lock, carrier lock or
(master) subsidy lock is a technical restriction built into GSM (Global
System for Mobile) and CDMA (Code Division Multiple Access) mobile
phones by mobile phone manufacturers for use by service providers to
restrict the use of these phones to specific countries and/or networks. Lock
your SIM card with a PIN (personal identification number) to require an
identification code for phone calls and cellular-data usage. The wrong
guess can permanently lock your SIM card, which means that you would
need a new SIM card. SIM lock requires your lock screen PIN, pattern,
password, or fingerprint and SIM card to be in place before the phone can
be unlocked. Now, a few things you should be aware of before setting up
SIM Lock. First off, you’ll need to know your carrier’s default unlock code.
For many, this is just 1111, but be aware: if you enter this incorrectly three
times, it will render your SIM useless (that’s part of the security of it, after
all). You can start by trying 1111, but if that doesn’t work on the first try,
you’ll probably need to contact your carrier to get the default code. How
to set up SIM lock:

45
Step 1: Go to Settings
Step 2: Search for SIM Lock

47
8. Keep Sensitive Files of your Phone on Cloud Storage: Cloud
Storage is a service where data is
remotely maintained, managed, and
backed up. The service allows the
users to store files online, so that
they can access them from any
location via the Internet. Instead of
storing information to your
computer's hard drive or other local
storage device, you save it to a
remote database. The Internet provides the connection between your
computer and the database. On the surface, cloud storage has several
advantages over traditional data storage. Users can scale services to fit
their needs, customize applications, and access cloud services from
anywhere with an Internet connection. Enterprise users can get
applications to market quickly without worrying about underlying
infrastructure costs or maintenance. Data security is a major concern, and
although options are currently limited, they exist. The most secure is likely
however, the biggest cause of concern for Cloud storage isn't hacked
data.
9. Do not install random apps from unknown sources: Installing
applications from unknown sources may harm your device. Unknown
apps can come with Viruses, Trojans, Spyware, Adware etc. which can
harm your device in different ways. In all devices there is an option of
enabling the Unknown source which will not allow any random
applications to be downloaded on your device. How to enable Unknown
source option:
Step 1: Go to settings

48
Step 2: Search for Security

49
Step 3: Open Security and enable the Unknown Source option
10. Disallow any unwanted permissions on the apps which don’t
require them to run on android device manager for remote swipe and
track location: Do you actually read the list of permissions that Android
apps are asking for before
you install them?
I know most of us treat those
permissions like terms and
conditions, blindly tapping our
way through. But if you
actually do, you would be
aware of their reach. Some of
your apps can make phone
calls. Some can track your
location. Some can read your browsing history, contacts, SMS, photos,

50
calendar. No doubt, Google’s Android mobile operating system has a
powerful app permission system that forces app developers to mention
the exact permissions they require. But there is a major issue for Android
users, by default it is a Take-it-or-Leave-it situation, which means you can
choose to install the app, granting all those permissions or simply, not
install it. Controlling these permissions as a user is possible, and there are
apps that make it easier for you to control each single permission you
grant to an app. You can first install an app like Permission Explorer that
allows you to filter apps and permissions by categories, giving you a much
more detail about the permissions you granted to the app. You can also
try similar apps like Permissions Observatory and App Permissions as
well. These apps will help you know if there are any apps with problematic
permissions that need to be revoked or perhaps even uninstalled
completely. Once you have found some offending apps with unnecessary
app permissions, it is time to revoke those permissions. One of the
popular apps is App Ops that allows you to block permissions to individual
apps.
11. Turn off your Wi-Fi, Bluetooth and NFC if you are not using it: The
ornate N is there to let you know that your phone currently has NFC
switched on. NFC, or Near Field Communication, is a technology that
allows devices to exchange information simply by placing them next to
one another. You may well have already encountered NFC if you’ve paid
for public transport with an Oyster card, or used the new tap-to-pay feature
with your bank card to buy something. Smartphones use NFC to pass
photos, contacts, or any other data you specify between NFC enabled
handsets. It is also the method used by Android Pay and Samsung Pay.
How to turn-off NFC:

51
You intuitively know why you should bolt your doors when you leave the
house and add some sort of authentication for your smartphone. But there
are lots of digital entrances that you leave open all the time, such as Wi-
Fi and your cell connection. It's a calculated risk, and the benefits
generally make it worthwhile. That calculus changes with Bluetooth.
Whenever you don't absolutely need it, you should go ahead and turn it
off. Minimizing your Bluetooth usage minimizes your exposure to very real
vulnerabilities. That includes an attack called BlueBorne, which would
allow any affected device with Bluetooth turned on to be attacked through
a series of vulnerabilities. The flaws aren't in the Bluetooth standard itself,
but in its implementation in all sorts of software. Windows, Android, Linux,
and iOS have been vulnerable to BlueBorne in the past. Millions could still
be at risk.
12. CM Security Application: This is the security application available
on the PlayStore and it is very useful. It is excellent in call blocking and
VPN services and it also has nice visuals. Steps for CM security
application:

52
Step 1: Download the CM Security & Find My Phone App
Head on over to the Play Store and download CM Security. Once the app
has downloaded, open up the app and tap ‘Scan,’ which is located in the
middle of the screen. CM Security will then scan all of the apps on your
device to detect any viruses, Trojans, vulnerabilities, adware and
spyware.
Step 2: Scan SD Card
By tapping on the ellipsis on the top right-hand corner, you can tap on
‘Scan SD Card.’ CM Security will then scan the external SD cards to
detect any threats, and will alert you if any threats are detected.
Step 3: Clean Up Junk
You can clean up junk on your Android phone or tablet by tapping on the
ellipsis on the top right-hand corner and tapping on ‘Clean Up Junk.’ You

53
will then see what apps are taking up the most storage on your Android
phone or tablet. Simply check the apps that you want to cache the junk
and tap ‘Solve.’
Step 4: Boost Memory
After you cleaned up the junk on your Android phone or tablet, you can
then remove apps that are taking up space to boost the memory on your
device. Just check the apps you want to remove and tap ‘Boost’ on the
bottom of the screen. You can also enable ‘game boost’ to make sure the
games on your device run smoothly.
Step 5: Find Your Phone & Prevent Unwanted Phone Calls
One of CM Security’s best features is that you can locate your Android
phone.
You can either go to the ellipsis in the top right-hand corner or tap on ‘Find
Phone,’ or you can visit https://findphone.cmcm.com. You will need to
logon to the website with your email address. CM Security will ask you to
set a CM Security password and you will be able to locate your phone on
a map. By tapping on ‘Yell,’ you can make the device yell to find it. The
‘Yell’ button will make your device play a loud sound for 60 seconds, even
if your device is set to silent. You can also lock your device to protect your
privacy. If anyone tries to break into your phone and enters the incorrect
password 3 or more times, the app will take a picture of the infiltrator. CM
Security allows you to block unwanted phone calls. You can block
unwanted phone calls by tapping tapping ‘Call Blocking.’ CM Security will
then block all unwanted calls in your blocking blacklist.
Step 6: Schedule Routine Scanning
To schedule a routine automatic scan, go to the ellipsis in the right-hand
corner and tap on ‘Scheduled scan.’ You can then select if you want to
do a routine automatic scan once a day, once a week or once a month.

54
Chapter-4
Password Protection
Most people don’t realize there
are a number of common
techniques used to crack
passwords and plenty more ways
we make our accounts vulnerable
due to simple and widely used
passwords.
How to get hacked?
Dictionary attacks: Avoid consecutive keyboard combinations— such as
QWERTY or asdfg. Don’t use dictionary words, slang terms, common
misspellings, or words spelled backward. These cracks rely on software
that automatically plugs common words into password fields. Password
cracking becomes almost effortless with a tool like John the Ripper or
similar programs.
Cracking security questions: Many people use first names as
passwords, usually the names of spouses, kids, other relatives, or pets,
all of which can be deduced with a little research. When you click the
“forgot password” link within a webmail service or other site, you’re asked
to answer a question or series of questions. The answers can often be
found on your social media profile. This is how Sarah Palin’s Yahoo
account was hacked.
Simple passwords: Don’t use personal information such as your name,
age, birth date, child’s name, pet’s name, or favourite color/song, etc.
When 32 million passwords were exposed in a breach last year, almost
1% of victims were using “123456.” The next most popular password was
“12345.” Other common choices are “111111,” “princess,” “qwerty,” and
“abc123.”
Reuse of passwords across multiple sites: Reusing passwords for
email, banking, and social media accounts can lead to identity theft. Two
recent breaches revealed a password reuse rate of 31% among victims.

55
Social engineering: Social engineering is an elaborate type of lying. An
alternative to traditional hacking, it is the act of manipulating others into
performing certain actions or divulging confidential information.
How to make them secure
1. Make sure you use
different passwords for each
of your accounts.
2. Be sure no one watches
when you enter your
password.
3. Always log off if you
leave your device and
anyone is around—it only
takes a moment for
someone to steal or change
the password.
4. Use comprehensive security software and keep it up to date to
avoid key loggers (keystroke loggers) and other malware.
5. Avoid entering passwords on computers you don’t control (like
computers at an Internet café or library)—they may have malware that
steals your passwords.
6. Avoid entering passwords when using unsecured Wi-Fi connections
(like at the airport or coffee shop)—hackers can intercept your
passwords and data over this unsecured connection.
7. Don’t tell anyone your password. Your trusted friend now might not
be your friend in the future. Keep your passwords safe by keeping them
to yourself.
8. Depending on the sensitivity of the information being protected, you
should change your passwords periodically, and avoid reusing a
password for at least one year.
9. Do use at least eight characters of lowercase and uppercase letters,
numbers, and symbols in your password. Remember, the more the
merrier.
10. Strong passwords are easy to remember but hard to
guess. Iam:)2b29! — This has 10 characters and says “I am happy to
be 29!” I wish.
11. Use the keyboard as a palette to create shapes. %tgbHU8*- Follow
that on the keyboard. It’s a V. The letter V starting with any of the top
keys. To change these periodically, you can slide them across the
keyboard. Use W if you are feeling all crazy.

56
12. Have fun with known short codes or sentences or phrases. 2B-or-
Not_2b? —This one says “To be or not to be?”
13. It’s okay to write down your passwords, just keep them away from
your computer and mixed in with other numbers and letters so it’s not
apparent that it’s a password.
14. You can also write a “tip sheet” which will give you a clue to remember
your password, but doesn’t actually contain your password on it. For
example, in the example above, your “tip sheet” might read “To be, or not
to be?”
15. Check your password strength. If the site you are signing up for offers
a password strength analyser, pay attention to it and heed its advice.
1. Don’t fill out your social media profile: The more information you
share online, the easier it’s going to be for someone to get their
hands on it. Don’t cooperate. Take a look at your social media
profiles and keep them barren—the people who need to know your
birth date, email address and phone number already have them.
And what exactly is the point of sharing everything about yourself
in your Facebook profile? If you care about your privacy, you won’t
do it.
Think twice about sharing your social security number with anyone,
unless it’s your bank, a credit bureau, a company that wants to do
a background check on you or some other entity that has to report
to the IRS. If someone gets their hands on it and has information
such your birth date and address they can steal your identity and
take out credit cards and pile up other debt in your name.

57
Even the last four digits of your social security number should only
be used when necessary. The last four are often used by banks
and other institutions to reset your password for access your
account. Plus, if someone has the last four digits and your birth
place, it’s a lot easier to guess the entire number. That’s because
the first three are determined by where you, or your parents, applied
for your SSN. And the second set of two are the group number,
which is assigned to all numbers given out at a certain time in your
geographic area. So a determined identity thief with some
computing power could hack it given time.
2. Lock down your hardware: Set up your PC to require a password
when it wakes
from sleep or
boots up. Sure,
you may trust the
people who live
in your house,
but what if your
laptop is stolen or
you lose it?
Same thing with
your mobile
devices. Not only
should you use a
passcode to access them every time you use them, install an app
that will locate your phone or tablet if it’s lost or stolen, as well as
lock it or wipe it clean of any data so a stranger can’t get access to
the treasure trove of data saved on it.
And, make sure your computers and mobile devices are loaded with
anti-malware apps and software. They can prevent prevent
criminals from stealing your data. We recommend Norton Internet
Security ($49.99 on norton.com or $17.99 on Amazon) in
our computer security buying guide or stepping up to Norton 360
Multi-Device ($59.99 on norton.com or $49.99 on Amazon) if you
have mobile devices. And, you’ll want to double up your protection
on Android devices by installing, since we found anti-malware apps
are dismal at detecting spyware.

