Impersonation (identity theft) on social networks occurs when the image, name, or other elements that mark a person, company, or organization is used for fraudulent purposes. It differs from other legitimate uses of a brand or person like fan accounts, information pages, and parodies or criticism.
The objective is to manipulate the contacts of the victim into thinking that the profile is being run by the real person. The goal is to exploit the information of those who interact with the fake profile. Impersonations are carried out of both individual persons and organisations for illegal activities. Though initially considered a mild irritant, it is now considered as a serious breach of security, privacy and confidentiality.
Impersonations are of various types. Some of these are mentioned below:
Brand impersonation: A page or user id is created to look like or resemble a business. This account is then used to gather information on the people that follow or like the original pages. It can also be used to run fake promotions to generate activity around the account so as to increase the number of followers.
Executive impersonation: Account is setup to impersonate an executive member of a business. Such an account is used to connect with other people within the business, or to make connections with other businesses. The aim is to gather sensitive information on the business or about people within the business.
Some examples are:
While social media helps us stay connected with friends and family, it also provides brand owners a platform to market their products and services to existing and potential consumers. Further, brands can, through engagement and interactive activities, create a platform that helps them understand consumer needs and market trends. However, with brands establishing their base on various social media platforms, the number of imposters and fake profiles has only increased, leading to escalating cases of trademark infringement. Thus, large brands are increasingly susceptible to infringement by fake accounts and copied logos, passed off as originals.
The issues in case of brand impersonation are not limited to fake profiles, but also carry a layer of financial fraud. This happens when these fake profiles, either get verified and indulge in ‘real-looking activities’, leading to account monetization, or go a step further and start; passing off; products and services as their own in the name of the infringed-brand. Passing off is a concept where someone deliberately or unintentionally ‘passes off’ their goods or services as those belonging to another party. In such cases, while these fake profiles might forward invoices and tracking numbers upon payment, you might either receive products that are not original or no products at all. More often than not, the brunt of such misleading activities is borne by the brand in terms of decreased followers and consumer count, negative reviews, damaged goodwill, damaged brand value etc. Therefore, impersonation of trademarks also is unethical leading to fraudulent activities that affect the brand and the consumer.
Even though fake social media profiles seem trivial, there are several fake profile rackets operating at national and international levels. In fact, it was not long ago when the Mumbai police unearthed an international fake profile racket while investigating a complaint filed by Bollywood singer Bhumi Trivedi, wherein a fake Instagram account was using her name in order to draw followers. Following the registration of the complaint, Mumbai police arrested an employee of a website that provides Instagram followers to its users for a certain fee.
On being asked if the Bollywood singer’s case falls under the definition of cheating under Section 416 of the Indian Penal Code, a learned senior associate from an esteemed law firm stated, ‘If one has to read this provision technically, this is still a somewhat simpler case because a real person was indeed being impersonated by a fake profile.’
While an offence was registered against the accused, the police could not do much about the matter due to the absence of a specific law. However, the case was registered under Section 468 of the Indian Penal Code, which deals with forgery of a document or electronic record for the purpose of cheating. The statement of a cyber law expert reviewing the case mentions that since a fake account is an electronic record that can be used to misrepresent, an accused can be booked under it.
Cybersquatting refers to registering, trafficking, or using a domain name with the intent to attain profits from the goodwill created by a trademark holder (of the same domain name). While cybersquatting can be categorized into several types such as domain name squatting, identity theft, URL hijacking, and name-jacking, the core intent of all these activities remains the same, i.e., to make use of an existing name/URL/expired domains as the domain name for fraudulent websites. Cybersquatting can also be implemented by unauthorised use of service names, company names and personal account usernames.
If one were to understand this in terms of social media, a person or brand’s username (on social media sites) is equivalent to the domain name of a website. Therefore, in cases where usernames are misused to trade off the goodwill of another individual/brand, the activity is known as username squatting.
While laws are yet to be formulated to specifically cover username squatting, cybersquatting cases are dealt with under the Trademark Act, 1999. The lack of Indian legislation regarding cybersquatting was also recognized by the court in the case of Satyam Infoway Ltd v. Sifynet Solutions.
Due to the lack of regulatory laws in the social media domain, the onus of resolving disputes has shifted entirely upon the interpretation of Indian courts.
A leading case regarding cybersquatting is that of Reddif Communication Limited v Cyberbooth and Anr, wherein the respondent had registered ‘radiff.com’ as their domain name. The plaintiffs accused the name of being identical to their domain name registered as ‘rediff.com’. The court, in this case, ruled in favour of the plaintiffs, recognizing the domain name as a registered trademark.
