Cheating by personation by using computer resource - Sec.66D

Section 66D of the IT Act addresses cheating by personation via computer resources. Understand where impersonation ends and fraud begins, and learn how to defend your organization against phishing and social engineering.

May 21, 2012

What is Cheating by Personation?

In the physical world, masquerading as another person to commit fraud is a well-known crime. Section 66D of the Information Technology Act brings this principle into the digital age. It focuses on anyone who, by means of a communication device or computer resource, "cheats by personation." This includes phishing, fake social media profiles used for scamming, and business email compromise (BEC) attacks.

What makes Section 66D critical is its focus on the method of the crime—specifically, the use of technology to deceive a victim into handing over money, data, or access. In modern corporate environments, this often takes the form of an attacker impersonating a CEO or a vendor to authorize fraudulent payments.

Common Tactics Under Section 66D

Attackers use a variety of personation techniques to bypass trust. Understanding these is the first step in building a defence:

  • Phishing and Spoofing: Creating fake emails or websites that look like they belong to a trusted entity (e.g., a bank or a government agency).
  • Social Media Impersonation: Setting up profiles using a real person's name and photos to defraud their contacts or ruin their reputation.
  • Account Takeover: Using a stolen account to send deceptive messages to colleagues or clients.

When an attacker impersonates your brand, it can lead to massive financial losses and a collapse in customer trust. Implementing a strategy for online reputation management is essential to detect and shut down these fake entities quickly.

The Penalty for Digital Impersonation

The law treats cheating by personation as a serious offence. Section 66D prescribes imprisonment for a term of up to three years and a fine of up to one lakh rupees. Because these crimes often involve the crossing of borders, digital evidence is paramount. Investigators must trace IP addresses, login logs, and financial trails to link the personation to a specific individual.

For businesses, the cost is often measured in more than just fines. A single successful phishing attack can lead to a data breach that costs millions. We recommend a regular application security audit to ensure that your user authentication and communication protocols are resilient against spoofing.

Defending Against Social Engineering

Section 66D covers the legal side, but technology and training provide the practical shield. Here is how to protect your organization:

  • Email Authentication: Use SPF, DKIM, and DMARC to prevent attackers from sending emails that appear to come from your domain.
  • Employee Training: Conduct regular simulations to teach staff how to recognize the "tells" of a personation attempt.
  • Verification Procedures: Establish a "no-exceptions" policy for verifying high-value financial requests through a non-digital channel (like a phone call).
  • Forensic Tracking: If a personation occurs, engage in cyber crime investigation to preserve the evidence required for a Section 66D filing.

If you have been targeted by a scammer, or if your name is being used to defraud others, you need a team that understands the ORM process and legal recovery.

Stop Scammers Before They Damage Your Reputation

Don't let digital imposters ruin what you've built. Whether you are dealing with a fake social media handle or a complex phishing scheme, immediate action is required. Contact our cybersecurity experts to secure your digital boundaries and take legal action against fraudsters.

Found this helpful?

Share this page with others