58
3. Use a password vault that generates and remembers strong
and unique passwords: Most people know better than to use the
same password for more than one website or application. In reality,
it can be impossible to remember a different one for the dozens of
online services you use. The problem with using the same
password in more than one place is if someone gets their hands on
your password—say, through a phishing attack—they can access
all your accounts and cause all sorts of trouble. To eliminate this
dilemma, use a password manager that will not only remember all
your passwords, but will generate super strong and unique ones
and automatically fill them into login fields with the click of a button.
LastPass is an excellent and free choice.
4. Use two-factor authentication: You can lock
down your Facebook, Google, Dropbox, Apple
ID, Microsoft, Twitter and other accounts with
two-factor authentication. That means that when
you log in, you’ll also need to enter a special
code that the site texts to your phone. Some
services require it each time you log in, other just
when you’re using a new device or web browser.
The Electronic Frontier Foundation has a great
overview of what’s available.
Two-factor authentication works beautifully for
keeping others from accessing your accounts,
although some people feel it’s too time

59
consuming. But if you’re serious about privacy, you’ll put up with the
friction.
5. Lie when setting up password security questions: “What is your
mother’s maiden name?” or “In what city were you born?” are
common questions websites often ask you to answer so as to
supposedly keep your account safe from intruders. In
reality, there’s nothing secure about such generic queries. That’s
because someone who wants access to your account could easily
do some Internet research to dig up the answers.
Not sure you can remember your lies? You can create “accounts” in
your password manager just for this purpose. Do you know any
other good privacy tips? Let us know in the comments below!

60
Chapter-5
Email and Chatting tips
Use encrypted emails like Proton mail
ProtonMail is an encrypted email service that takes a radically different
approach to email security. Find out how ProtonMail security compares to
Gmail security.
ProtonMail became the world’s first email service to protect data with end-
to-end encryption, and today is the world’s most popular secure email
service with millions of users worldwide. ProtonMail’s technology is often
misunderstood by tech writers (and sometimes incorrectly represented in
the press), so this article aims to provide a clear description of how
ProtonMail’s technology is different from Gmail, and what makes
ProtonMail more secure.
Make a separate account for subscriptions
Recommendation: When creating multiple New Relic accounts, use the
same license key for applications on the same host. This enables those
applications to be linked together in New Relic.
To create additional accounts with the same email address:
1. Use the same email address and password to sign up for one or more
accounts.

61
2. Create a separate account for each
subscription level you want to use.
3. Configure your mission-critical hosts to
use the master account's license key.
4. Use license keys from your inexpensive
or free accounts for your remaining
hosts.
Use encrypted P2P chatting app like “Signal”
Open Whisper Systems' Signal is
probably the best-known
messaging app for mobile users
concerned about their privacy. It is
a free app that provides messaging
and voice-call services - and
everything is completely end-to-end
encrypted. You can send text
messages to individuals and
groups, place calls, share media
and other attachments to your
phone contacts, and more.
Read all the permission that third party application want to access
in your E-mail account.
Many third-party productivity apps
that might be installed by business
users in your organization request
permission to access user
information and data and sign in on
behalf of the user in other cloud
apps, such as Office 365, G Suite
and Salesforce. When users install
these apps, they often click accept

62
without closely reviewing the details in the prompt, including granting
permissions to the app. This problem is compounded by the fact that IT
may not have enough insight to weigh the security risk of an application
against the productivity benefit that it provides. Because accepting third-
party app permissions is a potential security risk to your organization,
monitoring the app permissions your users grant gives you the necessary
visibility and control to protect your users and your applications.
Remove access of third party application from your accounts.
When you use an application or web
service that requires access to an
account — for example, anything in
your Google account, files in your
Dropbox account, tweets on Twitter,
and so on — that application
generally doesn’t ask for the
service’s password. Instead, the
application requests access using
something called OAuth. If you agree
to the prompt, that app gets access
to your account. The account’s
website provides the service with a token it can use to access your
account. This is more secure than just giving the third-party
application your password because you get to keep your password. It’s
also possible to restrict access to specific data — for example, you might
authorize a service to access your Gmail account but not you’re files in
Google Drive or other data in your Google account.

63
Delete unused account - search for "confirm your email"
After the recent Heartbleed bug scare, some of you may want to go and
delete those dormant accounts you never use any more. For a quick way
to find such sites you
signed up on, go to your
inbox and search for the
term: "Confirm your email.
"When something like
the Heartbleed security
bug hits millions of people,
our standard advice is to
change your passwords
across all the affected
services. With Heartbleed,
the list was so large that it
was advisable to go back to every account you have signed up at. And if
many of them are unused, it kind of makes sense to just delete them in
case some other security flaw in the future compromises you. If you are
lucky, you use Lastpass to manage all your accounts and you can just
delete everything from that list. But if that's not the case, chances are, you
have used one or two email accounts to sign up at all these web sites over
the years. Searching for "confirm your email" (first with the quotes, then
without) in your inbox gives you a list of most of these websites, after
which it's a matter of going there and deleting your account. The trick is
similar to, and inspired by, searching for "unsubscribe" to purge
newsletters in your email.

64
Be conscious of what information you reveal
Historically, most research on the nature of consciousness. the most
puzzling phenomenon in nature has focused on visual perception. This
perception-based research has led to great insights regarding the nature
of conscious processing. One of these insights is that conscious
processing involves a kind of integration across neural systems and
information-processing structures that is not achievable by unconscious
processes. This is known as the integration consensus. When
process X occurs consciously, it activates a wide network of regions that
is not activated when that same process occurs unconsciously.
2FA
An extra layer of security that is known as "multi factor
authentication"
In today's world of increasing digital crime and
internet fraud many people will be highly
familiar with the importance of online security,
logins, usernames and passwords but if you
ask them the question "What is Two Factor
Authentication?" the likelihood is they will not
know what it is or how it works, even though
they may use it every single day.
With standard security procedures (especially online) only requiring a
simple username and password it has become increasingly easy for
criminals (either in organised gangs or working alone) to gain access to a
user's private data such as personal and financial details and then use
that information to commit fraudulent acts, generally of a financial nature.
Mailvelope
Mailvelope is a free and open source browser extension that allows you
to send and receive encrypted email text and attachments when using
webmail services. It relies on the same form of public key encryption as
GnuPG and PGP. Mailvelope is a browser extension that allows you to
encrypt, decrypt, sign and authenticate email messages and files using

65
OpenPGP. It works with
webmail and does not
require you to download
or install additional
software. While
Mailvelope lacks many of
the features provided by
Thunderbird, Enigmail
and GnuPG, it is probably
the easiest way for
webmail users to begin taking advantage of end-to-end encryption.
Guerrilla Mail
Guerrilla Mail gives you a
disposable email address.
There is no need to register,
simply visit Guerrilla Mail
and a random address will
be given. You can also
choose your own address.
You can give your email
address to whoever you do
not trust. You can view the
email on Guerrilla Mail, click
on any confirmation link,
and then delete it. Any
future spam sent to the disposable email will be zapped by Guerrilla Mail,
never reaching your mail box, keeping your mail box safe and clean.
Zoho mail: Zoho Mail is an amazing email platform
that offers a mixture of ad-free, clean, minimalist
interface and powerful features that are geared for
business and professional use.
Experience a fast, clean, Webmail that has powerful
features matching or even superior to those you will
find in desktop email clients. Immediately control of
your inbox and get the freedom you need from tedious software upgrades.
Zoho Mail suite has Zoho Docs. This means your team can create,
collaborate, and edit text, presentation as well as spreadsheet documents

66
with the help of the most sophisticated online editors. You will experience
faster work and better productivity with your online office.
iCloud mail
If you have an Apple ID, then you have an
iCloud email account. This free account gives
you up to 5GB storage for your emails, minus
what you use for documents and other data you
store in the cloud. It’s easy to work with your
iCloud email from Apple’s Mail, on the Mac, or
on an iOS device. Still, you may not know about
the many extra options and features available if
you log into iCloud on the Web.
Before you can take advantage of any of the
following tips, you need to turn on iCloud. If you already have an Apple
ID, which you use on the iTunes store, you may never have set up iCloud.
Sigiant
SIGAINT was a Tor hidden service offering secure email services.
According to its FAQ page, its web interface
used SquirrelMail which does not rely on JavaScript.
Passwords couldn't be recovered. Users received two
addresses per inbox: one at sigaint.org for
receiving clearnet emails and the other at
its .onion address only for receiving emails sent from
other Tor-enabled email services. Free accounts had 50
MB of storage space and expired after one year of
inactivity. Upgraded accounts had access
to POP3, IMAP, SMTP, larger size limits, full disk
encryption, and never expired.
The service was recommended by various security
specialists as a highly secure email service.

67
Mail2Tor
Mail2Tor is a Tor Hidden Service that allows anyone to send and receive
emails anonymously.
It is produced independently from The Tor Project.
For more information, or to signup for your free @mail2tor.com account
(webmail, smtp, pop3 and imap access)
Please visit our tor hidden service at http://mail2tor2zyjdctd.onion
You will need to have Tor software installed on your computer to securely
access Mail2Tor hidden service
Mail2Tor consists of several servers, a Tor hidden service, and an
incoming and outgoing internet facing mail servers. These internet facing
mail servers are relays. They relay mails in and out of the Tor network.
The relays are anonymous and not tracable to us.
The only thing stored on the hard drive of those servers is the mail server,
and the Tor software.
No emails or logs or anything important are stored on those servers, thus
it doesn't matter if they are seized or shut down.
We are prepared to quickly replace any relay that is taken offline for any
reason.
The Mail2Tor hidden service and SMTP/IMAP/POP3 are on a hidden
server completely separate from the relays.
The relays do not know (and do not need to know) the IP of the hidden
service.
Because the communications between the relays and the "dark server"
occur through the tor network, without using traditional internet protocols
(ip).

68
This hidden server is not one of the Tor network nodes/public servers,
whose IPs are known.
It is a private server that does not route traffic for tor users, but it is devoted
exclusively to exchange data with Mail2Tor relays.
The entire contents of the relays are immediately deleted and it is not
possible to "sniff" data because transmitted in encrypted way.
SAFe-mail
SAFe-mail is a highly secure communication,
storage, sharing and distribution system for the
Internet. It provides email, instant messaging,
data distribution, data storage and file sharing
tools in a suite of applications that enable
businesses and individuals to communicate
and store data with privacy and confidence.
Every application is secured by state-of-the-art
encryption ensuring the highest level protection
and privacy to users. Within the overall system as with each application,
security is not an add-on feature but has been designed in to the
fundamental architecture of the system.
Safe-mail is provided as a hosted facility and offers the following services:
 PrivateMail - a single account that brings together the best in email
messaging for the individual user and provides a very secure online
storage place for important documents and data. Register for a free
account and you get 3MB of disk space to test drive the system.
Then upgrade to a larger account through the StoragePlus program
published under Premium Services.
 BusinessMail - the perfect secure communication system for your
organization. Create and manage multiple email addresses under
your own domain and bring your staff and customers together in one
secure private community.

69
Spam Gourmet
SpamGourmet (free) has some interesting
innovations, but it also has limitations on
how many messages each address will be
able to accept. There are two modes, No-
brainer and Advanced. In the former, you
get a user name and then you can give out
self-destructing addresses in the form
whatever.n.username@spamgourmet.com, where whatever is
some word you choose and is the number of messages (up to 20)
that you can receive at that address until it self-destructs—after
which messages will return errors.
For example, crazylegs.4.larryseltzer@spamgourmet.com will be
able to receive four messages, and then senders will get error
messages. The problem is, anyone can send you a message using
a disposable account that you did not create: for example,
IAMSPAM.20.larryseltzer@spamgourmet.com.
Enigmail
Enigmail is a seamlessly
integrated security add-on
for Mozilla Thunderbird. It allows
you to use OpenPGP to encrypt
and digitally sign your emails and
to decrypt and verify messages
you receive.
Enigmail is free software. It can
be freely used, modified and
distributed under the terms of the Mozilla Public License. Sending
unencrypted emails is like sending post cards – anyone and any system
that process your mails can read its content. If you encrypt your emails,
you put your message into an envelope that only the recipient of the email
can open.