In another case involving Yahoo, the respondents used the domain name ‘yahooindia.com’, which was identical to the trademark ‘Yahoo’ of the popular search engine. In this landmark case, the court upheld its verdict of ‘trademark passing-off through domain name’ and granted an injunction to Yahoo.
Further, following the World Intellectual Property Organization (WIPO) guidelines in the Rediff Communication case (supra), the courts in the case of Tata Sona Ltd. V Mr. Manu Kishori ordered the defendants to surrender the plaintiff’s name as it was wrongly used by them as a registered domain name.
The process for reporting social media impersonation is explained within the platforms’ privacy and legal policies, and the legal framework also assists reporting such cases, Certain steps, however, can be followed to ensure that one is never a victim of impersonation/hacking and that a situation of filing a report or complaint never arises. These steps are set out below:
It is important to note that social media platforms are not held liable for the creation of fake accounts. This is because social media platforms act as intermediaries and does not create the account, or have any control over its creation. This immunity is provided to platforms via Section 79 of the Information Technology Act, 2000. An online portal only receives, stores, transmits, or communicates electronic records and will not be liable for any third party communication or information transmission. They are, however, liable if they become aware of any data, communication, or information present on the portal that is used to create an unlawful act. The platform then must take down the content.
With this in mind, we must also note that social media impersonation is not explicitly defined or covered under any statute, India, however, possesses provisions that, implicitly, may take cognizance of social media impersonation complaints/cases as and when they are filed. Despite guarding against impersonation, one may still be a victim of it. Thus, it is important to note the laws applicable when reporting an online impersonation case. These laws are discussed below:
Under the IT Rules, any complaint brought to the notice of the authorities has to be disposed off within 15 days of its receipt, after acknowledging the same within twenty-four hours. This is stated under Rule 3(2)(a)(i). Additionally, under Rule 3(2)(b), any content that exposes the privacy of any person (nudity, sexual acts, or impersonation in any electronic form) shall be disabled within twenty-four hours of receiving such a complaint.
The IPC possesses, within its regime, certain provisions that are handy in prosecuting social media impersonation. These are listed out below:
All of the aforementioned provisions, including those of the IT Act, 2000, were used in the case of singer-celebrity Bhoomi Trivedi. An impersonator, named Abhishek Daude, had used her online profile picture to create a fake account and indulge in the business of ‘buying’ followers and likes. The IPC and the IT Act were used, specifically, to deal with the case in the absence of a specific law.
The PDP Bill is set to be introduced into the legal framework soon, within the next few months. This will be India’s first specific data privacy law, with privacy currently being governed by the Information Technology Act, 2000 and by the Puttaswamy judgment. While its impact cannot be judged before its formal introduction, it seems to be a step in the right direction for data protection.
The Bill will have ramifications for social media platforms as well. One such inclusion is the verification of user accounts. This is not as simple as it looks, as questions have been raised in Parliament over the freedom of speech and expression of anonymous users guaranteed by Article 19(1) of the Constitution. However, in terms of social media impersonation, it could significantly reduce fake accounts and attempts to create them.
The immunity enjoyed by social media platforms as third-party entities under Section 79 of the IT Act may vanish. The Bill proposes that platforms are aware of the quality and accuracy of content posted by its users, thereby making them directly responsible and liable. However, its working will not be clear until the Bill is implemented later this year.
Social media platforms, such as Facebook, Twitter, and Instagram, have an internal complaint process that is usually the quickest way to get an account taken down in case of clear-cut impersonation. Such cases may involve:
When these circumstances are presented, Facebook, Twitter and Instagram will usually respond to a takedown request submitted through their online complaint forms within 48 hours. Depending on the type and significance of the impersonation (e.g., a teenager posing as a celebrity vs. a company selling phony goods), attorneys may also want to draft an appropriate cease and desist letter.
Other options include sending a cease and desist letter or reaching out to the infringer directly in order to explain the problematic content. A company should be vigilant in protecting its brand on social media because a failure to ‘police one’s marks’ can be used against a company in trademark proceedings and civil lawsuits with respect to the strength of a mark.
You can report if someone else is pretending to be you; and your friends and well-wishers can also report that their friends have been impersonated. Social platforms may request you to upload a photo of yourself with a legal photo ID. Given below are the links to report impersonation on various social media platforms:
If the severity of the condition is higher (content is obscene, has nudity, suicide, rape, or is against a Faith or the sovereignty of a nation) then one can and should complain on the National Cyber Crime Reporting Portal www.cybercrime.gov.in
Alternatively, one can reach any nearest Cyber Police Station for quick support.
