4.2 Workplace Ethics — Cybercrime, Plagiarism, Sexual Misconduct & Fraud
This lesson covers the four most serious workplace ethical violations that modern professionals — especially in the IT industry — must understand and avoid.
---
1. Cybercrime
Cybercrime is criminal activity that involves a computer or network. As IT professionals, computer-applications graduates must understand both how cybercrimes happen and the ethical obligation not to participate.
Types of cybercrime
| Type | Description |
|---|---|
| Hacking | Unauthorised access to systems |
| Phishing | Deceiving people into revealing credentials |
| Identity theft | Stealing personal data for fraud |
| Cyberstalking | Repeated harassment online |
| Data theft | Stealing confidential / personal data |
| Ransomware | Encrypting data and demanding payment |
| Malware distribution | Spreading viruses, trojans |
| Cyber-bullying | Online harassment, especially of vulnerable |
| Online fraud | Financial scams, fake e-commerce, fake jobs |
| Cryptocurrency scams | Fake projects, pump-and-dump |
| DDoS attacks | Overwhelming a service to make it unavailable |
| Insider threats | Employees stealing or sabotaging |
| Online child exploitation | Most serious; lifelong consequences |
| Cyber-terrorism | Attacks on critical infrastructure |
Indian legal framework
The IT Act 2000 (amended 2008) is India's primary law on cybercrime:
| Section | Offence | Penalty |
|---|---|---|
| §43 | Unauthorised access, data theft | Compensation up to ₹1 crore |
| §65 | Tampering with computer source code | 3 years imprisonment, ₹2 lakh fine |
| §66 | Hacking | 3 years, ₹5 lakh |
| §66B | Receiving stolen computer resource | 3 years |
| §66C | Identity theft | 3 years, ₹1 lakh |
| §66D | Cheating by personation | 3 years, ₹1 lakh |
| §66E | Privacy violation (e.g., recording private images) | 3 years, ₹2 lakh |
| §66F | Cyber-terrorism | Life imprisonment |
| §67 | Publishing obscene material | 5 years, ₹10 lakh |
| §72 | Breach of confidentiality | 2 years, ₹1 lakh |
Plus the Indian Penal Code (IPC), Companies Act, and DPDP Act 2023 for personal data.
Professional ethical obligations
As an IT professional, you have specific duties:
| Obligation | Detail |
|---|---|
| Don't access without authorisation | Even if you can technically, you shouldn't |
| Don't share credentials | Yours or others' |
| Don't pirate software | Use licensed versions |
| Don't write / spread malware | Even "for learning" — consequences are real |
| Report vulnerabilities responsibly | "Responsible disclosure" — to vendor first, not public |
| Respect privacy | Customer data is sacred; even one breach can sink a company |
| Don't profit from inside knowledge | E.g., trading on knowledge of unannounced bug |
| Strong password hygiene | Yours and the org's |
| Educate non-tech colleagues | About phishing, security |
Famous Indian cybercrime cases
- AIIMS Delhi ransomware attack (2022) — Hospital paralysed for 15+ days
- Mumbai bank fraud cases — Multiple, totalling ₹100+ crore
- 2018 Cosmos Bank heist — ₹94 crore stolen via coordinated global ATM withdrawals
- Aadhaar data leaks — Multiple instances of biometric data exposure
- Cryptocurrency scams — Multiple billion-rupee schemes shut down
These show: cybercrime is not abstract. Real people lose real money, real organisations are crippled, real careers are destroyed.
---
2. Plagiarism
Plagiarism is using someone else's work, ideas, or words as your own — without proper credit.