70
Thunderbird
Thunderbird is an email, newsgroup, news
feed, and chat (XMPP, IRC, Twitter) client. The
vanilla version was not originally a personal
information manager (PIM), although the
Mozilla Lightning extension, which is now
installed by default, adds PIM functionality.
Additional features, if needed, are often
available via other extensions.
Thunderbird can manage multiple email,
newsgroup, and news feed accounts and
supports multiple identities within accounts.
Features such as quick search, saved search folders ("virtual folders"),
advanced message filtering, message grouping, and labels help manage
and find messages. On Linux-based systems, system mail (movemail)
accounts are supported. Thunderbird provides basic support for system-
specific new email notifications and can be extended with advanced
notification support using an add-on.
Thunderbird incorporates a Bayesian spam filter, a whitelist based on the
included address book, and can also understand classifications by server-
based filters such as SpamAssassin.
maskme addon
Now you never have to give out
your personal information online
again. MaskMe creates
disposable email addresses,
phone numbers, and credit cards,
so you can enjoy all the web has
to offer without surrendering your
personal data in exchange.
The Details:
- Every time you sign up for a
site or shop the web, MaskMe will be by your side.
-Choose to Mask your email address, phone number, or credit card, using
unique, disposable info that MaskMe creates and autofills on the spot. It
works instantly, every time, everywhere.

71
- Ensures you never miss important communication, but also puts you in
control so you can stop spammers, telemarketers, and hackers in one
click.
- Convenient, fast, & easy-to-use.
ghostery addon to block ads
Ghostery is the first browser
extension that makes your
web browsing experience
faster, cleaner and safer by
detecting and blocking
thousands of third-party data-
tracking technologies –
putting control of their own
data back into consumers’
hands. Launched in 2009,
Ghostery has more than
seven million monthly active
users who access the tool via
the free apps or browser extensions. With its intuitive user interface,
Ghostery enables average internet users to protect their privacy by
default, while expert users benefit from a broad set of features and
settings. The Ghostery apps and browser extensions are developed and
operated by Ghostery, Inc. The company is headquartered in New York
and is a fully-owned subsidiary of Cliqz GmbH. Cliqz is a German search,
browser and data protection technology company backed by Mozilla and
Hubert Burda Media. Neither Cliqz nor Ghostery share any data
aboutindividual users with third parties.

72
Telegram
Telegram is a non-profit cloud-based instant
messaging service. Telegram client apps exist
for Android, iOS, Windows Phone, Windows
NT, MacOS and Linux. Users can send
messages and exchange photos, videos,
stickers, audio and files of any type.
Telegram was founded by
the Russian entrepreneur Pavel Durov. Its client-side code is open-
source software but the source code for recent versions is not always
immediately published, whereas its server-side code is closed-source and
proprietary. The service also provides APIs to independent developers. In
February 2016, Telegram stated that it had 100 million monthly active
users, sending 15 billion messages per day. According to its CEO, as of
April 2017, Telegram has more than 50% annual growth rate.
Telegram's security model has received notable criticism by cryptography
experts. They have argued that it is undermined by its use of a custom-
designed encryption protocol that has not been proven reliable and
secure, by storing all messages on their servers by default and by not
enabling end-to-end encryption for messages by default. Pavel Durov has
argued that this is because it helps to avoid third-party unsecure backups
and to allow users to access messages and files from any
device.Messages in Telegram are server-client encrypted by default, and
the service provides end-to-end encryption for voice calls and optional
end-to-end encrypted "secret" chats.
Wickr
Initially unveiled on iOS and later on Android, the Wickr app allows users
to set an expiration time for their encrypted communications. In December
2014, Wickr released a desktop version of its secure communications
platform.

73
The release of the desktop Wickr app coincided with introducing the ability
to sync messages across multiple devices, including mobile phones,
tablets, and computers.
All communications on Wickr are encrypted locally on each device with a
new key generated for each new message, meaning that no one except
Wickr users have the keys to decipher their content. In addition to
encrypting user data and conversations, Wickr strips metadata from all
content transmitted through the network.
Since its launch, Wickr has gone through regular security audits by
prominent information security organizations, which verified Wickr's code,
security and policies. Wickr has also launched a "bug bounty program"
that offers a reward to hackers who can find a vulnerability in the app
ChatSecure
ChatSecure is a messaging application
for iOS which
allows OTR and OMEMO encryption
for the XMPP protocol.
ChatSecure is free and open source
software available under the GNU
General Public License.
ChatSecure also features built-in support for anonymous communication
on the Tor network.
ChatSecure has been used by international individuals and
governments, businesses, and those spreading jihadi propaganda.
Surespot
Surespot is an open source instant
messaging application for Android and iOS.
Surespot is one of the modern messaging apps
that has a focus on privacy and security. For
secure communication it uses end-to-end encryption by default.

74
Threema
Threema is
a proprietary encrypted instant
messaging application
for iOS, Android and Windows Phone.
In addition to text messaging, users can
send multimedia, locations, voice
messages and files.
The name Threema is based on
the acronym EEEMA which stands
for end-to-end encrypting Messaging Application.
Threema is developed by the Swiss company Threema GmbH.
The servers are located in Switzerland and the development is based in
the Zürich metropolitan area. As of June 2015, Threema had 3.5 million
users, most of them from German-speaking countries.

75
Chapter-6
Social Media Tips
People lives have gotten easier thanks to the internet. With that being
said, it is important people know how to protect themselves and their
personal information to avoid becoming a victim of fraud. Online criminals
and fraudsters can use your information to create bogus accounts to
obtain anything they want. They can also use your information for phishing
or soliciting.
Attempting to get private or financial information from people online is
known as phishing. The act begins with an email that looks like it is from
a trusted source you know. It may claim to come from a bank. The email
will encourage you to click a link claiming to take you to the website to
enter personal account information including your password. If you fall for
the trick, they get your personal information and access to your account.

76
Here’s what you need to protect yourself:
Check privacy settings
When using social media sites,
review privacy settings. The settings
for your profile may at the defaults,
and you can change them to make
your account information more
secure. You should also review this information in case there is something
you should keep private.
Limit bio information
Social media websites will ask for personal information when creating an
account. Use tools offered to limit what others can view when they land
on your page. The privacy settings may help customize the content that
is viewable.
Avoid sharing account details
Sensitive details such as your bank account number, social security
number, or other related information should be private. Use sponsored
communication options such as email, telephone, mailed letter, or direct
communication via the website if you need to share such information to
reduce the risk of personal details getting into the wrong hands.

77
Choose friends and add contacts wisely
The reason why you signed up for a social media account is likely why
you have friends and contacts on your list. Be cautious of requests from
people you don’t know. You don’t have to accept every friend request.
Learn features of the website
When signing up for an account, get to know the features. Do this before
sharing information to understand how the site functions. You can choose
who can view your posts and understand how such content is shared with
others.
What is shared online stays online
Think before you share. Because of the unique way the internet is
designed, once you post something, it stays online forever. People have
ways of getting information and saving to another source. So, if you don’t
want to set yourself up for embarrassment, think twice before posting
messages or photos.
Have a good reputation when approaching job recruiters
Research has shown roughly 70 percent of job recruiters have turned
down applicants because of something posted to their social media page.
When you’re online, conduct yourself in a manner you want people to
respect you for. Keep your online presence positive and be thoughtful with
what you share.
Use tools to manage friends and contacts

78
Have a personal profile page to keep in contact with people you know
personally. Use a fan page to appeal on a public level without risking too
much of your personal information. Use tools to separate contacts into
groups.
You can have a list of family members, friends, co-workers, etc. Managing
contacts helps you get a better idea of who is following you online. This
helps determine what you can share, with whom, and when to keep things
to yourself.
Let others know if you are not comfortable
Be respectful of opinions and things shared online between you and
friends. Yet, mention when something makes you uncomfortable or when
you think something is inappropriate. This helps set boundaries for what
content appears on your page. Plus, you learn what people can and
cannot tolerate while respecting one another.
Know when to take immediate action
If someone harasses you online or makes inappropriate threats, contact
the administrator of the website. You can report the person and take
additional action of blocking them or removing them from your list.
Keep antivirus software up-to-date
Keeping your antivirus system updated ensures your web browsing is
protected from potential threats that may get picked up via social
networking, such as clicking links or opening messages.

79
Be in control of your online presence
Know what information you share and who it is being shared with. Check
privacy and security settings to stay on top of information shared. Make
changes as needed.
Use a strong password or create a sentence
Use a strong password to log in your account to reduce hacking risk. The
password should be at least 12 characters long with a mix of lower and
upper case letters, symbols, and numbers. Consider using a short
sentence you can remember and add a number and symbol to make it
more secure something like: “I love dollar bills.” The password can have
spaces too.
Use different passwords for each account
Try keeping passwords for email and social media separate to throw off
cyber criminals. For your most used or most important accounts make
sure your passwords are strong.
Through away or delete messages when in doubt
When you get a message that seems suspicious, delete it. Don’t open it
or forward its contents if you don’t trust it. People often get so many ads
for different stores and businesses, it can be easier to delete it and be
safe.
Keep tweets protected
You can choose to use a protected Twitter account if you want more
control of what people can view and access. Followers who are approved

80
to follow you have access to details you post. Search engines won’t index
your tweets and cannot view them in a Google search.
Consider turning off Broadcast Activity on LinkedIn
Use the Broadcast Activity feature to limit what information is seen by your
followers. LinkedIn has a unique way of letting others know your updates.
This means people and organizations you follow will get updates you post.
Limit LinkedIn updates to your followers
You can post updates and changes to your status like on Facebook.
People can choose to subscribe to your updates. But, you can use privacy
settings to select who can receive updates you post. The public doesn’t
have to get your updates but a few select connects can.
Use privacy settings to keep Facebook page from being indexed
Use Facebook privacy settings and look for the option “Let other search
engines link to your timeline.” When turned on, people who search your
name through a search engine can see your Facebook profile. Potential
employers may do this. If you don’t want your profile searchable in this
manner, turn this feature off.
Restrict friend requests
Not all friend requests are true friend requests.
Some are cyber criminals with nothing else better to
do than to spam or phish people. They do this
randomly with accounts all the time. Restrict who can send you a friend

81
request by choosing options under privacy settings and selecting “Who
can contact me?”
Avoid mentioning other accounts
There are a few social media websites allowing users to connect their
social media accounts together at once. If you are working to establish a
professional and personal identity, you may want to keep them separate.
Linking the accounts increases security risks and you may end up sharing
something you don’t want to appear on another site. An example connect
is Twitter with LinkedIn.
Use settings to cut reviews for Facebook tags
Use Facebook settings titled “Timeline and Tagging” section to set limits
on what can be shared using your name. This is handy if friends have
pictures that include you, but you may not want them shared with others.
When the picture is uploaded and tagged with your name, you learn about
it first. You can require an approval before it gets published.
Make Facebook groups restricted
Create groups on Facebook to control who sees what. You can block
someone you want to keep as a friend from viewing certain posts. To do
this, add the friend to the “Restricted” list when clicking on the Facebook
sidebar. The posts would be marked “public,” but they are only seen by
friends added to this list. Isn’t it great to have more control over who sees
your social media posts? Your online security is greatly increased thanks
to a few easy steps taken to control your identity when online.