In case you are a victim of a cyber-crime, including, but not limited to, social media impersonation, you need to file a complaint with the cyber-crime cell in your city. Most cities in India now have a dedicated cyber-crime cell. Most states lodge complaints through the National Cyber Crime Reporting Portal, mentioned above. However, some other states/cities have their own dedicated cyber-crime cells for complaints. The links to cyber-crime cells in major metropolitans are provided below:
Details on documents required, nearest police station, and district cyber cells. Redirected to National Cyber Crime Reporting Portal in case of an online complaint.
Mumbai – https://mumbaipolice.gov.in/CCC
Helpline number. Drop-down menu of area-wise police stations. Role of cyber-crime cell and other details.
District-wise details of emails and phone numbers for reporting cyber complaints.
Despite these dedicated webpages, nearly all cyber-crime complaints are redirected and lodged through the National Portal. The complaint can be made online or offline to the cyber police or crime investigation department (CID). First, you need to file a written complaint with cyber-cell of a jurisdiction. Details have to provided, which include: name, contact address, email address. The complaint must be written to the Head of Department (HOD) of the cyber-cell where you are filing the complaint.
IT Act views cyber-crime as a global jurisdiction which means that it can be filed with any cyber-cell, irrespective of the place of residence of the complainant or where it was committed.
Apart from cyber-cells, a cyber-crime complaint can be filed like a normal complaint as well, i.e., via a First Information Report or FIR. As discussed above, most cyber-crimes fall under the provisions of the Indian Penal Code and such provisions may be used in the FIR.
Under Section 154 of the Criminal Procedure Code (CrPC), it is mandatory that every police officer records the information/complaint of the offence, irrespective of jurisdiction. In case refused, the complainant can proceed to the Commissioner or the Judicial Magistrate of the said jurisdiction as recourse.
Thus, cyber-crime can be reported via any of the following mechanisms:
The online portal for filing the complaint is as follows: https://cybercrime.gov.in/Accept.aspx
Complaints may be filed anonymously as well. The steps to lodge an online complaint on the national portal are as follows:
STEP 1: Go to https://cybercrime.gov.in/Accept.aspx
STEP 2: Click on ‘Report other cyber crimes’ on the menu.
STEP 3: Click on ‘File a Complaint’.
STEP 4: Read the conditions and accept them.
STEP 5: Register your mobile number and fill in your name and State.
Once the complainant is successfully registered, he/she will have to choose the category and sub-category of complaint and provide the asked information with regard to the alleged cybercrime.
STEP 6: Fill in the relevant details about the offence
The interface is user friendly.
Helpline Number - 1930
In the case that a cyber-cell refuses to accept your complaint, a direct representation can be made to the nearest Judicial Magistrate after stating that the complaint has not been accepted at the cell under any circumstances.
The following are the documents/details one must have while filing a social media complaint:
Note: This is not an exhaustive list. The police may ask for further details depending on the nature of the crime.
Social Media Impersonation is not directly dealt with in the Indian legal framework; however, the framework is on the brink of a historic legislation in terms of the PDP Bill, 2019, and it is hoped that this bill will put to rest many of the lingering concerns.
In the meantime, the framework of the IPC, the IT Act, and the fundamental rights enshrined in the Constitution must work in tandem to ensure that impersonators are punished for their wrongdoings. These provisions possess enough legal firepower to prosecute and punish such impersonators. Their implementation must not rest on technicalities.
Hopefully, the new legislation will address the need for a nuanced legislation and deter impersonators from creating fake accounts and disrupting the wonderful gift that the internet is to our generation.
For preventive measures and to address social media impersonation, you can get in touch with us by submitting a query below.
Summary: A recent look at the suicide prevention laws in India and the avenues available for mental
The rights to physical integrity and self-determination are fundamental rights which are available t
With the youth becoming more conscious of their rights through information ex
The Supreme Courtâ€™s judgment to decriminalize Section 377 of Indian Penal Code (IPC) on 6th S
Lakshadweep Islands are one of the remotest areas of India. They have almost always enjoyed their ti
What is medical negligence?In simple words, medical negligence emerges from an action or neglige
Every time an offender stealthily leaves India to take refuge in another country, the Government of
5th August 2019 marks a sensational day in the history of our great nation.