Types of plagiarism
| Type | Example |
|---|---|
| Direct copying | Word-for-word from another source |
| Paraphrasing without credit | Changing words but keeping the idea, no citation |
| Code copying | Copy-pasting code from Stack Overflow / GitHub without attribution |
| Self-plagiarism | Reusing your own previously submitted work |
| Image / Diagram copying | Using others' visuals without permission |
| Idea theft | Taking someone's concept and presenting as yours |
| Ghost-writing acceptance | Submitting someone else's work as yours |
| Mosaic plagiarism | Combining bits from multiple sources without credit |
| AI-generated text passed off as yours | Submitting ChatGPT output as your own work |
Why plagiarism is serious
| Reason | Detail |
|---|---|
| Academic dishonesty | Many universities expel for plagiarism |
| Career damage | A documented plagiarism case follows you |
| Industry consequences | Software companies dismiss employees for code plagiarism |
| Reputation loss | In academia and research, irrecoverable |
| Legal action | Copyright infringement is a crime |
| Erosion of original thinking | If everyone copies, no original work happens |
Indian academic context
Indian universities have increasingly strict plagiarism policies:
- UGC plagiarism regulations (2018) — defined tolerable similarity levels
- Most universities use Turnitin / iThenticate to scan submissions
- Penalties: from grade penalty (mild) to expulsion (severe)
How to avoid plagiarism
| Practice | Detail |
|---|---|
| Cite sources | For every fact, idea, quote, image |
| Use quotation marks for direct text | If under 40 words |
| Block-quote longer passages | And cite |
| Paraphrase fully — change structure too | Not just synonyms |
| Use citation managers | Zotero, Mendeley, EndNote |
| Check with plagiarism tools | Before submission |
| Document your process | Note where each piece came from |
| For AI — be transparent | If you used ChatGPT, say so |
| Build original analysis | Even if facts are borrowed, your interpretation is yours |
Code-specific guidance
For programmers:
- Open-source licences matter — MIT, GPL, Apache impose different obligations
- Attribution comments — when adapting open-source code
- Don't paste production code into Stack Overflow / public forums — confidentiality
- In interviews — clearly say "I'd reference X for this part" — interviewers respect honesty over false claims of solo expertise
---
3. Sexual Misconduct at the Workplace
Sexual misconduct in any form is illegal, deeply harmful, and career-ending for perpetrators.
This is an unavoidable topic — and IT students need to enter the workplace with clarity.
Forms of sexual misconduct
| Form | Description |
|---|---|
| Verbal harassment | Comments about appearance, body, sexual jokes |
| Visual harassment | Inappropriate images, gestures, leering |
| Physical harassment | Unwanted touching, brushing, blocking path |
| Quid pro quo | "Sleep with me and you'll get promoted" |
| Hostile environment | Pattern that makes workplace uncomfortable |
| Cyber-harassment | Inappropriate messages, photos, calls |
| Sexual assault | Most serious; criminal |
| Stalking | Following, repeatedly contacting |
Indian legal framework
The Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013 ("POSH Act"):
| Provision | Detail |
|---|---|
| Definition | Includes unwelcome physical, verbal, visual, sexual conduct |
| Coverage | All workplaces (organised + unorganised) with 10+ employees |
| Internal Committee (IC) | Mandatory; at least 50% women members; external member |
| Complaint process | Written complaint within 3 months of incident |
| Inquiry | Time-bound; both parties heard |
| Penalties on perpetrator | Warning, transfer, suspension, termination, monetary penalty |
| False complaints | Also addressed (with caution — most complaints are real) |
Plus IPC Sections 354A (sexual harassment), 354 (assault), 509 (insulting modesty).
Note: While the POSH Act focuses on women, sexual harassment of men and transgender persons is also recognised under general criminal law.
