Archival of Identity Theft Incidents-CEAC-ITN and CEAC-VPN

Identity Theft Notice and Virtual Public Notice Space

Read : What to Do when I receive a Phishing Mail? for more information on why this service

CEAC-ITN

 CEAC-ITN  is a service offered by Cyber Evidence Archival Center (CEAC) to ensure that victims of Identity Theft can archive  a public disclosure for their protection if required.

It can be used by recipients of phishing mails to create a record of the fact that they had received a mail.

It can be used by persons whose e-mail account is hijacked and used for sending impersonated mails to the contacts.

The need for archiving a phishing e-mail arises when the recipient of a phishing mail has to guard against possible exploitation  by  malicious insiders who may pick up the password of the account holder from the Bank records and withdraw money from the account and claim that the customer has answered the Phishing mail  even though he may he has not.

Similarly, this service can be used by those whose e-mail accounts are hijacked and used for sending impersonated messages to their contacts to create a public disclaimer notice.

The Service can also be used when a domain name is hijacked and visitors get diverted to a false website.

This service is extended to both Phishing e-mails as well as SMS messages.

This service is free for archiving and charged only for issue of certified copies.

The service provider does not provide any warranty that the archived data would be available for certification beyond 30 days from the date of archival.

CEAC-VPN

CEAC-VPN is a service which is an extension of the CEAC-ITN service. It is meant to publish a public notice.

It can be used by any person who wants to place a notice in cyber space and meet a public disclosure requirement.

Under this service, the user will request posting of his announcement on the CEAC Notice board for a specific period.

The CEAC authorities need to pre-approve the notice before agreeing for the publication and reserve the right to reject any notice for publication.

 At the time of such acceptance, CEAC shall provide the quote for the publication at the time of acceptance. For the guidance of the users the following is an indicative tariff card for  notifications of personal non commercial nature.

One Month: Rs 500/-

3 Months: Rs 1000/-

6 Months: Rs 1500/-

Additional Rs 500/- for every 6 months.

The notice will be displayed in a separate URL on this site.

No anonymous notices would be accepted.

CEAC does not warranty that the publication would reach out to any significant number of persons or that this service has the recognition from any legal or Government authority.

P.S: Until further notice CEAC has suspended charges for Identity Theft Notices and the service is provided free of charge.

It must be noted that these services are meant to create a platform for ordinary persons who donot own their own websites or alternate virtual places where they can display their disclaimers. It is not a permanent remedy for the problem and the affected person needs to get the situation rectified by complaining to the appropriate service provider and backing it up with a police complaint if necessary.

How to Avail the Service

CEAC-ITN

When a customer of a Bank receives a Phishing message and wants to avail the CEAC-ITN service, he is advised to send an email to his Bank under copy to CEAC through email ceac.naavi@gmail.com along with a copy of the phishing mail. The mail may roughly be worded as follows:

From: ………… (Name)

Account Number: …………………, Branch…………………

I hereby give notice that I have received the enclosed e-mail which I suspect to be an attempt to deceive me into parting with my password for my Internet Banking access.

The mail was received on ……………. at ………………… (time)

I hereby give notice that I have not responded to the mail and shall not be responsible for any unauthorized withdrawals from my account attributed to this phishing attempt.

This notice is being archived with CEAC for records.

P.S: This service is meant to be used only when you have not responded to the Phishing e-mail.  In the unfortunate event where  you have already responded to the e-mail  check the account immediately and if you are lucky and no damage has been done, change the password/s. There are instances where Banks have passed unauthorized debits even after notice by value dating the transaction to a back date. Hence it would be critical to record the time of delivery of the notice. To strengthen your legal defense in such cases, donot hesitate to also avail the CEAC paid service for E Mail forwarding and serve a copy of your notice through CEAC.

CEAC may  take up the issue with the respective Bank and urge that some action is taken to alert the customers of the Bank and also if possible work for bringing down the phishing site at the earliest so that the damage can be limited. This is part of the NGO activity that the site may support.

If and when a dispute arises with the Bank and the person who has deposited the mail  wants a certified copy of the e-mail, CEAC would provide the certified copy as is normally done by CEAC. Depositing of the mail is free of charge. Service charges would be payable for the issue of  certified copy. At present, Certified copies would be made available at a fee of Rs 500/- per certificate.

The depositor may exercise an option to use the E-Mail forwarding service if required, terms of which are available elsewhere in the site.

CEAC-VPN

To avail the CEAC-VPN service, the user has to send a request for publication with the following details by e-mail to ceac.naavi@gmail.com

From: ……………………………………………… (Name)

Full Postal Address………………………………………………………………………………:

E Mail: …………………, Phone: …………………….. : Mobile: ………………………………..

I request you to publish the following notice on CEAC for public awareness.

“…………………………………………………………………..

…………………………………………………………………………

……………………………………………………………………………

This notice shall be displayed for ….. Months.

I declare that the contents in the notice are true and correct. I understand that CEAC is only a service provider and I shall be solely responsible for any legal consequences arising out of the publication of this notice.

I request you to send the quote for publication of the notice.

CEAC_VPN Service is now extended to registration of IMEI devices. It is observed that the IMEI numbers are being cloned and used by criminals. The cloned number may belong to a genuine person who may be falsely implicated when his mobile number is misused. In order to provide a suitable defence, the genuine IMEI owners can register their IMEI devices along with proof of ownership.

Contact naavi for more information.