82
Chapter-7
Banking Tips
With so many people going
online to manage their money,
however, threats have arisen.
Hackers, malware and
fraudsters abound, ready and
eager to steal online-banking
passwords and the money they
protect.
But you don't have to resign yourself to a world of unsafe banking. Here
are some online-banking security tips you can practice before signing in
to your account. Each will help ensure a safe online-banking experience.
Here are some useful tips for Banking:
Use a script blocker on your browser:-
1. There is a small but vocal subset of users that disable Script.
We should do this because of a perceived security benefit.
There have been a few known vulnerabilities that can be
exploited with scripting like XSS.
2. Disabling it will also prevents malicious ads from infecting our
system
3. Lastly, disabling JavaScript will take up less CPU and RAM on
your computer, which is to be expected. If you run something
super basic, it’ll take up fewer resources. But if your computer
is so old that it can’t handle modern websites, it may be time
to upgrade it—as the web improves, it needs more resources
to do what it does, just like any other program on your
computer.
You can use NoScript Security Suite for Mozilla.
Script Block for Chrome.

83
Use a virtual keyboard with key randomizer:-
Online Virtual Keyboard is the best Security implementation to make
Sensitive data safe from “spyware” and “Trojan program”. While entering
sensitive data (Username and Password) for Internet Banking, Security
features recommend me to use Virtual Keyboard to protect my password.
Virtual Keyboard is an online application to enter password with the help
of a mouse which helps us to remain safe against key logger.
Example of online Virtual keyboard:-
Benefits of online Virtual Keyboard
 Online Virtual Keyboard is designed to protect your password from
malicious “Spyware” and “Trojan Programs”.
 Use of online virtual keyboard will reduce the risk of password theft
using Key loggers and Keyboard action Monitoring.
 It will auto encrypt your Password entered through Online Virtual
Keyboard.
 Easy to Implement as Login Security.
To use Online virtual Keyboard is the Best practice in websites where is
to Protect sensitive data from hackers, crackers and malicious programs.
Most of banks who offer online banking facility, offers Virtual keyboard to
type in your password to login. Also for bloggers and freelancers who are
using PayPal as their primary account to send and receive funds, should

84
start using onscreen keyboard feature of your windows system to type
passwords.
Onscreen Keyboard
You can type “OSK” command in Run windows and it will pop up on
screen keyboard which works as a full fledge keyboard:
Never save sessions of banking sites on your browser:-
1. It is good practice to always log out of your online banking
session when you have finished your business. This will
decrease the chances of falling to session hijacking and cross-
site scripting exploits.
2. You may also want to set up the extra precaution of private
browsing on your computer or smart phone, and set your
browser to clear its cache at the end of each session.
3. Always remember to clear cookies and cache data from
browser before closing the browser.
4. Clear your browsing data and history.
Never tick on “remember me” on banking websites:-
Don’t stay logged in to your favourite online services all the time. We know
how convenient it is to login to Facebook in the morning, or at the
beginning of the week, and to tick the “Keep me logged in” box.
you login once and then you don’t have to keep logging back in all the
time. It’s even more easy to stay logged in via mobile apps, because
typing a suitably long and secure password is harder.
Indeed, many mobile apps quietly and automatically remember your
password even between reboots so the app can log you back in
automatically every time you restart it .The thing is, all this logged-in-
forever convenience comes at the cost of reduced security.

85
Never log in banking portals on public PCs like a cyber cafe or a
public Wi-Fi:-
If you want to be safe then don’t login to your banking or any other sites
while using public Wi-Fi or in an open network because an attacker may
use man in the middle attack (MITM) to get your session Id or username
and password. As there are many apps which can hijack and sniff on
network and also capture packets transferring through your connection.
Choose an account with two factor authentication:-
Two-Factor authentication provides an additional security layer and
makes it harder for an attacker to gain access to a person account
because knowing victim password is not enough for taking over full
account.
Here are some types of 2F authentication:
Something the user knows, such as a password, PIN or shared secret.
Something the user has, such as an ID card, security token or a
smartphone.
Biometrics something the user is. These may be personal attributes
mapped from physical characteristics, such as fingerprints, face and
voice.

86
Systems with more demanding requirements for security may use location
and time as fourth and fifth factors. For example, users may be required
to authenticate from specific locations, or during specific time windows.
Like google smart lock.
Create a strong password:-
A strong password has 12 characters of length which also includes
number, characters, symbols, Capital letters, and a Lower case letters and
it shouldn’t be your first name or your DOB.
Some examples of strong passwords are:- 1Ki77y,.Susan53,&m3llycat
Secure your computer and keep it up-to-date:-
Always remember to keep a password on your computer and also update
it regularly so that any new vulnerabilities found can be patched with that
update. Tips for securing your computer:
1. Use an anti-virus.
2. Remember to update virus protection.

87
3. Keep a password on your computer.
4. Lock your private files and folders.
5. Update your computer regularly.
 Avoid clicking through emails
Avoid clicking to unsuspicious emails
Phishing
Phishing is the term for sending emails (considered the bait) with a link to
a fake website. Once on the site, the user is tricked into giving sensitive
information. For example, the link takes you to a fake site that looks like
your bank, and you try to log in with your username and password. The
bad guy has now captured your login info. And if he’s clever then it would
redirect you to the real site afterward. You’d probably be none the wiser.
Malware or “virus” downloads
The link may take you to a website that infects your computer with
malware like ransomware or a keylogger (a “virus” that captures
everything you type into your computer like passwords and credit card
numbers). Or it might even download the virus directly without going to a
web page. Malicious web pages are the most common way that I see
computers get infected in my day job.
Why It’s Hard To Tell the Real from the Fake
Most of the emails you get will be fine. The trouble is, do you know which
is which? Some bogus emails are obviously fake to most people, full of
misspellings and shady suggestions. But some of them look very
professional. Take these for instance. They’re both fake. Would you be
able to tell the difference?

89
Phishing Example 2
These would fool most people. But besides looking legitimate, there are
other ways to fool us.

90
Hacked email account
If a spammer hacks an email account, he can send out an email blast to
all the contacts stored in the account. This is dangerous because you may
get a phishing email that’s actually sent from the real account of someone
you know. Unless the email seems out of the ordinary, you’ll have no way
of knowing.
Email address spoofing
Spoofing is essentially “faking”. It’s possible to spoof the sender’s address
so it looks like it’s coming from someone you know, when in reality it’s
coming from the bad guy’s email account. It can be very hard or
impossible to tell if an email address is spoofed. It requires digging
through the email header which is, itself, prone to tampering.
Forwarding a phishing email
Sometimes people are just naive and forward an email to you that has a
malicious link in it. They might not realize it’s there, and have possibly
become a victim themselves. I see it happen.
Which Email Links Can I Click?
Well, if you don’t click any of them you won’t have a problem. But that’s
not realistic. Very few people will ever take that advice. The good news is
you don’t have to. I suggest treating links like attachments. Only click it if
you’re expecting it.
Examples of when to click
You just ordered something from Amazon. Feel free to click the
shipment tracking link in the email they send you. Just make sure it’s
exactly what you’re expecting. If you get a tracking link that you weren’t
expecting, or for a product you don’t recognize, delete the email right
away.
You just signed up for an account on a website. If they send you a link
to confirm your email address, it’s okay to click it. But again, make sure
it’s exactly what you’re expecting and you specifically remember
requesting it.

91
Examples of when NOT to click
You get an unexpected email from your bank. Maybe it says that you
need to log in and take care of something important. Don’t click the link
they give you. If you didn’t know it was coming, there’s no guarantee it’s
a legitimate email.
Your friend sends you a link that you weren’t expecting. Don’t click it.
Remember, the sender’s address can be spoofed or their account hacked.
Yeah, I know, this is all awfully annoying, so is there anything else we can
do?
What To Do Instead of Clicking Links
In the case of your bank or other institution, just go to the website yourself
and log in. Type in the address manually in the browser or click your
bookmark. That way you can see if there’s something that needs taken
care of without the risk of ending up on a phishing site.
In the case of your friend’s email, chances are that they copied/pasted the
link into the message. That means you can see the full address. You can
just copy/paste the address into the browser yourself without clicking
anything. Of course, before doing that make sure you recognize the
website and that it’s not misspelled. Make sure it looks like this:
http://www.youtube.com/adgasLKUkjFJos&odgs
and not like this:
http://www.yuutube.com/adgasLKUkjFJos&odgs
Other Things To Consider
It’s up to you how far you want to take this. For instance, I’ve made a rule
never to click links in emails notifying me that my paycheck has been
deposited. Yes that really happens, and I get one every week, but
automated recurring emails can be dangerous. They’re commonly faked
because the bad guys know we’re expecting them.

92
The bottom line is that unless you explicitly know and trust it, avoid it.
That’s all there is to it. Make this a habit and you can avoid one of the
biggest mistakes in internet safety.
Monitor your accounts regularly:-
Learn How Banks Track
Suspicious Activity
We trust our banks to keep a
watchful eye out for suspicious
activity. That involves trust. It’s
either that or we can choose to
tuck all our money away in a
sock beneath our bed—
hopefully safely. But taking that
route, for the vast majority of Americans, isn’t an option.
Banks do tend protect the nation’s assets with vigilance, and they put a
great deal of effort into preventing and catching suspicious banking
behaviour that can indicate identity theft on a person’s account.
The following behaviours are signs that could raise the red flag for banks:
 Suspicious, frequent transactions. Banks keep a close eye out for
transactions that are made in frequent, short periods of time, especially if
there are large deposits and withdrawals made in cash or by check. Banks
can rationalize the transactions by customers’ occupations and patterns
of conducting business.
 Numerous transactions that are made in different branches on the same
day—for the same account. If these transactions are below an established
bank threshold, it could mean the transactions were made to go
undetected.
 Activities that deviate from a person’s normal banking habits. Your bank
likely has a policy in place to contact you if they detect any suspicious
activity on your account. They may even choose to freeze or cancel your
debit or credit card as a result. If you become a victim of identity theft or

93
fraud, there are steps that you can take to “right” the wrong and get back
on the path of recovery.
It’s not the bank’s responsibility to monitor each transaction to determine
if it’s an instance of identity theft. You are the only one who can truly track
each purchase and deposit to confirm it’s authorized – and if it’s not, it
could be a sign of identity theft.
As a consumer, it’s up to you to regularly check your bank statements
& monitor your credit card reports for signs of identity theft. Furthermore,
early detection of suspicious activity may help you to recover more quickly
if there’s an indication of fraud on your credit report.
Change your internet banking password at periodical intervals:-
The Theory of Regular Password Changes
Regular password changes are theoretically a good idea because they
ensure someone can’t acquire your password and use it to snoop on you
over an extended period of time.
For example, if someone acquired your email password, they could log
into your email account regularly and monitor your communications. If
someone acquired your online banking password, they could snoop on
your transactions or come back in several months and attempt to transfer
money to their own accounts. If someone acquired your Facebook
password, they could log in as you and monitor your private
communications.
Theoretically, changing your passwords regularly — perhaps every few
months — will help prevent this from happening. Even if someone did
acquire your password, they’d only have a few months to use their access
for nefarious purposes.
Save and check all receipts against your statement:-
Every time you make a transaction at the bank or ATM, you’ll receive a
receipt. Be sure to save your receipts and write the information in your
transaction register. That’s a small notepad you’ll receive when you open
your account. Add your deposits, subtract your withdrawals, and keep

94
track of your current balance — the exact amount you have in your
account right now.
Keeping track will help you avoid spending more than you have in your
account. That’s called an overdraft — and the fees and penalties can be
expensive!
At the end of the month, the bank will send you a statement. It lists your
balance at the beginning and end of the statement month, and all of the
transactions that the bank has processed during the statement month.
Every month, review your statement along with your register and your
receipts to make sure that your records and the bank’s records agree.
And if your bank offers online banking, you won’t have to wait for your
statement to review your account activity. Online banking gives you
access to review your accounts any time.
The keys to account management:
Save your transaction receipts.
Record every transaction in your register
Avoid spending more than you have.
Review your statement every month.
Make sure your records and the bank’s records agree.

95
Guard your PIN from fraudster “Shoulder Surfing”
Shoulder Surfing
Shoulder surfing is defined as the practice of spying on the user of a cash-
dispensing machine or other electronic device in order to obtain their
personal identification number or password.
Direct observation techniques’ can be used which involves looking over
someone’s shoulder to obtain this type of information.
Shoulder surfing can be more achievable in crowded places as it is easier
to observe someone who is filling in a form’ or entering a PIN or passcode
into their mobile phone.
This technique can also be used at distance as binoculars can be used or
closed circuit cameras can be concealed in buildings in order to gain
access by observation of data entry.
The most common form of identity theft is by using the victim’s existing
credit, bank or other account information.
It can also include opening new accounts in the victim’s name.
It is not usually until the payer defaults that the victim becomes aware of
the fraud as they are then contacted by the collections department /
agency.