What every professional must understand
| Principle | Detail |
|---|---|
| Consent is everything | If unclear, don't proceed; check in |
| Power dynamics matter | A senior pursuing a junior is rarely truly consensual |
| No means no | First time, every time |
| Workplace is a workplace | Romantic pursuits are largely inappropriate |
| Silence is not consent | Just because someone didn't object loudly |
| Repeat behaviour after first decline = harassment | One ask, decline received, drop it |
| Comments about appearance | Even "compliments" can be inappropriate at work |
| Touching | Don't, unless professionally necessary (handshake) |
| Out-of-office settings | The rules still apply at office parties, dinners |
What to do if you witness or experience harassment
| Action | Detail |
|---|---|
| Document | Date, time, what happened, witnesses |
| Report to IC | Internal Committee per POSH Act |
| Report to HR | Parallel channel |
| Inform a trusted senior | For backup |
| External: police complaint | If criminal |
| External: Local Committee | District-level if employer's IC fails |
| Counselling | Many companies and external organisations |
| Support network | Family, friends, women's organisations |
The cost of staying silent is often greater than the cost of speaking up. Companies that handle complaints well retain their best talent; those that don't lose people in slow drips.
What every employee should know
- POSH training is mandatory for many employees — take it seriously
- Internal Committee details are usually posted; know who they are
- External resources — NCW (National Commission for Women), Sakhi One-Stop Centres
- Anonymous reporting options exist at many companies
---
4. Fraudulent Use of Institutional Resources
Fraudulent use of institutional resources = misuse of company / institutional resources for personal gain or in violation of policy.
Common forms
| Form | Example |
|---|---|
| Time theft | Doing personal work on company hours; faking attendance |
| Expense fraud | Inflated travel claims, personal expenses billed to company |
| Asset misuse | Personal use of company vehicle, laptop, software |
| Data misuse | Using customer data for personal purposes |
| Side businesses on company time | Running another business during work hours |
| Intellectual property theft | Taking company IP to next job / competitors |
| Bribery | Accepting / offering bribes |
| Kickbacks | Vendor bribes for inflated orders |
| Fake invoicing | Creating phony bills for personal gain |
| Cookie-jar accounting | Manipulating financial records |
| Ghost employees | Fake employees collecting salary |
| Procurement fraud | Inflated tenders, fake vendors |
| Sale of confidential information | Insider trading, leaked tenders |
Why this matters
| Reason | Detail |
|---|---|
| It's stealing | From the organisation and all stakeholders |
| Career-ending | Termination + criminal prosecution + reputation damage |
| Industry blacklisting | Background checks turn up the history |
| Legal action | Companies pursue civil and criminal cases |
| Tax implications | Undisclosed personal use → tax issues |
| Erosion of trust | Affects all employees, not just perpetrator |
Specific examples — the temptation traps
| Situation | Tempting Wrong | Right |
|---|---|---|
| Long-distance call to family on office phone | "Just one call" | Use personal phone |
| Print 500 pages of personal book on office printer | "They won't notice" | Print at home / paid service |
| Bill restaurant dinner with friend as client meeting | "Easy expense report" | Pay yourself |
| Take office laptop on personal vacation | "It's there anyway" | Use personal device |
| Free pizza ordered for team meeting, taken home | "Leftovers will be wasted" | Within reason, but don't make a habit |
| Download free books via company internet | "Educational" | Should be policy-compliant |
| Use office WiFi for personal heavy streaming | "Bandwidth is unlimited" | Reasonable personal use OK |
Pattern recognition — these are small. Each individually trivial. But:
- They erode integrity
- They normalise larger violations later
- They create habits
The discipline: don't even start small. Pay your own way, use your own time, respect company resources as you would a friend's.
---
Common Pattern Across All Four
| Cybercrime | Plagiarism | Sexual Misconduct | Fraud |
|---|---|---|---|
| Treating others' digital assets as yours | Treating others' work as yours | Treating others' bodies / dignity as accessible | Treating others' resources as yours |
The root pattern is the same: violating others' boundaries / rights for personal gain.
The antidote is also the same: right understanding — that you are part of a system of mutual fulfilment, where exploiting others ultimately costs you.
