As India's telecom sector developed, telephone-related services such as phone banking are more readily available over the phone. Better technology necessitated better infrastructure, and with SIM cards, transformation became a requirement. To access 4G services, users must replace their old 3G SIM card with a service provider's 4G SIM card. This is a genuine case of a SIM swap.
The customer then requests the service provider to disable their old SIM and replace it with a fresh one activated in a few hours. Mobile phones are jam-packed with apps and information, including contact lists, photographs, and more like emails and Short Message Services (SMS). SMS is used to communicate financial information such as Automated Teller Machine Alerts for ATM withdrawals and one-time passwords that banks send out like one-time passwords (OTPs) for net banking transactions. This makes users especially vulnerable to SIM swapping.
Did you know? Several high-profile hacks have taken place using SIM swapping, consisting of a few on the social media websites like Instagram and Twitter. In 2019, Twitter CEO Jack Dorsey's Twitter account was hacked through this method.
What is SIM swap fraud?
Mobile numbers have become a customer's identity, and many services, including banking services, are now available via mobile. Many security features have been built around mobile numbers, such as transaction messages, One-Time Passwords for financial transactions, Net Secure Code, and so on. Such information is critical for scamsters who wish to defraud customers. In SIM-Swap Frauds, fraudsters attempt to obtain duplicate SIM cards from telecom carriers under the guise of a misplaced SIM or with the help of their personnel and then gain access to the bank's secret information.
Also read: What is Bharat BillPay?
How does SIM fraud work?
Fraudsters use the SIM switch approach to steal your financial info by blocking off your SIM card and changing it with a fake one. They do that through your carrier provider, and they get a brand-new SIM card for your registered cell range from your provider company. This way, as soon as the SIM is swapped, they get access to your OTPs, financial accounts, and card-related messages, which they use to commit the fraud.
There are two steps to this fraud, Net banking fraud and SIM Swap.
- Net banking Fraud: Fraudsters ship you an innocent-looking Trojan or malware and get access to your bank account basic details and your cell number. Then they call you and pose as your provider or company seller and ask for your information.
- Sim Swap Fraud: Many unsuspecting victims give away their information without a second thought. The fraudsters approach the provider company (posing as you, with mock papers) to switch the SIM. After verification, the provider company deactivates the old SIM in your cell. The fraudsters get a brand-new active cell SIM card. And then your SIM card has no network. Afterwards, all of your financial SMS, OTP messages, and different financial alerts or transaction confirmations arrive on the new active card, and it falls into the hands of fraudsters.
It is a 2-step fraud in which the fraudsters first get your financial institution info through phishing emails or malware or Trojans, after which they block your SIM through the SIM swap approach.
SIM swapping involves a user being targeted. Attackers collect as much information as possible on the victim. The attackers then impersonate the victim and requests for a new SIM card. The attacker now controls a device with the user SIM and thereby gains access to the victim’s bank accounts.
The method adopted for SIM Swap Fraud
The fraudster acquires the victim's bank account details and registered mobile phone number through social engineering techniques such as phishing, vishing, and smishing. Then, masquerading as the victim with a fake ID, they go to the cell operator's store to have the genuine SIM banned. Following verification, the operator deactivates the real customer's (victim's) SIM card and issues a new SIM card to the fictitious client (fraudster). Now, utilizing the banking information obtained through Phishing/Vishing operations, the fraudster can obtain OTPs with the new SIM and perform fraudulent transactions on the victim's debts.
What should we know about SIM Swap Fraud?
Phishing is an email fraud approach wherein fraudsters send out genuine-looking emails or internet site links. It is a try to acquire your private and financial information. As far as step two goes, do not give away your information to anyone for any reason whatsoever. If you notice no carrier for your SIM, contact the carrier issuer at the earliest. Like it or not, there is not anything much you may do out of your side other than being extra vigilant.
How can we protect ourselves from this fraud?
- Be wary of social engineering techniques like vishing, phishing, and smishing, which are designed to steal your personal and private information.
- Inquire with your cell operator right away if your phone number is inactive or out of range for unspecified reasons or for a long time.
- Change your bank account password as soon as possible to avoid the worst-case situation.
- You can sign up for email alerts in addition to regular SMS for your banking transactions. This ensures that even if your SIM is deactivated, you will continue to get alerts through email.
- Check your bank account statement regularly to ensure that you made the transactions listed therein.
- In the event of fraud, reach out to your bank as soon as possible to get your account frozen and prevent further fraud.
Some famous incidents/frauds involving SIM swap fraud
Several high-profile hacks have taken place using SIM swapping, consisting of a few on the social media websites like Instagram and Twitter. In 2019, Twitter CEO Jack Dorsey's Twitter account was hacked through SIM swapping.
In May 2020, a lawsuit was filed towards an 18-year-old Irvington High School senior in Irvington, New York, Ellis Pinsky, who was accused with 20 co-conspirators of swindling virtual currency investor Michael Terpin – the founder and chief government officer of Transform Group. An amount of $23.8 million in 2018 was siphoned when the accused was 15 years old through the usage of information stolen from smartphones through SIM swaps. The lawsuit was filed in federal court in White Plains, New York, and requested triple damages.
SIM Swap frauds are on the rise in India as well. Several SIM card swapping have been reported in the last few years. One of the latest instance of such a case was that of Abhishek Chaudhary, the manager of Sugal and Damini Utilities Private Limited, who was allegedly involved in transferring money from bank accounts by transferring sims, with one victim reporting ₹ 9.94 Lakhs were siphoned from their bank account.
We hope that this article is useful for you in knowing about the SIM swap fraud, its meaning, the method adopted by fraudsters, and how to prevent this fraud. In case of any clarification, you can contact us at Khatabook.
Kindly report the case to either your card issuing bank or reach out to the nearest Cybercrime. Send an email to firstname.lastname@example.org to report the case.
Important: Never share OTPs, PINs, or any other codes that you receive via SMS or other channels. Never share your Account Number or Credit and Debit Card details on a public platform.