AI IN COMBATING PHISHING AND SOCIAL ENGINEERING: A LEGAL PERSPECTIVE
AUTHOR – PREETI & DR. MOHIT KANWAR, LL.M. (MASTER OF LAWS)* & ASSISTANT PROFESSOR**, UNIVERSITY INSTITUTE of Legal Studies, Chandigarh University, Mohali, Punjab, India.
BEST CITATION – PREETI & DR. MOHIT KANWAR, AI IN COMBATING PHISHING AND SOCIAL ENGINEERING: A LEGAL PERSPECTIVE, INDIAN JOURNAL OF LEGAL REVIEW (IJLR), 4 (4) OF 2024, PG. 455-465, APIS – 3920 – 0001 & ISSN – 2583-2344.
Abstract
Cyber threats like phishing and social engineering are very popular in India, where weak technical vulnerabilities are taking advantage of psychological vulnerabilities and thus causing financial and privacy losses. Conventional legal measures under the Information Technology Act, of 2000, struggle to catch up with the intelligent nature of these attacks, and AI has become a tool of paramount importance in cybersecurity. Machine learning, natural language processing, behavioural analytics, and other AI technologies can recognize phishing and manipulation in real-time—powerful solutions. But building AI systems to achieve these goals requires complicated legal and ethical questions, particularly around data privacy, accountability, and visiting regulatory compliance. Some of these concerns are addressed in India’s “Digital Personal Data Protection Act, 2023” (DPDPA), but they also need some AI-specific guidance. In this paper, I investigate how AI and the law intertwine in Indian cybersecurity, evident in the present legal terrain and global norms, and suggest reforms. We provide key suggestions for how a liability framework for using AI against cyberterrorism, transparent sharing of data within organizations, and formation of public-private partnerships for proactive, balanced AI in cybersecurity could be achieved. By taking these steps, India can harness the power of AI to fight cybercrime without compromising ethics and the law.
Keywords – Phishing, Social Engineering, Artificial Intelligence, Cybersecurity, Data Privacy, Information Technology Act, Digital Personal Data Protection Act, Machine Learning