96
According to the Federal Trade Commission (FTC), there are about three
fourths of identity theft victims that report the thief only misused their
existing accounts.
One-fourth of the victims report that the thief opened up new accounts or
committed other types of fraud with their own personal information’.
The FTC states that credit card accounts’ are the most commonly misused
existing account.
However, the use of wireless technology has means that telephone
accounts can also be accessed and misused.
A survey of IT professionals in a white paper[4] for Secure found that:
• 85% of those surveyed admitted to seeing sensitive information on
screen that they were not authorized to see
• 82% admitted that it was possible information on their screens could
have been viewed by unauthorized personnel
• 82% had little or no confidence that users in their organisation would
protect their screen from being viewed by unauthorized people.
In order to prevent information from being obtained by shoulder surfing,
there can be some changes made to the screen so that it is darker.
Simply, people can cover the keyboard with their other hand (by shielding
it) when entering the data so that it cannot be readily available.
Try and avoid using ATMs on the Main Street and take money out from
the ATMs situated inside the bank instead.
If you notice anything suspicious do not use the machine and inform the
bank.
Consider how visible you may be on the main street to others.
This can include use of your mobile phone or tablet. Be aware of what is
going on around you.

97
Chapter-8
Online Scams
Someone sent you a link. It looks
okay… but is it really? Whether
that person was a friend or a
stranger, if it’s a link you weren’t
expecting, you shouldn’t really
click it.
Email, SMS, Facebook, Twitter or
some other social network or
collaboration tool… whatever you’re using, there’s an opportunity for
scammers and spammers to send you links. Most of the time they’re
probably safe. But when they’re not, disaster can strike.
One of the quickest-growing security issues these days is ransomware,
which is often spread by people unwittingly clicking dangerous links.
Malware and phishing sites are also major risks.
While you should be vigilant about all of your online activities, it doesn’t
hurt to have a little help.
Always check URLs of the sites you visit:-
What a Link Checker Should Do
There are two types of URL.
A standard-length URL, starting www, followed by the website name,
and ending with .com or some other top-level domain.
A shortened URL, such as goo.gl/V4jVrx.
It doesn’t matter whether the link you received is a standard-length URL
or shortened. If it is dangerous in any way, the link checking tool should
alert you to this. If the links are going to take you to a compromised
website, the link checker highlight this immediately. Similarly, direct links
to malware, ransomware and other risks should be reported by these
tools.
Several sites are available to help you uncover the truth about those
dodgy links. The following five sites are all favourites, but we’d advise
checking more than one at any given time, to help you get the best results
from your inquiries.

98
Five Great Link Checkers: Which Do You Use?
AVG ThreatLabs

101
Google Transparency Report.
Never believe any offers which say “you have won 1000$, click to
claim”. No one is giving you free money, so do not click on such
links:-
it’s just a way to trick you and get some personal information like credit
card details or install some suspicious software’s on your computer which
compromises your security.

102
See the link it is a scam to trick you and get your credit card details or
something more valuable than it so be safe from it and don’t click on any
link which came from an untrusted source.

103
Never click on unknown ads or pics:-
The “Ads not by this site” adware program is bundled with other free
software that you download off of the Internet. Unfortunately, some free
downloads do not adequately disclose that other software will also be
installed and you may find that you have installed adware without your
knowledge.
Once this malicious program is installed, whenever you will browse the
Internet, an ad from Ads not by this site will randomly pop-up.
These ads are aimed to promote the installation of additional questionable
content including web browser toolbars, optimization utilities and other
products, all so the adware publisher can generate pay-per-click revenue.
When infected with the “Ads not by this site” adware, other common
symptoms include:
 Advertising banners are injected with the web pages that you are
visiting.
 Random web page text is turned into hyperlinks.
 Browser popups appear which recommend fake updates or other
software.
 Other unwanted adware programs might get installed without the
user’s knowledge.

104
How to remove Ads not by this site pop-ups (Virus Removal Guide)
To remove Ads not by this site pop-ups, follow these steps:
STEP 1: Uninstall malicious programs from Windows
STEP 2: Use AdwCleaner to remove “Ads not by this site” adware
STEP 3: Scan and clean your computer with Malwarebytes Anti-Malware
STEP 4: Double-check for malicious programs with HitmanPro
(OPTIONAL) STEP 5: Reset your browser to default settings
Check files properly with their extension before download it.
While downloading files from any attachment or from torrent or any other
software check the extension of the file properly so that you might not
download a virus or a payload which give Remote access to hacker and
can control your whole System.
Use pop-up blocker
A pop-up blocker (sometimes called a pop-up killer) is a program that
prevents pop-ups from displaying in a user's Web browser. Pop-up
blockers work in a number of ways: some close the window before it
appears, some disable the command that calls the pop-up, and some alter
the window's source HTML. One problem with pop-up blockers has been
that they cannot always differentiate between an unwanted pop-up
window and one that is user-requested. Programs that can consistently
do so are sometimes referred to as intelligent pop-up blockers.

105
Free pop-up blockers, such as STOPzilla and Panicware, are readily
available for download. Both the Google and Yahoo toolbars include the
ability to block pop-ups; that capacity is also enabled by default in
Microsoft's XP Service Pack Two (SP2) settings for Internet Explorer.
Beware of any “free trial” that requires a payment card number:-
Here are the main reasons Consumers should beware of Free-Trial or
Risk-Free Offers
Release of Your Personal Information
At the very least, in order to register for most offers, you need to give out
your email address. While this may seem harmless enough, sharing your
email can open you up to new hassles. For one, your inbox will be
bombarded with junk mail you don’t want. Second, if the company sells its
customer lists to other companies, the number of spam emails you get will

106
increase exponentially. Third, most offers will also require that you submit
your credit card number, which raises the risk of identity theft and being
enrolled in some kind of membership with recurring charges.
Remembering to Cancel
In most cases, it is your responsibility to cancel the service by the end of
the free trial. The seller has no incentive to remind you. After all,
companies make money when people forget to cancel and you might not
even notice until you see an unusual charge on your credit card bill. If
you’re not in the habit of checking the statement for your credit card or
debit card on a monthly basis, the cost to you could be even higher.
Difficult Cancellation Process
Worse yet, it is much more difficult to cancel a free-trial than to start one.
Although you sign up online, you might have to cancel over the phone or
in writing. These calls can take forever. Remember, the companies don’t
want you to cancel the offer. They have absolutely no motivation to make
the cancellation process easy or convenient. In some instances, the
company may even “confirm” that you have cancelled yet continue to
charge your credit card.
Now, here are some tips regarding free-trial and risk-free offers to avoid
the costs associated with them
Research the company online
See what other people are saying about the company’s free trials — and
its service. Complaints from other customers can tip you off to “catches”
that might come with the trial.
Find the terms and conditions for the offer.
This includes offers online, on TV, in the newspaper, or on the radio. If
you can’t find them or can’t understand exactly what you’re agreeing to,
don’t sign up.

107
Look for who’s behind the offer
Just because you’re buying something online from one company doesn’t
mean the offer or pop-up isn’t from someone else.
Watch out for pre-checked boxes
If you sign up for a free trial online, look for already-checked boxes. That
checkmark may give the company the green light to continue the offer
past the free trial or sign you up for more products — only this time you
have to pay.
Mark your calendar
Your free trial probably has a time limit. Once it passes without you telling
the company to cancel your “order,” you may be on the hook for more
products.
Look for info on how you can cancel future shipments or services.
If you don’t want them, do you have to pay? Do you have a limited time to
respond?
Read your credit and debit card statements
That way you’ll know right away if you’re being charged for something you
didn’t order. If you see charges you didn’t agree to, contact the company
directly to sort out the situation. If that doesn’t work, call your credit card
company to dispute the charge. Ask the credit card company to reverse
the charge because you didn’t actively order the additional merchandise.

108
In the end, a deal that sounds too good to be true, usually is! Be wary of
free-trial and risk-free offers and consult an attorney with experience in
consumer actions if you have been a victim of such scams.
Think before you spend your money online
Think twice for it because you may submit you details to other website
which says to trust them but are they safe? What if they got hacked?
Have you ever thought about it? Or what if they sell your data to some
other person so think before doing anything online.

109
Chapter-9
Encryption
Encryption isn’t just for cybersecurity experts — it’s for everyday Internet
users. In fact, you probably used encryption today without even realizing
it.
Encryption, along with other online privacy practices, can safeguard your
emails and medical data, and allow you to more securely shop and bank
online. Below, we’re sharing seven tips to help ensure your Internet
experiences are encrypted, more secure, and more private. Then, if you
want to learn more and help protect encryption,
visit advocacy.mozilla.org/encrypt.
1). Encryption is the encoding of data
so that only people with a special key
can unlock it. Most modern
communications systems use strong
encryption. iMessage, Signal, and
WhatsApp all provide encrypted text
messaging. Facetime, Signal, Firefox
Hello, and Google Hangouts all
provide encrypted video
conferencing. E-mail, ordinary phone calls, and SMS do not provide strong
security.

110
2) When entering personal information online, make sure the website
uses encryption. Without encryption, any personal data you send to a
website is at risk. If there’s a little lock next to the URL, then encryption is
being used.
Never use your personal login information in third party or
unencrypted web network:-
Encryption Is a Good Thing
The word “encryption” comes to us from Greek, which makes me
particularly partial to it. (I’m a recovering classicist.) The Greek
word κρυπτος (kryptos) means “hidden.” Encryption, as Wikipedia
explains, is “the process of encoding a message or information in such a
way that only authorized parties can access it.”
There’s a reason that your operating system warns you about connecting
to open Wi-Fi networks. Information you send across that network is not
encrypted, so a clever hacker with a sniffer tool can see any passwords
or other information you might send over it.
Note that there are two criteria for danger here: an unsecured network
and an unencrypted website. As a website owner, you can’t control the
security of the network that your visitors use to log in, but you can make
sure that any information they send to your website is encrypted.
You do this by installing a security certificate, popularly known as an
SSL certificate, on your web server. The actual algorithm these days is no
longer SSL (Secure Sockets Layer) but TLS (Transportation Layer
Security), but the term “SSL certificate” has stuck.

111
Send private text message with Signal:-
Privacy is possible, Signal makes it easy.
Using Signal, you can communicate instantly while avoiding SMS fees,
create groups so that you can chat in real time with all your friends at
once, and share media or attachments all with complete privacy. The
server never has access to any of your communication and never stores
any of your data.
Say Anything - Signal uses an advanced end to end encryption protocol
that provides privacy for every message every time.
Open Source - Signal is Free and Open Source, enabling anyone to
verify its security by auditing the code. Signal is the only private
messenger that uses open source peer-reviewed cryptographic
protocols to keep your messages safe.
Be Yourself - Signal uses your existing phone number and address
book. There are no separate logins, usernames, passwords, or PINs to
manage or lose.

112
Chapter-10
Privacy and Surveillance
Surveillance can be understood as a violation of privacy, and as such is
often opposed by various civil liberties groups and activists. Liberal
democracies have laws which restrict domestic government and private
use of surveillance, usually limiting it to circumstances where public safety
is at risk. In today’s digital world security of networks and data is major
concern for all. Surveillance also includes computer and network
surveillance. Computer and network surveillance is the monitoring of
computer activity and data stored on a hard drive, or data being
transferred over computer networks such as the Internet.

113
1. Put a mask on your webcam while browsing, as Intruders can
easily access your webcam to take your pictures silently, through
malicious scripts:-
You should put a mask on your
webcam because it can be
easily access by many of the
Black Hat Hackers using
malicious scripts. Malicious
scripts includes something
known as Metasploit, using
which your whole computer
can be accessed easily
without your permission. The
hacker can take your photos,
can do the live viewing of what
the victim is doing, can record
your whole scenario etc. Putting mask or cover on your webcam protects
you from this type of attacks and Black Hat Hackers.
2. Never allow media access, mic access on unknown websites, or
those sites which you think so not require these permissions:
Allowing media and mic access on unknown websites makes the
Spywares, Adwares, Viruses etc. to access the files on your device and
open backdoors for intruders. There are several reasons why you should
block certain websites
on your computer. Some
websites could contain
explicit content or even
be trying to steal your
personal data. While
you may be more
capable of avoiding
these websites, but that
doesn't stand true for
everyone who uses your
device. In such cases, it
might be best to block

114
certain websites. There are different ways to go about blocking websites.
You can choose to block websites only on specific browsers, the entire
operating system, or indeed your network router. Here's how to block
websites –
1. Open My Computer and search your "C:" drive.