---
Workplace Ethics Code — Personal Commitment
After studying this lesson, consider drafting a personal commitment:
"I commit to: - Honesty in my code, my work, my relationships - Respect for every person at every level - Confidentiality of information entrusted to me - Original work in all academic and professional submissions - Treating all colleagues — regardless of gender, level, background — with dignity - Reporting wrongdoing I witness, even at personal cost - Right use of organisational resources - Cultivating these values daily, not just when convenient"
Sign and date it. Revisit it when tested.
---
Key Terms — Lesson 4.2
This is the most exam-heavy lesson of Unit IV. Most PYQs ask for definitions of cybercrime, IT Act sections, plagiarism types, POSH Act provisions, and fraud forms; deploy these terms with precise legal citations.
Cybercrime — Criminal activity that involves a computer or network — either as the target (hacking, ransomware) or as the tool (online fraud, identity theft, cyberstalking). India's primary law is the Information Technology (IT) Act, 2000, supplemented by the IPC and the DPDP Act 2023; cybercrime is rising rapidly with digitalisation.
Information Technology Act, 2000 — India's primary cybercrime law, enacted 9 June 2000 and amended 2008. Key sections: §43 (compensation for unauthorised access up to ₹1 crore), §65 (tampering with source code, 3 years), §66 (hacking, 3 years), §66C (identity theft, 3 years), §66D (cheating by personation), §66E (privacy violation), §66F (cyber-terrorism, life imprisonment), §67 (obscene material), §72 (breach of confidentiality).
Hacking (§66 IT Act) — Unauthorised access to a computer system or network — whether for theft, sabotage, espionage, or "just curiosity". Hacking is punishable by up to 3 years imprisonment and ₹5 lakh fine under §66; even ethical hacking ("white hat") must be done with explicit written authorisation to avoid prosecution.
Phishing — Deceiving people into revealing credentials — usually through fake emails, fake login pages, or fake calls impersonating banks, payment apps, or employers. Phishing is prosecuted under §66D (cheating by personation) of the IT Act; it is the most common cybercrime vector and the cause of most banking frauds in India.
Identity Theft (§66C IT Act) — Fraudulent use of someone's password, digital signature, or unique identifier — Aadhaar, PAN, bank credentials, OTPs — to impersonate them online. Punishable by up to 3 years and ₹1 lakh fine; in the Aadhaar era it can enable massive downstream fraud through linked services.
Ransomware — Malicious software that encrypts a victim's data and demands payment for the decryption key. The AIIMS Delhi attack (November 2022) paralysed India's premier hospital for 15+ days; the Cosmos Bank heist (2018) drained ₹94 crore through coordinated global ATM withdrawals. Ransomware payments are themselves often illegal (sanctions, anti-money-laundering laws).
Malware — Malicious software designed to damage, disrupt, or gain unauthorised access — viruses, worms, trojans, spyware, rootkits, keyloggers. Writing or distributing malware (even "for learning") is punishable; many young careers have been ended by university-era malware experiments that turned out to have real-world consequences.
DDoS Attack — Distributed Denial of Service — overwhelming a service with traffic from many compromised machines to make it unavailable to legitimate users. DDoS attacks against payment platforms, government portals, and critical infrastructure are punishable under §66F (cyber-terrorism) when they target essential services.
Cyber-terrorism (§66F IT Act) — Attacks on critical information infrastructure — power grids, banking, defence, healthcare — with intent to threaten the unity, integrity, security, or sovereignty of India. The only IT Act offence carrying life imprisonment; one of the very few non-compoundable sections.
Responsible Disclosure — The ethical practice of reporting a discovered vulnerability privately to the vendor before any public disclosure — giving them time to fix it. Responsible disclosure is the boundary between security researcher and criminal; most bug-bounty programs (Google, Microsoft, Indian government's NCIIPC) operationalise it.
Plagiarism — Using someone else's work, ideas, or words as your own — without proper credit. Plagiarism violates asteya (non-stealing) at the intellectual level; modern academic and professional sanctions range from grade penalty to expulsion to termination. Indian universities use Turnitin and iThenticate to scan submissions.