115
2. Find the "etc" folder in your drivers.
3. Open the file "hosts" with Notepad.

116
4. Scroll to the empty space at the bottom of the file & Hit enter to make a
new line at the very bottom.

117
5. Add additional websites on separate lines & save the file.

118
3. Keeping your communications secure with Encryption:
Secure communication is when
two entities are communicating
and do not want a third party to
listen in. For that they need to
communicate in a way not
susceptible to eavesdropping or
interception. Secure instant
messaging, Some instant
messaging clients use end-to-end
encryption with forward secrecy to secure all instant messages to other
users of the same software. They authenticate and encrypt on the users
own computer, to prevent transmission of plain text, and mask the sender
and recipient. Data, often referred to as plaintext, is encrypted using an
encryption algorithm and an encryption key.
4. Use private web browsing: Private browsing helps you in keeping
your history confidential. Private browsing has no trace of what you
search. If you’re using Google Chrome then the command for private
browser is Ctrl+Shift+N, if you’re using Mozilla Firefox then the command
for private browsing is Ctrl+Shift+P, if you’re using Safari then 1. Open
Safari 2. Tap the pages icon (shaped as two squares) 3. Tap Private.
Private Browsing also prevents web cache. Private browsing allows a
person to browse the Web without storing local data that could be
retrieved at a later date. Privacy mode will also disable the storage of data
in cookies and Flash cookies. This privacy protection is only on the local
computing device as it is still possible to identify frequented websites by
associating the IP address at the web server. The earliest reference to
privacy mode was in May 2005 and used to discuss the privacy features
in the Safari browser bundled with Mac OS X Tiger.
The feature has since
been adopted in other browsers, and led to popularization of the term in
2008 by mainstream news outlets and computing websites when
discussing beta versions of Internet Explorer 8. However, privacy modes
operate as shields because browsers typically do not remove all data from
the cache after the session. Plugins, like Silverlight, are able to set cookies
that will not be removed after the session. Internet Explorer 8 also

119
contains a feature called InPrivate Subscriptions, an RSS web feed with
sites approved for use with In Private browsing.
5. All of the passwords, documents, and the term papers that you
have put into online storage-think Google docs, DropBox, iCloud -
become part of the great internet data lump :
Storing all of your sensitive information on cloud storage can lead to
compromise your confidentiality. The sensitive data that you upload on
cloud storage are then converted into chunks, as per security concerns
your data can be easily reached via web. Another thing is you get limited
resource for customization. If
any of this cloud storage gets
hack then you can lose your
data confidentiality. Be careful
when using drag/drop to move a
document into the cloud storage
folder. This will permanently
move your document from its
original folder to the cloud
storage location. Do a copy and
paste instead of drag/drop if you
want to retain the document’s
original location in addition to

120
moving a copy onto the cloud storage folder. There are concerns with the
safety and privacy of important data stored remotely. The possibility of
private data commingling with other organizations makes some
businesses uneasy.
6. Turn off GeoLocation, Bluetooth and WiFi when you’re not using
them, to prevent your movements from being tracked : Keeping your
GeoLocation
on when not in
use can make
your privacy
compromise
to the stalkers.
It can give
your whole
physical
information to
the stalker.
Turn-off your Bluetooth when not is use it keeps you safe from being
tracked. How you can get tracked via Bluetooth, there is something known
as Bluetooth Scanner App if you’re Bluetooth is on a stalker uses this app
to scan your Bluetooth device. You can also get tracked if your WiFi is on.
How ? Wi-Fi Location Monitor is a WiFi based real-time locating system
(RTLS) that locates and monitors active WiFi devices, such as phones,
tablets and WiFi tags inside multi-story buildings or throughout an entire
campus.

121
Chapter-11
Cyber Law And Cyber Crime Related Case Studies
What is a cybercrime?
Cyber Crime is not defined officially in IT Act or in any other
legislation. In fact, it cannot be too. Offence or crime has been dealt
with elaborately listing various acts and the punishments for each,
under the Indian Penal Code, 1860 and related legislations. Hence,
the concept of cybercrime is just a “combination of crime and
computer”.
Cybercrime in a narrow sense (computer crime): Any illegal
behaviour directed by means of electronic operations that targets
the security of computer systems and the data processed by them.
Cybercrime in a broader sense (computer-related crime): Any
illegal behaviour committed by means of, or in relation to, a
computer system or network, including such crimes as illegal
possession and offering or distributing information by means of a
computer system or network.
 Any contract for the sale or conveyance of immovable
property or any interest in such property;
 Any such class of documents or transactions as may be
notified by the Central Government
What is the applicability of IT Act?
The Act extends to the whole of India and except as otherwise provided,
it also applies to any offence or contravention there under committed
outside India by any person.
Rules and procedures mentioned in the Act have also been laid down in
a phased manner, defined as recently as April 2011.
For the sake of simplicity, here we will be only discussing the various
penalty and offences defined as per provisions of ITA 2000 and ITAA
2008. Please note that wherever the terms IT Act 2000 or 2008 are used,
they refer to same act because the IT Act now includes amendments as
per IT 2008 Amendment Act.
Specific exclusion(s) to the Act where it is not applicable are:
o Negotiable instrument (other than a cheque) as defined in section
13 of the Negotiable Instruments Act, 1881;
o A power-of-attorney as defined in section 1A of the Powers-of-
Attorney Act, 1882;

122
o A trust as defined in section 3 of the Indian Trusts Act, 1882
o A will as defined in clause (h) of section 2 of the Indian Succession
Act, 1925 including any other testamentary disposition
Cases Studies as per selected IT Act Sections
Here are the case studies for selected IT Act sections.
For the sake of simplicity and maintaining clarity, details on the IT Act
sections have been omitted. Kindly refer the Appendix at the last section
for the detailed account of all the penalties and offences mentioned in IT
Act.
Section 43 – Penalty and Compensation for damage to computer,
computer system, etc.
Related Case: Mphasis BPO Fraud: 2005In December 2004, four call
centre employees, working at an outsourcing facility operated by MphasiS
in India, obtained PIN codes from four customers of MphasiS’ client, Citi
Group. These employees were not authorized to obtain the PINs. In
association with others, the call centre employees opened new accounts
at Indian banks using false identities. Within two months, they used the
PINs and account information gleaned during their employment at
MphasiS to transfer money from the bank accounts of CitiGroup
customers to the new accounts at Indian banks.
By April 2005, the Indian police had tipped off to the scam by a U.S. bank,
and quickly identified the individuals involved in the scam. Arrests were
made when those individuals attempted to withdraw cash from the falsified
accounts, $426,000 was stolen; the amount recovered was $230,000.
Verdict: Court held that Section 43(a) was applicable here due to the
nature of unauthorized access involved to commit transactions.
Section 65 – Tampering with Computer Source Documents
Related Case: Syed Asifuddin and Ors. Vs. The State of Andhra
PradeshIn this case, Tata Indicom employees were arrested for
manipulation of the electronic 32- bit number (ESN) programmed into cell
phones theft were exclusively franchised to Reliance Infocomm.

123
Verdict: Court held that tampering with source code invokes Section 65
of the Information Technology Act.
Section 66 – Computer Related offenses
Related Case: Kumar v/s Whiteley In this case the accused gained
unauthorized access to the Joint Academic Network (JANET) and deleted,
added files and changed the passwords to deny access to the authorized
users. Investigations had revealed that Kumar was logging on to the BSNL
broadband Internet connection as if he was the authorized genuine user
and ‘made alteration in the computer database pertaining to broadband
Internet user accounts’ of the subscribers. The CBI had registered a
cybercrime case against Kumar and carried out investigations on the
basis of a complaint by the Press Information Bureau, Chennai, which
detected the unauthorised use of broadband Internet. The complaint also
stated that the subscribers had incurred a loss of Rs 38,248 due to
Kumar’s wrongful act. He used to ‘hack’ sites from Bangalore, Chennai
and other cities too, they said.
Verdict: The Additional Chief Metropolitan Magistrate, Egmore, Chennai,
sentenced N G Arun Kumar, the techie from Bangalore to undergo a
rigorous imprisonment for one year with a fine of Rs 5,000 under section
420 IPC (cheating) and Section 66 of IT Act (Computer related Offense).
Section 66A – Punishment for sending offensive messages through
communication service
Relevant Case #1: Fake profile of President posted by imposter On
September 9, 2010, the imposter made a fake profile in the name of the
Hon’ble President Pratibha Devi Patil. A complaint was made from
Additional Controller, President Household, President Secretariat
regarding the four fake profiles created in the name of Hon’ble President
on social networking website, Facebook. The said complaint stated that
president house has nothing to do with the facebook and the fake profile
is misleading the general public. The First Information Report Under
Sections 469 IPC and 66A Information Technology Act, 2000 was
registered based on the said complaint at the police station, Economic

124
Offences Wing, the elite wing of Delhi Police which specializes in
investigating economic crimes including cyber offences.
Relevant Case #2: Bomb Hoax mail In 2009, a 15-year-old Bangalore
teenager was arrested by the cybercrime investigation cell (CCIC) of the
city crime branch for allegedly sending a hoax e-mail to a private news
channel. In the e-mail, he claimed to have planted five bombs in Mumbai,
challenging the police to find them before it was too late. At around 1p.m.
on May 25, the news channel received an e-mail that read: “I have planted
five bombs in Mumbai; you have two hours to find it.” The police, who were
alerted immediately, traced the Internet Protocol (IP) address to Vijay
Nagar in Bangalore. The Internet service provider for the account was
BSNL, said officials.
Section 66C – Punishment for identity theft
Relevant Cases: The CEO of an identity theft protection company,
Lifelock, Todd Davis’s social security number was exposed by Matt Lauer
on NBC’s Today Show. Davis’ identity was used to obtain a $500 cash
advance loan.
Li Ming, a graduate student at West Chester University of Pennsylvania
faked his own death, complete with a forged obituary in his local paper.
Nine months later, Li attempted to obtain a new driver’s license with the
intention of applying for new credit cards eventually.
Section 66D – Punishment for cheating by impersonation by using
computer resource
Relevant Case: Sandeep Vaghese v/s State of Kerala
A complaint filed by the representative of a Company, which was engaged
in the business of trading and distribution of petrochemicals in India and
overseas, a crime was registered against nine persons, alleging offenses
under Sections 65, 66, 66A, C and D of the Information Technology Act
along with Sections 419 and 420 of the Indian Penal Code.
The company has a web-site in the name and and style
www.jaypolychem.com' but, another web site www.jayplychem.org’ was
set up in the internet by first accused Samdeep Varghese @ Sam, (who

125
was dismissed from the company) in conspiracy with other accused,
including Preeti and Charanjeet Singh, who are the sister and brother-in-
law of `Sam’
Defamatory and malicious matters about the company and its directors
were made available in that website. The accused sister and brother-in-
law were based in Cochin and they had been acting in collusion known
and unknown persons, who have collectively cheated the company and
committed acts of forgery, impersonation etc.
Two of the accused, Amardeep Singh and Rahul had visited Delhi and
Cochin. The first accused and others sent e-mails from fake e-mail
accounts of many of the customers, suppliers, Bank etc. to malign the
name and image of the Company and its Directors. The defamation
campaign run by all the said persons named above has caused immense
damage to the name and reputation of the Company.
The Company suffered losses of several crores of Rupees from
producers, suppliers and customers and were unable to do business.
Section 66E – Punishment for violation of privacy
Relevant Cases: Jawaharlal Nehru University MMS scandal In a severe
shock to the prestigious and renowned institute – Jawaharlal Nehru
University, a pornographic MMS clip was apparently made in the campus
and transmitted outside the university. Some media reports claimed that
the two accused students initially tried to extort money from the girl in the
video but when they failed the culprits put the video out on mobile phones,
on the internet and even sold it as a CD in the blue film market.
Nagpur Congress leader’s son MMS scandal On January 05, 2012
Nagpur Police arrested two engineering students, one of them a son of a
Congress leader, for harassing a 16-year-old girl by circulating an MMS
clip of their sexual acts. According to the Nagpur (rural) police, the girl was
in a relationship with Mithilesh Gajbhiye, 19, son of Yashodha Dhanraj
Gajbhiye, a zila parishad member and an influential Congress leader of
Saoner region in Nagpur district.

126
Section-66F Cyber Terrorism
Relevant Case: The Mumbai police have registered a case of ‘cyber
terrorism’—the first in the state since an amendment to the Information
Technology Act—where a threat email was sent to the BSE and NSE on
Monday. The MRA Marg police and the Cyber Crime Investigation Cell
are jointly probing the case. The suspect has been detained in this case.
The police said an email challenging the security agencies to prevent a
terror attack was sent by one Shahab Md with an ID
sh.itaiyeb125@yahoo.in to BSE’s administrative email ID
corp.relations@bseindia.com at around 10.44 am on Monday.The IP
address of the sender has been traced to Patna in Bihar. The ISP is Sify.
The email ID was created just four minutes before the email was sent.
“The sender had, while creating the new ID, given two mobile numbers in
the personal details column. Both the numbers belong to a photo frame-
maker in Patna,’’ said an officer.
Status: The MRA Marg police have registered forgery for purpose of
cheating, criminal intimidation cases under the IPC and a cyber-terrorism
case under the IT Act.
Section 67 – Punishment for publishing or transmitting obscene
material in electronic form
Relevant Case: This case is about posting obscene, defamatory and
annoying message about a divorcee woman in the Yahoo message group.
E-mails were forwarded to the victim for information by the accused
through a false e- mail account opened by him in the name of the victim.
These postings resulted in annoying phone calls to the lady. Based on the
lady’s complaint, the police nabbed the accused. Investigation revealed
that he was a known family friend of the victim and was interested in
marrying her. She was married to another person, but that marriage ended
in divorce and the accused started contacting her once again. On her
reluctance to marry him he started harassing her through internet.
Verdict: The accused was found guilty of offences under section 469, 509
IPC and 67 of IT Act 2000. He is convicted and sentenced for the offence
as follows:
 As per 469 of IPC he has to undergo rigorous imprisonment for 2
years and to pay fine of Rs.500/-
 As per 509 of IPC he is to undergo to undergo 1 year Simple
imprisonment and to pay Rs 500/-

127
 As per Section 67 of IT Act 2000, he has to undergo for 2 years and
to pay fine of Rs.4000/-
All sentences were to run concurrently.
The accused paid fine amount and he was lodged at Central Prison,
Chennai. This is considered the first case convicted under section 67 of
Information Technology Act 2000 in India.
Section 67B – Punishment for publishing or transmitting of material
depicting children in sexually explicit act, etc. in electronic form
Relevant Case: Janhit Manch & Ors. v. The Union of India 10.03.2010
Public Interest Litigation: The petition sought a blanket ban on
pornographic websites. The NGO had argued that websites displaying
sexually explicit content had an adverse influence, leading youth on a
delinquent path.
Section 69 – Powers to issue directions for interception or
monitoring or decryption of any information through any computer
resource
Relevant Case: In August 2007, Lakshmana Kailash K., a techie from
Bangalore was arrested on the suspicion of having posted insulting
images of Chhatrapati Shivaji, a major historical figure in the state of
Maharashtra, on the social-networking site Orkut. The police identified him
based on IP address details obtained from Google and Airtel -
Lakshmana’s ISP. He was brought to Pune and detained for 50 days
before it was discovered that the IP address provided by Airtel was
erroneous. The mistake was evidently due to the fact that while requesting
information from Airtel, the police had not properly specified whether the
suspect had posted the content at 1:15 p.m.
Verdict: Taking cognizance of his plight from newspaper accounts, the
State Human Rights Commission subsequently ordered the company to
pay Rs 2 lakh to Lakshmana as damages. The incident highlights how
minor privacy violations by ISPs and intermediaries could have impacts
that gravely undermine other basic human rights.

128
Common Cyber-crime scenarios and Applicability of Legal Sections
Let us look into some common cyber-crime scenarios which can attract
prosecution as per the penalties and offences prescribed in IT Act 2000
(amended via 2008) Act.
 Harassment via fake public profile on social networking site
A fake profile of a person is created on a social networking site with the
correct address, residential information or contact details but he/she is
labelled as ‘prostitute’ or a person of ‘loose character’. This leads to
harassment of the victim. Provisions Applicable:- Sections 66A, 67 of IT
Act and Section 509 of the Indian Penal Code.
 Online Hate Community
Online hate community is created inciting a religious group to act or pass
objectionable remarks against a country, national figures etc. Provisions
Applicable: Section 66A of IT Act and 153A & 153B of the Indian Penal
Code.
 Email Account Hacking
If victim’s email account is hacked and obscene emails are sent to people
in victim’s address book. Provisions Applicable:- Sections 43, 66, 66A,
66C, 67, 67A and 67B of IT Act.
 Credit Card Fraud
Unsuspecting victims would use infected computers to make online
transactions. Provisions Applicable:- Sections 43, 66, 66C, 66D of IT Act
and section 420 of the IPC.
 Web Defacement
The homepage of a website is replaced with a pornographic or defamatory
page. Government sites generally face the wrath of hackers on symbolic
days. Provisions Applicable:- Sections 43 and 66 of IT Act and Sections
66F, 67 and 70 of IT Act also apply in some cases.
 Introducing Viruses, Worms, Backdoors, Rootkits, Trojans, Bugs
All of the above are some sort of malicious programs which are used to
destroy or gain access to some electronic information. Provisions
Applicable:- Sections 43, 66, 66A of IT Act and Section 426 of Indian
Penal Code.

129
 Cyber Terrorism
Many terrorists are use virtual (GDrive, FTP sites) and physical storage
media (USB’s, hard drives) for hiding information and records of their illicit
business. Provisions Applicable: Conventional terrorism laws may apply
along with Section 69 of IT Act.
 Online sale of illegal Articles
Where sale of narcotics, drugs weapons and wildlife is facilitated by the
Internet Provisions Applicable:- Generally conventional laws apply in
these cases.
 Cyber Pornography
Among the largest businesses on Internet. Pornography may not be illegal
in many countries, but child pornography is. Provisions Applicable:-
Sections 67, 67A and 67B of the IT Act.
 Phishing and Email Scams
Phishing involves fraudulently acquiring sensitive information through
masquerading a site as a trusted entity. (E.g. Passwords, credit card
information)Provisions Applicable:- Section 66, 66A and 66D of IT Act and
Section 420 of IPC
 Theft of Confidential Information
Many business organizations store their confidential information in
computer systems. This information is targeted by rivals, criminals and
disgruntled employees. Provisions Applicable:- Sections 43, 66, 66B of IT
Act and Section 426 of Indian Penal Code.
 Source Code Theft
A Source code generally is the most coveted and important “crown jewel”
asset of a company. Provisions applicable:- Sections 43, 66, 66B of IT Act
and Section 63 of Copyright Act.
 Tax Evasion and Money Laundering
Money launderers and people doing illegal business activities hide their
information in virtual as well as physical activities. Provisions Applicable:
Income Tax Act and Prevention of Money Laundering Act. IT Act may
apply case-wise.

130
 Online Share Trading Fraud
It has become mandatory for investors to have their demit accounts linked
with their online banking accounts which are generally accessed
unauthorized, thereby leading to share trading frauds. Provisions
Applicable: Sections 43, 66, 66C, 66D of IT Act and Section 420 of IPC.
 Penalties, Compensation and Adjudication sections
Section 43 – Penalty and Compensation for damage to computer,
computer system
If any person without permission of the owner or any other person who is
in-charge of a computer, computer system or computer network-
Accesses or secures access to such computer, computer system or
computer network or computer resource.
Downloads, copies or extracts any data, computer data, computer
database or information from such computer, computer system or
computer network including information or data held or stored in any
removable storage medium;
Introduces or causes to be introduced any computer contaminant or
computer virus into any computer, computer system or computer network-
Damages or causes to be damaged any computer, computer system or
computer network, data, computer database, or any other programmes
residing in such computer, computer system or computer network-
Disrupts or causes disruption of any computer, computer system, or
computer network;
Denies or causes the denial of access to any person authorised to access
any computer, computer system or computer network by any means.
Charges the services availed of by a person to the account of another
person by tampering with or manipulating any computer of a computer,
computer system or computer network-
Provides any assistance to any person to facilitate access to a computer,
computer system or computer network in contravention of the provisions
of this Act, rules or regulations made there under,

131
Charges the services availed of by a person to the account of another
person by tampering with or manipulating any computer, computer
system, or computer network,
Destroys, deletes or alters any information residing in a computer
resource or diminishes its value or utility or affects it injuriously by any
means,
Steals, conceals, destroys or alters or causes any person to steal,
conceal, destroy or alter any computer source code used for a computer
resource with an intention to cause damage,
He shall be liable to pay damages by way of compensation to the person
so affected.
Section 43A – Compensation for failure to protect data Where a body
corporate, possessing, dealing or handling any sensitive personal data or
information in a computer resource which it owns, controls or operates, is
negligent in implementing and maintaining reasonable security practices
and procedures and thereby causes wrongful loss or wrongful gain to any
person, such body corporate shall be liable to pay damages by way of
compensation, not exceeding five crore rupees, to the person so affected.
Section 44 – Penalty for failure to furnish information or return, etc. If any
person who is required under this Act or any rules or regulations made
there under to –
Furnish any document, return or report to the Controller or the Certifying
Authority, fails to furnish the same, he shall be liable to a penalty not
exceeding one lakh and fifty thousand rupees for each such failure;
File any return or furnish any information, books or other documents within
the time specified therefore in the regulations, fails to file return or furnish
the same within the time specified therefore in the regulations, he shall be
liable to a penalty not exceeding five thousand rupees for every day during
which such failure continues:
Maintain books of account or records, fails to maintain the same, he shall
be liable to a penalty not exceeding ten thousand rupees for every day
during which the failure continues.
Section 45 – Residuary Penalty Whoever contravenes any rules or
regulations made under this Act, for the contravention of which no penalty
has been separately provided, shall be liable to pay a compensation not

132
exceeding twenty-five thousand rupees to the person affected by such
contravention or a penalty not exceeding twenty-five thousand rupees.
Section 47 – Factors to be taken into account by the adjudicating officer
Section 47 lays down that while adjudging the quantum of compensation
under this Act, an adjudicating officer shall have due regard to the
following factors, namely :-
 The amount of gain of unfair advantage, wherever
quantifiable, made as a result of the default;
 The amount of loss caused to the person as a result of
the default,
 The repetitive nature of the default.
 Offences sections
Section 65 – Tampering with Computer Source Documents If any
person knowingly or intentionally conceals, destroys code or alters or
causes another to conceal, destroy code or alter any computer,
computer program, computer system, or computer network, he shall be
punishable with imprisonment up to three years, or with fine up to two
lakh rupees, or with both.
Section 66 - Computer Related Offences If any person, dishonestly, or
fraudulently, does any act referred to in section 43,he shall be punishable
with imprisonment for a term which may extend to two three years or with
fine which may extend to five lakh rupees or with both.
Section 66A – Punishment for sending offensive messages through
communication service Any person who sends, by means of a computer
resource or a communication device,
 Any information that is grossly offensive or has menacing
character;
 Any information which he knows to be false, but for the
purpose of causing annoyance, inconvenience, danger,
obstruction, insult, injury, criminal intimidation, enmity, hatred,
or ill will, persistently makes by making use of such computer
resource or a communication device,