UGC Plagiarism Regulations, 2018 — The University Grants Commission's regulations defining tolerable similarity levels in Indian higher education: up to 10% similarity is exempt; 10-40% triggers revision; 40-60% requires resubmission after 6 months; over 60% triggers expulsion or worse. Apply to dissertations, theses, and published research.
Self-Plagiarism — Reusing your own previously submitted work in a new submission without disclosure — recycling a college assignment for a different course, or reusing a paper for a new conference. Self-plagiarism is academic dishonesty even though no one else's work is taken; transparency is the cure.
Code Plagiarism — Copying code from Stack Overflow, GitHub, or colleagues without attribution or licence compliance. Open-source licences (MIT, GPL, Apache, BSD) impose specific obligations; ignoring them creates legal liability for the employer. Production-code copying without permission has cost careers and triggered lawsuits.
Sexual Harassment — Unwelcome sexual conduct — physical, verbal, visual, or digital — that creates a hostile workplace or is used as a basis for employment decisions. Sexual harassment in the Indian workplace is governed by the POSH Act, 2013 and IPC Sections 354A, 354, 354B, 354C, 354D, 509.
Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013 (POSH Act) — India's dedicated workplace-harassment law, enacted following the Vishakha v. State of Rajasthan (1997) Supreme Court guidelines. Mandatory Internal Committee (IC) for workplaces with 10+ employees (at least 50% women members plus external NGO member); written complaint within 3 months; time-bound inquiry; penalties from warning to termination.
Internal Committee (IC) — The mandatory in-house body established under the POSH Act to receive and inquire into sexual-harassment complaints. The IC must have a presiding female officer, at least 50% women members, and one external member from an NGO familiar with women's-rights issues. Knowing your IC is part of basic workplace literacy.
Quid Pro Quo Harassment — A form of sexual harassment where employment benefits are tied to sexual favours — promotion, project allocation, performance ratings, threats of dismissal. Quid pro quo cases are typically the easiest to establish under POSH because the linkage is explicit; they are also the most egregious abuses of power.
Hostile Work Environment — A pattern of unwelcome conduct — comments, jokes, images, gestures — that makes the workplace intimidating, offensive, or oppressive. Hostile environment cases require pattern evidence rather than a single incident; courts have held that the cumulative effect can be as actionable as quid pro quo.
Vishakha Guidelines (1997) — The Supreme Court guidelines issued in Vishakha v. State of Rajasthan — India's first formal recognition of workplace sexual harassment as a violation of fundamental rights (Articles 14, 15, 19, 21). The Vishakha Guidelines operated for 16 years until the POSH Act 2013 codified and expanded them.
Fraudulent Use of Institutional Resources — Misuse of company or institutional resources for personal gain or in violation of policy — time theft, expense fraud, asset misuse, IP theft, bribery, kickbacks, fake invoicing. These violate asteya (non-stealing) and the trusteeship principle; they end careers when caught and corrupt culture when tolerated.
Time Theft — Doing personal work on company time — running side businesses, attending to personal calls excessively, fake attendance, leaving early while claiming full hours. Time theft is the most common workplace fraud; over a career it can amount to years of salary received without work delivered.
Bribery and Kickbacks — Offering, accepting, or facilitating payments to influence professional decisions — vendor selection, contract awards, regulatory approvals. India's Prevention of Corruption Act, 1988 (amended 2018) and Companies Act, 2013 prosecute bribery; international compliance (US FCPA, UK Bribery Act) also affects Indian IT exporters.
Intellectual Property Theft — Taking company IP — code, designs, customer lists, trade secrets — to a competitor or new venture. India's Copyright Act, 1957, Patents Act, 1970, and Trade Secrets under contract law cover this; standard employment contracts include non-disclosure and non-compete clauses, and IP-theft cases regularly produce criminal and civil action.
---
Study deep
- Workplace ethics is increasingly enforced. Cybercrime, plagiarism, sexual harassment, fraud — once "career risks", now have specific laws, internal committees, mandatory training, severe penalties. Awareness alone is not enough; alignment is required.