133
 Any electronic mail or electronic mail message for the
purpose of causing annoyance or inconvenience or to
deceive or to mislead the addressee or recipient about the
origin of such messages
Shall be punishable with imprisonment for a term which may extend
to three years and with fine.
Section 66B – Punishment for dishonestly receiving stolen computer
resource or communication device. Whoever dishonestly receives or
retains any stolen computer resource or communication device knowing
or having reason to believe the same to be stolen computer resource or
communication device, shall be punished with imprisonment of either
description for a term which may extend to three years or with fine which
may extend to rupees one lakh or with both.
Section 66C – Punishment for identity theft Whoever, fraudulently or
dishonestly make use of the electronic signature, password or any other
unique identification feature of any other person, shall be punished with
imprisonment of either description for a term which may extend to three
years and shall also be liable to fine which may extend to rupees one lakh.
Section 66D – Punishment for cheating by personation by using computer
resource Whoever, by means of any communication device or computer
resource cheats by personating; shall be punished with imprisonment of
either description for a term which may extend to three years and shall
also be liable to fine which may extend to one lakh rupees.
Section 66E – Punishment for violation of privacy Whoever, intentionally
or knowingly captures, publishes or transmits the image of a private area
of any person without his or her consent, under circumstances violating
the privacy of that person, Explanation – For the purposes of this section:
a. “Transmit” means to electronically send a visual image
with the intent that it be viewed by a person or persons;
b. “Capture”, with respect to an image, means to videotape,
photograph, film or record by any means;
c. “Private area” means the naked or undergarment clad
genitals, pubic area, buttocks or female breast;
d. “publishes” means reproduction in the printed or
electronic form and making it available for public;

134
e. “under circumstances violating privacy” means
circumstances in which a person can have a reasonable
expectation that–
I. he or she could disrobe in privacy, without being
concerned that an image of his private area was
being captured; or
II. any part of his or her private area would not be
visible to the public, regardless of whether that
person is in a public or private place.
shall be punished with imprisonment which may extend to three years
or with fine not exceeding two lakh rupees, or with both.
 Section-66F Cyber Terrorism
1. Whoever,-
a. with intent to threaten the unity, integrity, security or
sovereignty of India or to strike terror in the people or any
section of the people by –
I. denying or cause the denial of access to any person
authorized to access computer resource; or
II. attempting to penetrate or access a computer
resource without authorization or exceeding
authorized access; or
III. introducing or causing to introduce any Computer
Contaminant and by means of such conduct causes
or is likely to cause death or injuries to persons or
damage to or destruction of property or disrupts or
knowing that it is likely to cause damage or disruption
of supplies or services essential to the life of the
community or adversely affect the critical information
infrastructure specified under section 70, or
b. knowingly or intentionally penetrates or accesses a
computer resource without authorization or exceeding
authorized access, and by means of such conduct obtains
access to information, data or computer database that is

135
restricted for reasons of the security of the State or foreign
relations; or any restricted information, data or computer
database, with reasons to believe that such information,
data or computer database so obtained may be used to
cause or likely to cause injury to the interests of the
sovereignty and integrity of India, the security of the State,
friendly relations with foreign States, public order, decency
or morality, or in relation to contempt of court, defamation
or incitement to an offence, or to the advantage of any
foreign nation, group of individuals or otherwise, commits
the offence of cyber terrorism.
Whoever commits or conspires to commit cyber terrorism shall be
punishable with imprisonment which may extend to imprisonment for life.
 Section 67 – Punishment for publishing or transmitting obscene
material in electronic form Whoever publishes or transmits or causes
to be published in the electronic form, any material which is lascivious
or appeals to the prurient interest or if its effect is such as to tend to
deprave and corrupt persons who are likely, having regard to all
relevant circumstances, to read, see or hear the matter contained or
embodied in it, shall be punished on first conviction with imprisonment
of either description for a term which may extend to two three years
and with fine which may extend to five lakh rupees andin the event of
a second or subsequent conviction with imprisonment of either
description for a term which may extend to five years and also with fine
which may extend to ten lakh rupees.
 Section 67A – Punishment for publishing or transmitting of
material containing sexually explicit act, etc. in electronic form
Whoever publishes or transmits or causes to be published or
transmitted in the electronic form any material which contains sexually
explicit act or conduct shall be punished on first conviction with
imprisonment of either description for a term which may extend to five
years and with fine which may extend to ten lakh rupees and in the
event of second or subsequent conviction with imprisonment of either
description for a term which may extend to seven years and also with
fine which may extend to ten lakh rupees.

136
 Section 67B. Punishment for publishing or transmitting of
material depicting children in sexually explicit act, etc. in
electronic form Whoever :-
o publishes or transmits or causes to be published or transmitted
material in any electronic form which depicts children engaged in
sexually explicit act or conduct or
o creates text or digital images, collects, seeks, browses, downloads,
advertises, promotes, exchanges or distributes material in any
electronic form depicting children in obscene or indecent or sexually
explicit manner or
o cultivates, entices or induces children to online relationship with one
or more children for and on sexually explicit act or in a manner that
may offend a reasonable adult on the computer resource or
o facilitates abusing children online or
o records in any electronic form own abuse or that of others pertaining
to sexually explicit act with children,
shall be punished on first conviction with imprisonment of either
description for a term which may extend to five years and with a fine which
may extend to ten lakh rupees
and in the event of second or subsequent conviction with imprisonment of
either description for a term which may extend to seven years and also
with fine which may extend to ten lakh rupees:
Provided that the provisions of section 67, section 67A and this section
does not extend to any book, pamphlet, paper, writing, drawing, painting,
representation or figure in electronic form.
 Section 69 – Powers to issue directions for interception or
monitoring or decryption of any information through any
computer resource.-
1. Where the central Government or a State Government or any of its
officer specially authorized by the Central Government or the State
Government, as the case may be, in this behalf may, if is satisfied
that it is necessary or expedient to do in the interest of the
sovereignty or integrity of India, defence of India, security of the
State, friendly relations with foreign States or public order or for
preventing incitement to the commission of any cognizable offence
relating to above or for investigation of any offence, it may, subject
to the provisions of sub-section (2), for reasons to be recorded in
writing, by order, direct any agency of the appropriate Government
to intercept, monitor or decrypt or cause to be intercepted or

137
monitored or decrypted any information transmitted received or
stored through any computer resource.
2. The Procedure and safeguards subject to which such interception
or monitoring or decryption may be carried out, shall be such as may
be prescribed.
3. The subscriber or intermediary or any person in charge of the
computer resource shall, when called upon by any agency which
has been directed under sub section (1), extend all facilities and
technical assistance to –
o provide access to or secure access to the computer resource
generating, transmitting, receiving or storing such information;
or
o intercept or monitor or decrypt the information, as the case
may be; or
o Provide information stored in computer resource.
4. The subscriber or intermediary or any person who fails to assist the
agency referred to in sub-section (3) shall be punished with an
imprisonment for a term which may extend to seven years and shall
also be liable to fine.
 Section 69A – Power to issue directions for blocking for public
access of any information through any computer resource
1. Where the Central Government or any of its officer specially
authorized by it in this behalf is satisfied that it is necessary or
expedient so to do in the interest of sovereignty and integrity of
India, defence of India, security of the State, friendly relations with
foreign states or public order or for preventing incitement to the
commission of any cognizable offence relating to above, it may
subject to the provisions of sub-sections (2) for reasons to be
recorded in writing, by order direct any agency of the Government
or intermediary to block access by the public or cause to be blocked
for access by public any information generated, transmitted,
received, stored or hosted in any computer resource.
2. The procedure and safeguards subject to which such blocking for
access by the public may be carried out shall be such as may be
prescribed.
3. The intermediary who fails to comply with the direction issued under
sub-section (1) shall be punished with an imprisonment for a term
which may extend to seven years and also be liable to fine.

138
 Section 69B. Power to authorize to monitor and collect traffic data
or information through any computer resource for Cyber Security
1. The Central Government may, to enhance Cyber Security and for
identification, analysis and prevention of any intrusion or spread of
computer contaminant in the country, by notification in the official
Gazette, authorize any agency of the Government to monitor and
collect traffic data or information generated, transmitted, received or
stored in any computer resource.
2. The Intermediary or any person in-charge of the Computer resource
shall when called upon by the agency which has been authorized
under sub-section (1), provide technical assistance and extend all
facilities to such agency to enable online access or to secure and
provide online access to the computer resource generating,
transmitting, receiving or storing such traffic data or information.
3. The procedure and safeguards for monitoring and collecting traffic
data or information, shall be such as may be prescribed.
4. Any intermediary who intentionally or knowingly contravenes the
provisions of subsection (2) shall be punished with an imprisonment
for a term which may extend to three years and shall also be liable
to fine.
 Section 71 – Penalty for misrepresentation Whoever makes any
misrepresentation to, or suppresses any material fact from, the
Controller or the Certifying Authority for obtaining any license or
Electronic Signature Certificate, as the case may be, shall be punished
with imprisonment for a term which may extend to two years, or with
fine which may extend to one lakh rupees, or with both.
 Section 72 – Breach of confidentiality and privacy Any person who,
in pursuant of any of the powers conferred under this Act, rules or
regulations made there under, has secured access to any electronic
record, book, register, correspondence, information, document or other
material without the consent of the person concerned discloses such
electronic record, book, register, correspondence, information,
document or other material to any other person shall be punished with
imprisonment for a term which may extend to two years, or with fine
which may extend to one lakh rupees, or with both.

139
 Section 72A – Punishment for Disclosure of information in breach
of lawful contract Any person including an intermediary who, while
providing services under the terms of lawful contract, has secured
access to any material containing personal information about another
person, with the intent to cause or knowing that he is likely to cause
wrongful loss or wrongful gain discloses, without the consent of the
person concerned, or in breach of a lawful contract, such material to
any other person shall be punished with imprisonment for a term which
may extend to three years, or with a fine which may extend to five lakh
rupees, or with both.
 Section 73. Penalty for publishing electronic Signature Certificate
false in certain particulars.
1. No person shall publish an Electronic Signature Certificate or
otherwise make it available to any other person with the
knowledge that
a. the Certifying Authority listed in the certificate has not
issued it; or
b. the subscriber listed in the certificate has not accepted it;
or
c. the certificate has been revoked or suspended, unless
such publication is for the purpose of verifying a digital
signature created prior to such suspension or revocation
2. Any person who contravenes the provisions of sub-section (1)
shall be punished with imprisonment for a term which may
extend to two years, or with fine which may extend to one lakh
rupees, or with both.
 Section 74 – Publication for fraudulent purpose: Whoever
knowingly creates, publishes or otherwise makes available a Electronic
Signature Certificate for any fraudulent or unlawful purpose shall be
punished with imprisonment for a term which may extend to two years,
or with fine which may extend to one lakh rupees, or with both.

140
 Section 75 – Act to apply for offence or contraventions committed
outside India
1. Subject to the provisions of sub-section (2), the provisions of this
Act shall apply also to any offence or contravention committed
outside India by any person irrespective of his nationality.
2. For the purposes of sub-section (1), this Act shall apply to an
offence or contravention committed outside India by any person
if the act or conduct constituting the offence or contravention
involves a computer, computer system or computer network
located in India.
 Section 77A – Compounding of Offences.
1. A Court of competent jurisdiction may compound offences
other than offences for which the punishment for life or
imprisonment for a term exceeding three years has been
provided under this Act. Provided further that the Court shall
not compound any offence where such offence affects the
socio-economic conditions of the country or has been
committed against a child below the age of 18 years or a
woman.
2. The person accused of an offence under this act may file an
application for compounding in the court in which offence is
pending for trial and the provisions of section 265 B and 265C
of Code of Criminal Procedures, 1973 shall apply.
 Section 77B – Offences with three years imprisonment to be
cognizable
notwithstanding anything contained in Criminal Procedure Code 1973,
the offence punishable with imprisonment of three years and above
shall be cognizable and the offence punishable with imprisonment of
three years shall be bailable.
 Section 78 – Power to investigate offences
notwithstanding anything contained in the Code of Criminal Procedure,
1973, a police officer not below the rank of Inspector shall investigate
any offence under this Act.

Cyber security and Privacy Awareness manual

More Related Content

What's hot (20)

Similar to Cyber security and Privacy Awareness manual (20)

More from Jay Nagar (20)

Recently uploaded (20)

Cyber security and Privacy Awareness manual