- The IT industry has specific risk profiles. Cybercrime risk is highest in IT. Plagiarism risk is highest in code-heavy roles. Sexual misconduct exists everywhere but workplace dynamics in IT (mixed-gender teams, late hours, travel) demand particular care.
- One incident can end a career. Especially in cybercrime, sexual misconduct, and fraud. Background checks are increasingly thorough. Reputations spread fast in the era of social media.
- The right culture matters. Working at a company with strong ethics is more important than salary alone. Toxic cultures pressure even good people into compromises. Choose where you work carefully.
- Personal integrity is portable. Skills are valuable but lose value over decades. Integrity compounds — and at the senior career stage, it is often what separates the trusted leader from the technically-skilled rejected one.
Common exam question (very high frequency): "Discuss workplace ethics: cybercrime, plagiarism, sexual misconduct, fraud." — One section per topic; definition, examples, Indian legal framework (IT Act, POSH Act, UGC plagiarism rules), professional obligations; common pattern (violating boundaries for personal gain).
Common exam question: "What is cybercrime? Discuss its types and legal framework in India." — Define; 10 types (hacking, phishing, identity theft, ransomware, etc.); IT Act 2000 sections (§43, §65, §66, §66B, §66C, §66F, §67); IT professional's ethical obligations.
Common exam question: "What is plagiarism? How to avoid it?" — Define; 8 types (direct, paraphrasing, code, self, image, idea, ghost, AI-generated); how to avoid (cite, quote, paraphrase fully, citation managers, plagiarism tools); code-specific guidance.
Common exam question: "Discuss the POSH Act 2013 and its provisions." — Title; coverage (10+ employees); Internal Committee; complaint and inquiry process; penalties; need for awareness in modern workplaces.
Common exam question: "What is fraudulent use of institutional resources?" — Define; 8-10 forms (time theft, expense fraud, asset misuse, IP theft, bribery, kickbacks, fake invoicing); examples; pattern of small violations becoming habits.
Worked Example — A code-plagiarism temptation
Situation: Under a deadline, a developer finds a working solution on Stack Overflow / GitHub and is tempted to copy-paste it straight into production code, without attribution or checking the licence.
Analyse it: This is code plagiarism — using someone else's work as your own without proper credit — a form of asteya (non-stealing). The lesson warns that open-source licences (MIT, GPL, Apache) impose different obligations, and that copying without attribution or licence compliance creates legal liability for the employer and has cost careers and triggered lawsuits.
The right response:
- Check the licence and comply with its terms; add an attribution comment when adapting open-source code.
- Do not paste confidential production code into public forums.
- Build your own original analysis and adaptation rather than passing the copied work off as solely yours.
Outcome: The work is delivered honestly, the employer faces no licence liability, and the developer's integrity — and career — is protected.
Self-check
- Name the four most serious workplace ethical violations covered in this lesson. (cybercrime, plagiarism, sexual misconduct, fraudulent use of institutional resources)
- Which Indian law is the primary framework for cybercrime, and which section carries life imprisonment? (the IT Act, 2000; §66F — cyber-terrorism)
- Define plagiarism, and name the intellectual value (Sanskrit) it violates. (using someone else's work, ideas, or words as your own without proper credit; it violates asteya — non-stealing)
- Under the POSH Act 2013, within how many months must a written complaint be filed, and what is the minimum women's representation on the Internal Committee? (within 3 months of the incident; at least 50% women members)
- Name four forms of fraudulent use of institutional resources. (any of: time theft, expense fraud, asset misuse, data misuse, IP theft, bribery, kickbacks, fake invoicing, ghost employees, procurement fraud)
- What single root pattern, and what antidote, do all four violations share? (root pattern: violating others' boundaries / rights for personal gain; antidote: right understanding — that you are part of a system of mutual fulfilment)